Muhammed Camara
IT Risk & Cybersecurity Engineer (Banking & Fintech Focus) Β· Software Developer Β· Penetration Tester
π Tallinding, The Gambia
π§ c3m2r4@gmail.com
π GitHub Β· LinkedIn
Cybersecurity and IT Risk professional focused on securing enterprise banking environments, conducting penetration testing, and implementing secure software engineering practices.
Key focus areas:
- Enterprise vulnerability management
- API & mobile application security
- Active Directory security & attack simulation
- DevSecOps integration and automation
- IT risk governance (ISO 27001 / NIST / OWASP)
- Testing: Penetration Testing (Web, Mobile, API, Cloud), Vulnerability Assessment & Management
- Operations: SIEM Monitoring, Incident Analysis, Active Directory Security & Privilege Escalation
- Compliance: Network Security Hardening, Risk Exception Management, ISO 27001 / NIST frameworks
- Backend: Secure backend development (Laravel, Node.js, PHP), API design & security implementation
- Engineering: Secure SDLC practices, CI/CD security integration, Linux system administration
- Security: Burp Suite, Nessus, Metasploit, OWASP ZAP, BloodHound
- Monitoring: Wazuh, Security Onion, Grafana, Prometheus
- Development: Laravel, Express.js, React, PHP, JavaScript, Python, Bash
- Infrastructure: Linux, Windows Server, Active Directory, Apache, Nginx, Docker, Git
Bloom Bank Africa Gambia Limited | Mar 2025 β Present
- Conduct enterprise vulnerability assessments across banking systems.
- Lead remediation tracking for critical vulnerabilities.
- Perform API and mobile application security testing.
- Develop System Security Plans (SSP) aligned with ISO/NIST.
- Support continuous monitoring and risk governance frameworks.
The Web Way | Nov 2023 β Present
- Built secure REST APIs and backend systems.
- Developed web applications using modern frameworks.
- Implemented authentication, encryption, and security controls.
Gambia Cybersecurity Alliance | Feb 2022 β Present
- Conduct penetration testing and security audits.
- Perform vulnerability assessments and system hardening.
- Support Linux-based security environments.
Independent | 2019 β Present
- Web, mobile, API, and infrastructure security testing.
- Security reporting and remediation consulting.
- Mobile Banking Security Assessment: Authentication & Encryption Review.
- Banking API Penetration Testing Framework: Tailored API vulnerability scanning templates.
- Active Directory Attack Simulation Lab: Local AD environment testing using BloodHound.
- AI Security Assistant: Local LLM workflow integration via Ollama deployment.
- Secure DevSecOps Pipeline Automation & Risk Monitoring Dashboards.
- SIEM / Logging: Wazuh, Security Onion
- Metrics / Visualization: Prometheus, Grafana
- Environments: Active Directory Attack Lab, Linux Hardening Sandbox
- π₯ Winner β ECOWAS National CTF (2021)
- π Finalist β ECOWAS International CTF (2023)
- Google Cybersecurity Professional Certificate
- Data Science Bootcamp
- Computing Science (Level 4β6 in progress)
π Languages: English π¬π§ Β· Wolof πΈπ³ Β· Mandinka π¬π²
βI donβt just find vulnerabilities β I design systems that prevent them.β