Kelvin Magora | Cybersecurity Professional

01

About me

I'm Kelvin Magora — a cybersecurity professional with a strong academic foundation and proven impact across vulnerability management, SOC operations, detection engineering, and cloud security.

I've delivered results that matter to organisations: 100% elimination of critical vulnerabilities for a server team, reduced brute force incidents to zero through smart infrastructure controls, and improved threat visibility for over 1,000 users monthly at a financial institution.

My work bridges offensive and defensive security — I understand attack paths, and I use that knowledge to build defences that actually hold. Whether engineering detection rules in Microsoft Sentinel, hunting threats via EDR, or assessing cloud posture against CIS benchmarks, I bring rigour and business context to every engagement.

Currently completing my MSc in Cybersecurity at Yeshiva University, with two published research papers on cloud forensics and AI-driven threats in healthcare. I'm looking for roles where security is treated as a strategic enabler — not just a compliance function.

LocationJersey City, NJ · Open to remote
FocusSOC · Vuln management · Cloud security
StatusOpen to opportunities
Phone+1 (201) 238-0767

02

Projects

Blue Team

RAID-SecOps — AI-Powered Security Operations Platform

ML-driven alert triage with role-specific recommendations for SOC, Engineers & CISO

ProblemSIEM alerts reviewed inconsistently — SOC analysts, engineers and CISO/GRC had no unified system giving role-appropriate guidance

ActionBuilt role-aware FastAPI + PostgreSQL platform; applied Random Forest for alert classification and Isolation Forest for anomaly detection

OutcomeSOC analysts get triage steps, engineers get remediation actions, CISO/GRC get risk context — all from one platform

PythonRandom ForestIsolation ForestFastAPIPostgreSQLSIEM Integration

GitHub Live demo

🔍

t

Blue Team

Enterprise vulnerability management programme

100% critical · 90% high · 76% medium vulnerabilities eliminated

ProblemServer infrastructure carried significant unresolved critical and high vulnerabilities across Windows and Linux, exposing the organisation to exploitation

ActionDeployed Tenable scans, DISA STIG compliance audits, and PowerShell-based automated remediations; prioritised using CVSS scoring

OutcomeFull elimination of critical vulnerabilities; measurable reduction across all severity tiers — significantly lowered organisational risk exposure

TenableNessusPowerShellDISA STIGCVSS

Case study

🕵️Add screenshot

Red Team

Threat hunting & IOC analysis — EDR investigations

Detected brute force, exfiltration & ransomware IOCs before escalation

ProblemHigh SIEM alert volume with poor signal quality; signature tools missing advanced threats in financial environment

ActionTriaged 30–40 alerts daily; built Splunk correlation rules; conducted proactive EDR behavioural threat hunts using MITRE ATT&CK

Outcome15% false positive reduction; ransomware and exfiltration activity detected prior to data loss — before any escalation

SplunkEDRNmapIOC AnalysisMITRE ATT&CK

Writeup

View all projects →

03

What I do

🎯

Penetration testing

Web app, network and AD assessments — identifying exploitable paths before threat actors do, with clear remediation priorities.

🛡️

Threat detection & SOC

SIEM engineering, threat hunting, KQL/SPL detection rules, and incident triage — reducing dwell time and analyst fatigue.

☁️

Cloud security

AWS and Azure posture assessment, IAM hardening, and cloud-native threat detection aligned to CIS and NIST benchmarks.

📊

Security reporting

Executive-ready reports translating technical findings into business risk — readable by board members, not just engineers.

