Let's Talk
John Kuforiji > portfolio
Cybersecurity Infrastructure Renewal – Enhanced Detection & Response

University of Calgary

Project Objective: The University of Calgary’s current Cybersecurity Strategy & Technology Stack was developed based on the current state at the time, with infrastructure existing primarily on-premise. As Hybrid & Cloud infrastructure continues to play a more significant role at the University of Calgary, there is a growing need to implement Security Solutions that will accommodate these more cloud-centric infrastructures and continue to support the on-premise footprint.

  • Led a comprehensive assessment of the University’s security monitoring infrastructure, evaluating the effectiveness of intrusion detection systems, firewalls, and other security tools. Identified gaps, assessed potential risks, and provided an in-depth analysis of the overall security posture, ensuring alignment with evolving threats and regulatory requirements.
  • Authored a detailed assessment report and architecture vision document, summarizing key findings and outlining a strategic target state for the security monitoring infrastructure. The documents provided actionable insights to enhance the University’s cybersecurity capabilities, ensuring alignment with business objectives and long-term strategic goals.
  • Collaborated with cross-functional stakeholders to define comprehensive business and technical requirements for the future security monitoring solution. Engaged with executive leadership, business units, and IT teams to align security initiatives with institutional goals, while also facilitating vendor discussions to ensure proposed solutions met the University’s security, compliance, and operational needs.
  • Led the evaluation of potential security vendors, using Gartner and G2 assessments to compare product capabilities, vendor reputation, and market positioning. Provided strategic recommendations on supplier selection, ensuring the chosen solutions aligned with the University’s risk management priorities and cybersecurity objectives.
  • Developed a cybersecurity strategy document, outlining key initiatives to enhance the University’s security posture. The strategy included detailed recommendations, potential impacts, and a clear roadmap with defined roles and responsibilities (RACI) for stakeholders, supporting effective implementation and ongoing management of security initiatives.
  • Contributed to the revision and creation of key cybersecurity department documentation, including the cybersecurity architecture principles. Ensured that documentation adhered to industry best practices and regulatory standards, providing clear guidance for the implementation, monitoring, and continuous improvement of security controls.

People Corporation

Project Objective: To enhance the security detection and response capabilities for People Corporation by leveraging a Managed Security Services Provider (MSSP) and developing a comprehensive security strategy that aligns with the organization’s risk management priorities and business objectives. The project aims to identify potential vulnerabilities and risks faced by the organization, outsource the monitoring and management of security controls to the MSSP, and establish a proactive approach to security by implementing the latest cybersecurity best practices and technologies. The goal is to ensure the long-term protection of People Corporation’s critical assets and data and maintain the confidentiality, integrity, and availability of sensitive information while reducing the burden on the internal IT team.

  • Defined and established the organization’s security requirements in collaboration with key stakeholders, aligning the security posture, risk profile, and regulatory compliance objectives with business priorities.
  • Led a comprehensive evaluation of Managed Security Service Providers (MSSPs), assessing their technology, processes, and personnel. Reviewed their policies and procedures to ensure alignment with the organization’s security strategy and compliance requirements.
  • Conducted a successful Proof of Concept (PoC) to validate the MSSP’s capability to meet the organization’s security needs. This involved rigorous testing of the provider’s technology and processes within a controlled environment to ensure suitability.
  • Ensured alignment of the MSSP’s Service Level Agreements (SLAs) with the organization’s strategic security goals, reviewing service offerings, response times, and escalation procedures to confirm they met the organization’s expectations and were legally enforceable.
  • Provided executive-level recommendations on MSSP selection, delivering a comprehensive analysis of each provider’s strengths and weaknesses. Presented a well-supported recommendation to choose the provider that best aligned with the organization’s long-term security and risk management strategy.

 

People Corporation

Project Objective: To develop an Enterprise Security Architecture that aligns the existing 3-year cyber security program and roadmap with People Corporation’s risk management priorities and business objectives. The new security roadmap should be traceable to regulatory, compliance, audit, and risk management requirements, as well as the organization’s North Star vision and ERM framework and risk tolerances.

