Stanley Kaaya
Kampala
Summary
Dynamic cybersecurity leader with extensive experience, excelling in risk management and incident response. Proven track record in implementing robust security strategies and enhancing organizational security posture. Adept at leveraging advanced technologies and fostering collaboration across teams to achieve significant improvements in security compliance and operational efficiency.
Overview
13
13
years of professional experience
1
1
Certification
Work History
Lead Consultant Information Technology & Cyber Security
MSK Consults
Kampala
10.2024 - Current
- Budget management for Technology and Information security as well as Implementation of technology and Information Security controls across the entire estate.
- Lead our clients Digital Transformation Journey as well as all matters cyber and Information Security.
- Oversee the successful delivery of all Information Technology Projects and support all penetration tests and technology audits while ensuring timely closure of all findings for our clients.
Head Information & Cyber Security
Dfcu Bank
Kampala
11.2022 - 10.2024
- Managed information security budgets.
- Supported penetration tests and audits, ensuring timely closure of findings.
- Assessed cost-benefit of security controls.
- Implemented the bank's Information Security Strategy.
- Collaborated with Risk, Compliance, and IT for security guidance on projects.
- Drafted and operationalized security policies and and other governance matters while enforcing security standards through risk assessments.
- Oversaw technology audits and penetration testing, emphasizing timely closure of all findings.
- Enhanced and delivered key technology security solutions.
- Monitored external threats and implemented mitigation.
- Partnered with IT to develop and maintain secure solutions.
- Provided management oversight with monthly security posture reports.
- Oversaw security awareness programs.
- Guided security incident response and investigations.
- Identified new security solutions to enhance posture.
- Provided input to the Change Approval Board for technology changes.
- Collaborating with infrastructure, network, application, and service operation teams to ensure effective security integration.
- Access management for total bank.
Manager Cyber Security Ops & Digital Forensics
Standard Bank (Stanbic Bank Uganda)
Kampala
06.2017 - 11.2022
- Conducted cybersecurity resilience assessments and attack path mapping.
- Supported penetration tests and audits, ensuring timely resolution of all findings.
- Implemented cybersecurity capabilities including EDR, MDI, firewalls, intrusion detection/prevention, SIEM (Qradar/Splunk), and logging.
- Managed a 24/7 SOC, addressing suspicious activities and maintaining a case management tool with evidence trails.
- Implemented effective logging for threat detection and IR.
- Oversaw log management, ensuring protection and retention compliance.
- Routinely reviewed critical audit trails for exceptions.
- Reported and provided solutions for new attack types.
- Managed vulnerability and patching.
- Supported digital forensics for investigations, adhering to chain of custody.
- Documented and reported investigation findings.
- Followed up on closure of technology RCSAs and KRIs.
- Collaborated with IT teams to ensure effective security integration.
- Continuously monitored for critical incidents and supported cyber incident response.
- Managed privileged user access.
- Achieved departmental goals through strategic planning and metrics.
- Conducted market research to improve customer satisfaction.
- Enhanced team productivity using agile methods.
- Streamlined project delivery, reducing time to market.
Forensic & Information Security Analyst
MTN Uganda
Kampala
11.2014 - 06.2017
- Information security assurance.
- Conducting audit engagements for forensics.
- Performing digital investigations and security reviews.
- Executing risk assessments for production environment deployments.
- Testifying in court regarding forensic findings under cross-examination.
- Collecting and analyzing security event information, including breach analysis and damage assessment.
- Developing scripts to detect and prevent internal and cyber security breaches affecting mobile operations.
- Reviewing internal financial systems and mobile money logs.
- Applying forensic practices: evidence gathering from computers, phones, and network devices; proficient with Linux and Windows forensic artifacts.
- Collaborating with Infrastructure, Networks, Application, and Service Operation teams to integrate effective security measures.
- Managing Business Continuity Planning and Disaster Recovery testing and assessments.
Network & Data Communications Engineer
Huawei Technologies
Kampala
01.2014 - 11.2014
- Perform network security assessments at customer sites (MTN, Airtel, and Africell).
- Conduct site surveys for 2G, 3G, WiMAX, Wi-Fi, and LTE technologies.
- Supervise subcontractors during equipment installation at customer locations.
- Execute network installations and configurations across all routers and switches.
- Configure services (2G, 3G, WiMAX, Wi-Fi, LTE, etc.) across the network for customers.
- Assess and replace malfunctioning equipment.
- Troubleshoot IP Radio Access Network outages and advise customers on solutions.
- Modify existing network configurations based on customer requests to enhance performance.
- Manage network patching on nodes to correct errors and improve service performance.