04

Skills & tools

Red team & offensive security

Reconnaissance

Nmap / Masscan65%

Gobuster / Dirb50%

Netcat / Netdiscover55%

OSINT techniques60%

Exploitation

Metasploit Framework65%

Burp Suite50%

SQLMap55%

Hydra / John the Ripper60%

Post-exploitation & AD

BloodHound / SharpHound50%

Mimikatz / Pass-the-Hash45%

Kerberoasting45%

Msfvenom / Payloads50%

Blue team & defensive security

SIEM & detection

Microsoft Sentinel / KQL70%

Splunk (SPL)70%

EDR / Threat hunting65%

Wireshark / Zeek60%

Vulnerability management

Tenable / Nessus70%

CVSS / CVE / CWE70%

DISA STIG65%

NIST CSF / 800-series60%

Incident response

Incident triage70%

MITRE ATT&CK mapping65%

IOC identification65%

Digital forensics50%

Cloud, infrastructure & development

Cloud security

Azure Monitor / NSG65%

AWS Security50%

IAM / Access controls60%

CIS Benchmarks60%

Infrastructure

Linux (Kali / Ubuntu)70%

Windows / Active Directory65%

Firewalls / VPN / ACLs60%

Hyper-V / Virtualisation55%

Development

Python70%

PowerShell70%

Bash / SQL / KQL65%

FastAPI / PostgreSQL60%

Governance, risk & compliance (GRC)

Frameworks

NIST CSF50%

NIST 800-53 / 800-3750%

NIST 800-61 / 800-4050%

ISO 2700150%

Compliance standards

PCI DSS50%

GDPR50%

HIPAA50%

DISA STIG50%

Risk & audit

Risk assessment50%

Security auditing50%

E-Discovery & forensics50%

CCSK (Cloud security)50%

05

Experience

Mar 2026 – Present
Remote, USA

Cyber Security Support Analyst

Log(N) Pacific — Vulnerability Management & SecOps

Achieved 100% elimination of critical, 90% of high, and 76% of medium vulnerabilities through Tenable-based scanning and PowerShell-automated remediations.
Developed custom detection rules in Microsoft Defender for Endpoint to automate isolation and investigation of compromised systems — cutting response time from hours to seconds.
Executed DISA STIG compliance audits across Windows and Linux server environments.
Reduced brute force incidents by 100% through strategic inbound NSG and firewall rule engineering, eliminating unnecessary Internet exposure.
Queried SIEM and EDR telemetry using KQL for threat investigation, log analysis, and detection tuning.

Apr 2023 – Jan 2025
Harare, Zimbabwe

IT Digital Solutions Specialist

ZB Financial Holdings

Monitored platform and web logs for 1,000+ monthly users, enabling faster identification and escalation of security incidents at a regulated financial institution.
Increased operational reliability by 30% through disciplined system change validation and configuration management aligned to internal security procedures.
Strengthened public-facing system security, achieving 40% improvement in compliant traffic through access control enforcement and continuous monitoring.

Jan 2020 – Jan 2021
Harare, Zimbabwe

IT Security Intern

FBC Financial Holdings

Triaged 30–40 SIEM alerts daily; reduced false positive rate by 15% through custom Splunk correlation rules, improving analyst efficiency and signal quality.
Reduced unauthorised access incidents by 15% by administering Active Directory, Microsoft Exchange, and Hyper-V with least-privilege access controls.
Performed proactive threat hunting with EDR, detecting IOCs from brute force, data exfiltration, and ransomware activity before escalation.

06

Education

Jan 2025 – May 2026

MSc Cybersecurity In Progress

Yeshiva University, Katz School of Science and Health · New York, NY

Courses: Cybersecurity Foundations, Architecture of Secure Operating Systems, Network & Data Security, Cybersecurity Audit, CCSK, E-Discovery and Digital Forensics. Active researcher with two published papers in IJCA.

Feb 2018 – Dec 2022

BSc Computer Science (Honours)

University of Zimbabwe · Harare, Zimbabwe

Strong foundation in algorithms, networking, operating systems, and software engineering. Dissertation: A Novel Hybrid Deep Learning Approach for Malware Classification — 94.8% accuracy on the Microsoft BIG 2015 benchmark dataset using MobileNet-V2 + CNN hybrid architecture.

07