Michael Chesang
@michaelchesang
Principal offensive security researcher and builder of hardened testing systems.
What I'm looking for
I’m a principal offensive security researcher and founder of Threat Lance Security, with a decade of hands-on experience delivering 230+ high-impact penetration tests since 2022. My work spans FinTech, Government, and Healthcare environments, where I focus on turning technical findings into clear risk and remediation action.
I’m ranked #6 globally out of thousands of security researchers on the Bumble Inc. Bug Bounty Programme (2024), and I’ve consistently maintained a Top 100 ranking. I operate with a proprietary hardened testing environment (LANCE-OS), built from a minimal Debian base, with hybrid Kali Rolling/Debian Stable repositories and strict egress filtering using custom iptables/UFW rules plus built-in monitoring to prevent data exfiltration even under host compromise.
I develop and deploy custom Frida instrumentation and proxy pipelines for AES decryption and dynamic session-token handling in high-security banking applications. I also lead vulnerability research through responsible disclosure, including CVE-2025-50455, and I present complex vulnerability findings to Boards of Directors, executives, and government officials to translate exploit chains into business and regulatory impact.
Beyond client work, I teach and mentor—serving as a Guest Lecturer for an MSc Offensive Cyber Security at Strathmore University and leading instruction at AfricaHackon Academy. I’m actively pursuing OSCP (certificate pending), OSAI, and Web 300, while my independent research explores adversarial AI and the rise of agentic exploitation to inform my applied offensive AI security practice.
Experience
Work history, roles, and key accomplishments
Founder & Principal Security Researcher
Threat Lance Security
Jun 2025 - Present (1 year 1 month)
Founded and led an offensive security consultancy delivering 230+ penetration tests across FinTech, Government, Healthcare, and Non-Profit environments, managing client engagements end-to-end. Engineered a proprietary hardened Debian-based testing OS and built custom Frida/Burp Suite/mitmproxy pipelines for AES traffic decryption and session-token handling in high-security banking applications.
Cybersecurity Engineer & Speaker
AfricaHackon
Jan 2017 - Present (9 years 6 months)
Served as a recurring conference speaker delivering talks on WiFi exploitation, AV bypass, and secure architecture to security professional and research audiences. Championed youth engagement through educational resources and mentorship and helped shape the conference’s technical program across editions.
Senior Cybersecurity Engineer
Cyber Guard Africa
Feb 2024 - Jun 2025 (1 year 4 months)
Performed high-level penetration testing for enterprise clients focused on FinTech infrastructure, transaction-flow logic flaws, and PCI-DSS compliance readiness. Designed incident response workflows and advanced threat detection solutions, supporting ISO 27001 and GDPR compliance work.
Lead Lecturer
AfricaHackon Academy
Feb 2024 - Jun 2025 (1 year 4 months)
Designed and delivered curricula covering Web, Mobile, and Network Security, guiding hands-on labs, CTF competitions, and real-world project work while mentoring ethical hacking practice.
Guest Lecturer, MSc Cyber Security
Strathmore University
Jan 2024 - Present (2 years 6 months)
Delivered specialist postgraduate instruction on offensive security tactics, techniques, and procedures, including advanced penetration testing methodologies and exploit development.
Offensive Security Engineer
Threat Lance Security
Led a vulnerability research program including CVE-2025-50455 disclosure, overseeing the discovery-to-responsible disclosure lifecycle with vendor coordination.
Education
Degrees, certifications, and relevant coursework
Independent (Self-Taught)
Self-taught, Cybersecurity
2015 -
Activities and societies: Independent research, competitions, and hands-on exploitation and secure coding practice.
Practicing cybersecurity professionally through independent study and real-world engagements since 2015. Built an Android exploitation framework at age 13 and continued developing expertise in penetration testing and exploit development.
Strathmore University
Bachelor of Science, Computer Networks and Cyber Security
Activities and societies: Relevant modules include Network Architecture, Cryptography, Ethical Hacking, Digital Forensics, and Secure Systems Design.
Pursuing a BSc in Computer Networks and Cyber Security at Strathmore University. Studies include network architecture, cryptography, ethical hacking, digital forensics, and secure systems design, applied to offensive AI security research.
Tech stack
Software and tools used professionally
Availability
Location
Authorized to work in
Job categories
Skills
Interested in hiring Michael?
You can contact Michael and 90k+ other talented remote workers on Himalayas.
Message MichaelGet matched with your dream remote job
Sign up now and join over 250,000+ remote workers who receive personalized job alerts, curated job matches, and more for free!
