Skip to main content
Michael ChesangMC
Open to opportunities

Michael Chesang

@michaelchesang

Principal offensive security researcher and builder of hardened testing systems.

Kenya
Message

What I'm looking for

I’m looking for a team where I can lead offensive security research, run high-impact penetration tests, and build hardened tooling. I want to apply my work to real-world FinTech and sensitive environments, with strong risk-communication to business and compliance stakeholders.

I’m a principal offensive security researcher and founder of Threat Lance Security, with a decade of hands-on experience delivering 230+ high-impact penetration tests since 2022. My work spans FinTech, Government, and Healthcare environments, where I focus on turning technical findings into clear risk and remediation action.

I’m ranked #6 globally out of thousands of security researchers on the Bumble Inc. Bug Bounty Programme (2024), and I’ve consistently maintained a Top 100 ranking. I operate with a proprietary hardened testing environment (LANCE-OS), built from a minimal Debian base, with hybrid Kali Rolling/Debian Stable repositories and strict egress filtering using custom iptables/UFW rules plus built-in monitoring to prevent data exfiltration even under host compromise.

I develop and deploy custom Frida instrumentation and proxy pipelines for AES decryption and dynamic session-token handling in high-security banking applications. I also lead vulnerability research through responsible disclosure, including CVE-2025-50455, and I present complex vulnerability findings to Boards of Directors, executives, and government officials to translate exploit chains into business and regulatory impact.

Beyond client work, I teach and mentor—serving as a Guest Lecturer for an MSc Offensive Cyber Security at Strathmore University and leading instruction at AfricaHackon Academy. I’m actively pursuing OSCP (certificate pending), OSAI, and Web 300, while my independent research explores adversarial AI and the rise of agentic exploitation to inform my applied offensive AI security practice.

Experience

Work history, roles, and key accomplishments

TS
Current

Founder & Principal Security Researcher

Threat Lance Security

Jun 2025 - Present (1 year 1 month)

Founded and led an offensive security consultancy delivering 230+ penetration tests across FinTech, Government, Healthcare, and Non-Profit environments, managing client engagements end-to-end. Engineered a proprietary hardened Debian-based testing OS and built custom Frida/Burp Suite/mitmproxy pipelines for AES traffic decryption and session-token handling in high-security banking applications.

AF
Current

Cybersecurity Engineer & Speaker

AfricaHackon

Jan 2017 - Present (9 years 6 months)

Served as a recurring conference speaker delivering talks on WiFi exploitation, AV bypass, and secure architecture to security professional and research audiences. Championed youth engagement through educational resources and mentorship and helped shape the conference’s technical program across editions.

CA

Senior Cybersecurity Engineer

Cyber Guard Africa

Feb 2024 - Jun 2025 (1 year 4 months)

Performed high-level penetration testing for enterprise clients focused on FinTech infrastructure, transaction-flow logic flaws, and PCI-DSS compliance readiness. Designed incident response workflows and advanced threat detection solutions, supporting ISO 27001 and GDPR compliance work.

Education

Degrees, certifications, and relevant coursework

IS

Independent (Self-Taught)

Self-taught, Cybersecurity

2015 -

Activities and societies: Independent research, competitions, and hands-on exploitation and secure coding practice.

Practicing cybersecurity professionally through independent study and real-world engagements since 2015. Built an Android exploitation framework at age 13 and continued developing expertise in penetration testing and exploit development.

Strathmore University logoSU

Strathmore University

Bachelor of Science, Computer Networks and Cyber Security

Activities and societies: Relevant modules include Network Architecture, Cryptography, Ethical Hacking, Digital Forensics, and Secure Systems Design.

Pursuing a BSc in Computer Networks and Cyber Security at Strathmore University. Studies include network architecture, cryptography, ethical hacking, digital forensics, and secure systems design, applied to offensive AI security research.

Tech stack

Software and tools used professionally

Get matched with your dream remote job

Sign up now and join over 250,000+ remote workers who receive personalized job alerts, curated job matches, and more for free!

Sign up
Himalayas profile for an example user named Frankie Sullivan