- Develop solutions for customer needs, such as L2 and L3 VPNs.
- Plan and implement network redundancy and test it through annual Business Continuity Planning and Disaster Recovery exercises.
- Reporting.
Command Center Engineer
Wipro Technologies
Kampala
05.2012 - 01.2014
- Offering level 1 support for UNIX, Windows, Network and Oracle.
- 24/7 monitoring of the Data center systems and the hosted systems as well as services to ensure maximum availability and minimum downtime of all the services as per the contracted SLA.
- Log and follow up on closure of all tickets associated with incidents (major and minor) in the Remedy service management tool.
- Perform legitimate escalations to level 2 support for cases where level 1 support has failed to mitigate the incident.
- Participate in the Business Continuity Planning and Disaster Recovery activities in compliance with organizational policy and ensure the organization can continue serving customers in the event of a disaster.
- Drafting and reporting of capacity management reports to aid business and management forecast and plan for future IT infrastructure requirements.
Education
Bachelor of Science - Computer Science
Makerere University
Kampala01.2013
High School Diploma -
Mengo Senior School
Kampala, Uganda11.2008
Ordinary Level Certificate -
St. Mary's College Kisubi
Wakiso11.2006
Primary Leaving Examination Certificate - PLE -
St. Savio Junior School Kisubi & Iganga Boys
Wakiso & Iganga, Uganda11.2002
Skills
- Customer service and leadership
- Communication skills
- Operating systems
- Network security and cybersecurity
- Risk management and vulnerability assessment
- Data analysis
- Cloud computing
- Incident response
- Programming (Rust)
- Database management
- Encryption techniques
- Firewall management
- Intrusion detection systems
- Networking protocols
- Regulatory compliance and guidelines
- Troubleshooting expertise
- Automation implementation strategies
- SIEM administration and monitoring
- Access management systems
- Global legal frameworks and standards
Certification
- 12/2021, ISO/IEC 27001:2013 (Lead Implementer), IN/12171/121542
- 04/2020, AZ-900, H401-8436
- 12/2019, Certified Information Systems Security Professional (CISSP), 697643
- 12/2018, SAFE 4d Practitioner
- 05/2016, Certified Fraud Examiner
- 07/2014, ITIL v4 Cert
- 07/2013, Cisco Certified Network Associate (CCNA), 414854171307BOXN
Accomplishments
- Switch from ITM to CR2 at DFCU Bank for the core switch in 2024.
- Cyber security maturity assessment at DFCU Bank in 2023.
- Pioneering and creation of an organizational risk register at DFCU in 2022 upon joining the organization to track and close raised risks.
- ISO 27001:2013 certification awarded to Stanbic Bank Uganda in 2022. First bank in Uganda to get certified.
- Pioneering third-party cyber risk management at Stanbic in 2022 ensuring oversight on critical controls status on critical partners (3rd parties).
- Pioneering and creation of an organizational risk control self-assessment register at Stanbic Bank in 2018.
- Successful completion of the Data Center remediation project in 2017.
- Setting up a Digital Forensics Laboratory in 2016 at MTN Uganda.
- Mobile Money change from Fundamo to Ericsson's ECW wallet in 2015 at MTN.
- Pioneering Continuous Controls Monitoring at MTN in 2016.
- Implementation of 3G and 4G networks while at Huawei in 2014 for our clients in MTN Uganda, Airtel Uganda and Africell Uganda respectively.
References
- Mr. Mutumba George Martin, Managing Partner, MSK Consult, gmutumba@msk-associates.com, +256-777826002
- Mr. Keith Kayondo, Head Enterprise Architecture, Stanbic Bank Uganda, kayondok@stanbic.com, +256-740259113
- Naturinda Makuru Hosea, Chief Cyber Analyst, African Development Bank Group, h.naturinda@afdb.org, +256-774546226
Timeline
Lead Consultant Information Technology & Cyber Security
MSK Consults
10.2024 - Current
Head Information & Cyber Security
Dfcu Bank
11.2022 - 10.2024
Manager Cyber Security Ops & Digital Forensics
Standard Bank (Stanbic Bank Uganda)
06.2017 - 11.2022
Forensic & Information Security Analyst
MTN Uganda
11.2014 - 06.2017
Network & Data Communications Engineer
Huawei Technologies
01.2014 - 11.2014
Command Center Engineer
Wipro Technologies
05.2012 - 01.2014
Bachelor of Science - Computer Science
Makerere University
High School Diploma -
Mengo Senior School
Ordinary Level Certificate -
St. Mary's College Kisubi
Primary Leaving Examination Certificate - PLE -
St. Savio Junior School Kisubi & Iganga Boys