Kelvin Magora | Cybersecurity Professional

01

About me

I'm Kelvin Magora — a cybersecurity professional with a strong academic foundation and proven impact across vulnerability management, SOC operations, detection engineering, and cloud security.

I've delivered results that matter to organisations: 100% elimination of critical vulnerabilities for a server team, reduced brute force incidents to zero through smart infrastructure controls, and improved threat visibility for over 1,000 users monthly at a financial institution.

My work bridges offensive and defensive security — I understand attack paths, and I use that knowledge to build defences that actually hold. Whether engineering detection rules in Microsoft Sentinel, hunting threats via EDR, or assessing cloud posture against CIS benchmarks, I bring rigour and business context to every engagement.

Currently completing my MSc in Cybersecurity at Yeshiva University, with two published research papers on cloud forensics and AI-driven threats in healthcare. I'm looking for roles where security is treated as a strategic enabler — not just a compliance function.

LocationJersey City, NJ · Open to remote
FocusSOC · Vuln management · Cloud security
StatusOpen to opportunities
Phone+1 (201) 238-0767

02

Projects

🛡️Add screenshot — raid-secops-screenshot.png

Blue Team

RAID-SecOps — AI-Powered Security Operations Platform

Unified AI decision support across SOC, engineering & GRC workflows

ProblemSecurity teams lacked unified alert triage — analysts, engineers and GRC users working in silos with inconsistent decision-making

ActionBuilt a role-aware FastAPI + PostgreSQL platform that ingests security alerts and delivers AI-driven recommendations per user role

OutcomeStreamlined triage across all stakeholder levels; reduced manual overhead and improved consistency of security decisions

FastAPIPostgreSQLPythonJWT AuthSQLAlchemyAI/ML

GitHub Documentation

🎯Add screenshot — sentinel-detection.png

Blue Team

Detection engineering — Microsoft Sentinel & Defender

Brute force reduced to zero; automated endpoint isolation in seconds

ProblemNo automated response for compromised endpoints; brute force attacks reaching systems through exposed Internet-facing ports

ActionAuthored custom KQL detection rules in Sentinel and MDE; implemented inbound NSG firewall rules to block unauthorised access vectors

Outcome100% reduction in brute force incidents; automated isolation triggered on compromise — response time cut from hours to seconds

Microsoft SentinelKQLDefender for EndpointNSG

Writeup

🔍Add screenshot — vuln-mgmt.png

Blue Team

Enterprise vulnerability management programme

100% critical · 90% high · 76% medium vulnerabilities eliminated

ProblemServer infrastructure carried significant unresolved critical and high vulnerabilities across Windows and Linux, exposing the organisation to exploitation

ActionDeployed Tenable scans, DISA STIG compliance audits, and PowerShell-based automated remediations; prioritised using CVSS scoring

OutcomeFull elimination of critical vulnerabilities; measurable reduction across all severity tiers — significantly lowered organisational risk exposure

TenableNessusPowerShellDISA STIGCVSS

Case study

🕵️Add screenshot — threat-hunt.png

Red Team

Threat hunting & IOC analysis — EDR investigations

Detected brute force, exfiltration & ransomware IOCs before escalation

ProblemHigh SIEM alert volume with poor signal quality; signature tools missing advanced threats in financial environment

ActionTriaged 30–40 alerts daily; built Splunk correlation rules; conducted proactive EDR behavioural threat hunts using MITRE ATT&CK framework

Outcome15% false positive reduction; ransomware and exfiltration activity detected prior to data loss — before any escalation

SplunkEDRNmapIOC AnalysisMITRE ATT&CK

Writeup

☁️Add screenshot — azure-cloud.png

Cloud

Cloud security posture & access controls — Azure

40% compliant traffic improvement; 30% operational reliability uplift

ProblemPublic-facing financial systems had insufficient access controls and limited visibility into anomalous cloud traffic

ActionImplemented access control policies, Azure Monitor continuous monitoring, Syslog alerting, and ACL enforcement across network boundaries

Outcome40% improvement in compliant traffic; 30% reliability increase across IT systems — measurable uplift in security posture

Azure MonitorSyslogACLsNSGCIS Benchmarks

Case study

🧠Add screenshot — malware-dl.png

Research

Novel Hybrid Deep Learning for Malware Classification — BSc Dissertation

94.8% accuracy on Microsoft BIG 2015 — 9 malware families classified

ProblemSignature-based AV tools fail against new and obfuscated malware variants — costing enterprises billions in breach costs annually

ActionDesigned a MobileNet-V2 + CNN hybrid with primary input assortment strategy; converted PE binary files to grayscale images for deep feature extraction

Outcome94.8% accuracy, 95.7% precision, 94.7% sensitivity — outperforming single-model baselines at lower computational cost

PythonCNNMobileNet-V2TensorFlowMalware Analysis

GitHub Write-up

03

What I do

🎯

Penetration testing

Web app, network and AD assessments — identifying exploitable paths before threat actors do, with clear remediation priorities.

