Michael Shihusa

Conducted enterprise and IT risk assessments, documenting findings and ensuring mitigation controls are followed through. Performed vulnerability assessments and penetration testing across IT infrastructure and web/internet banking applications, and supported ISO gap analysis and security advisory activities.

Planned and executed information systems audits, auditing the effectiveness of implemented security controls for SWIFT service bureau operations. Reviewed ISO/IEC 27001:2022 implementation, delivered security awareness training, and presented audit findings with recommendations and follow-up support.

Reviewed core banking and ancillary applications, including digital banking audit reviews. Conducted network and IT infrastructure reviews, performed revenue assurance review, investigated issues, and followed up on audit exceptions through documented audit reporting.

Provided information assurance through enterprise systems reviews, including ERP, databases, operating systems, network security, and IT governance assessments. Conducted digital forensic investigations, vulnerability assessments, penetration testing for multiple application types, and cybersecurity awareness trainings, including quality assurance over system implementations.

Maintained computer lab hardware, installed and updated software, and troubleshot network and computer issues. Supported lab setup by fixing laptops and configuring computers for new laboratories, and maintained item usage records as store keeper.

Performed data entry tasks and provided basic IT support. Assisted with day-to-day technology support needs during the internship period.

Completed the Akamai University certification in Web Application and API Protection (July 2025).

Completed the Securiti certification in AI Security and Governance (November 2025).

Earned the PECB credential as an ISO 31000 Lead Risk Manager (November 2024).

Completed training and certification as an ISO/IEC 27001:2022 ISMS Lead Auditor (November 2023).

Completed training and certification as an ISO/IEC 27001:2022 ISMS Lead Implementer (October 2023).

Earned the (ISC)2 certification in cybersecurity (January 2023).

Completed SWIFT Customer Security Program V2022 (Expert) certification (Aug–Sep 2020).

Completed the API Academy certificate in API Security Architect (Aug–Sep 2020).

Completed the ISACA certificate in cybersecurity fundamentals (Apr–May 2017).

Grade: Distinction (84)

Completed Computer Operation training and received a distinction (Mar–Apr 2011).

Grade: Mean Grade B (64 points)

Completed secondary education and obtained a Kenya Certificate of Secondary Education (Jan 2005–Nov 2008).

Completed the IBM Cyber Security Specialist training (July–Dec 2015).

Grade: Scored 367/500 marks

Completed primary education and obtained a Kenya Certificate of Primary Education (1996–2004).

Completed the CCNA 2 Routing and Switching certificate (Feb–Dec 2016).

Earned the ISACA Certified Information Systems Auditor credential (Jan–Aug 2018).

Completed SWIFT Customer Security Program V2023 (Expert) certification (Oct–Dec 2022).

Completed a Bachelor of Business Information and Technology degree (2013–March 2017).

Completed the CCNA 1 Introduction to Networks certificate (Feb–Dec 2016).