🛡️

Threat detection & SOC

SIEM engineering, threat hunting, KQL/SPL detection rules, and incident triage — reducing dwell time and analyst fatigue.

☁️

Cloud security

AWS and Azure posture assessment, IAM hardening, and cloud-native threat detection aligned to CIS and NIST benchmarks.

📊

Security reporting

Executive-ready reports translating technical findings into business risk — readable by board members, not just engineers.

04

Skills & tools

Red team & offensive security

Reconnaissance

Nmap / Masscan85%

Gobuster / Dirb75%

Netcat / Netdiscover75%

OSINT techniques70%

Exploitation

Metasploit Framework80%

Burp Suite75%

SQLMap70%

Hydra / John the Ripper70%

Post-exploitation & AD

BloodHound / SharpHound70%

Mimikatz / Pass-the-Hash65%

Kerberoasting65%

Msfvenom / Payloads65%

Blue team & defensive security

SIEM & detection

Microsoft Sentinel / KQL85%

Splunk (SPL)80%

EDR / Threat hunting80%

Wireshark / Zeek75%

Vulnerability management

Tenable / Nessus85%

CVSS / CVE / CWE80%

DISA STIG75%

NIST CSF / 800-series75%

Incident response

Incident triage80%

MITRE ATT&CK mapping80%

IOC identification80%

Digital forensics65%

Cloud, infrastructure & development

Cloud security

Azure Monitor / NSG75%

AWS Security65%

IAM / Access controls75%

CIS Benchmarks70%

Infrastructure

Linux (Kali / Ubuntu)85%

Windows / Active Directory80%

Firewalls / VPN / ACLs75%

Hyper-V / Virtualisation70%

Development

Python80%

PowerShell80%

Bash / SQL / KQL75%

FastAPI / PostgreSQL70%

05

Experience

Mar 2026 – Present
Remote, USA

Cyber Security Support Analyst

Log(N) Pacific — Vulnerability Management & SecOps

Achieved 100% elimination of critical, 90% of high, and 76% of medium vulnerabilities through Tenable-based scanning and PowerShell-automated remediations.
Developed custom detection rules in Microsoft Defender for Endpoint to automate isolation and investigation of compromised systems — cutting response time from hours to seconds.
Executed DISA STIG compliance audits across Windows and Linux server environments.
Reduced brute force incidents by 100% through strategic inbound NSG and firewall rule engineering, eliminating unnecessary Internet exposure.
Queried SIEM and EDR telemetry using KQL for threat investigation, log analysis, and detection tuning.

Apr 2023 – Jan 2025
Harare, Zimbabwe

IT Digital Solutions Specialist

ZB Financial Holdings

Monitored platform and web logs for 1,000+ monthly users, enabling faster identification and escalation of security incidents at a regulated financial institution.
Increased operational reliability by 30% through disciplined system change validation and configuration management aligned to internal security procedures.
Strengthened public-facing system security, achieving 40% improvement in compliant traffic through access control enforcement and continuous monitoring.

Jan 2020 – Jan 2021
Harare, Zimbabwe

IT Security Intern

FBC Financial Holdings

Triaged 30–40 SIEM alerts daily; reduced false positive rate by 15% through custom Splunk correlation rules, improving analyst efficiency and signal quality.
Reduced unauthorised access incidents by 15% by administering Active Directory, Microsoft Exchange, and Hyper-V with least-privilege access controls.
Performed proactive threat hunting with EDR, detecting IOCs from brute force, data exfiltration, and ransomware activity before escalation.

06

Education

2024 – May 2026

MSc Cybersecurity In Progress

Yeshiva University, Katz School of Science and Health · New York, NY

Courses: Cybersecurity Foundations, Architecture of Secure Operating Systems, Network & Data Security, Cybersecurity Audit, CCSK, E-Discovery and Digital Forensics. Active researcher with two published papers in IJCA.

2018 – Dec 2022

BSc Computer Science (Honours)

University of Zimbabwe · Harare, Zimbabwe

Strong foundation in algorithms, networking, operating systems, and software engineering. Dissertation: A Novel Hybrid Deep Learning Approach for Malware Classification — 94.8% accuracy on the Microsoft BIG 2015 benchmark dataset using MobileNet-V2 + CNN hybrid architecture.

07