  • Led Comprehensive Security Posture Evaluations: Directed a series of workshops and assessments to gain a thorough understanding of the organization’s security infrastructure. Analyzed data to identify vulnerabilities and risks, providing executive leadership with clear recommendations for strengthening the security posture and ensuring alignment with business objectives.
  • Strategic Risk Mitigation and Asset Protection: Collaborated with key stakeholders to identify critical assets and data, performing in-depth risk assessments and vulnerability analysis. Developed and implemented robust security strategies to protect the organization’s most valuable resources, ensuring long-term confidentiality, integrity, and availability of sensitive information.
  • Developed a Holistic Security Architecture Framework: Designed a security architecture using best practices from NIST and CSF frameworks. Aligned with organizational goals, this framework integrated access control, incident response, risk management, and security awareness, providing a strategic roadmap for continuous improvement and threat mitigation.
  • Created a Scalable Security Roadmap: In collaboration with other architects, developed a detailed security roadmap outlining actionable steps for implementing a scalable security architecture. Analyzed existing security infrastructure, identified improvement areas, and ensured long-term sustainability in protecting sensitive data against evolving threats.
  • Service Card Development for Security Services: Facilitated the creation of service cards for all identified security services, providing a comprehensive overview of their scope, controls, objectives, and deliverables. This ensured clear documentation and efficient management of security services aligned with the organization’s broader security strategy.
  • Cross-Functional Collaboration and Security Alignment: Worked closely with IT, business units, and external vendors to ensure the security roadmap aligned with broader organizational goals. Regularly reviewed security protocols, developed mitigation strategies for identified risks, and led training programs to promote best practices across the enterprise.
  • Ongoing Compliance and Security Audits: Conducted regular security audits and assessments to maintain a secure and compliant environment. Ensured adherence to industry standards and regulatory requirements, safeguarding the confidentiality, integrity, and availability of organizational data through proactive vulnerability identification and mitigation.
  • Policy and Procedure Development: Established and maintained comprehensive security policies, procedures, and guidelines, clearly defining roles and responsibilities for all employees. Continuously updated these policies to reflect emerging security threats and technologies, ensuring the organization remained resilient against cyber threats.
  • Guidance on Incident Response and Risk Management: Provided expert advice and guidance on incident response protocols, risk management strategies, and data protection measures to internal teams and external partners. Ensured alignment with security standards and proactively addressed risks through prompt mitigation strategies.
  • Security Training and Awareness Programs: Designed and delivered ongoing security awareness programs to educate employees on security best practices and emerging threats. These sessions covered critical topics such as password management, data protection, phishing, and social engineering, helping to minimize the risk of breaches and enhance the organization’s security culture.

Continuous Monitoring and Threat Intelligence: Regularly monitored the organization’s security posture, leveraging threat intelligence and security tools like vulnerability scans and penetration testing. Identified and addressed potential security gaps, ensuring the organization stayed ahead of emerging threats.

People Corporation

Project Objective: To conduct a comprehensive network security assessment and develop a roadmap that aligns with People Corporation’s risk management priorities and business objectives. The assessment should evaluate the existing network security infrastructure and protocols, identify potential vulnerabilities and risks, and provide recommendations for improvement. The roadmap should outline a clear and actionable plan for implementing the recommended security measures, including timelines, resource requirements, and cost estimates. The ultimate goal is to enhance the organization’s network security posture and ensure the protection of critical assets and data.

  • Led Comprehensive Asset Inventory and Network Security Analysis: Collaborated with key stakeholders to conduct an exhaustive analysis of the enterprise network, compiling a comprehensive inventory of all hardware and software assets, including servers, routers, switches, and various data repositories. This effort provided a clear understanding of the network’s architecture, ensuring better security management and strategic planning for asset protection.
  • Facilitated Workshops for Network Architecture Review: Organized and led information-gathering workshops with stakeholders and end-users to evaluate the current state of the enterprise network’s architecture. These sessions identified key components, such as hardware, software, and communication protocols, while addressing pain points and vulnerabilities. The insights gained informed strategic decisions aimed at optimizing network security, performance, and reliability.
  • Thorough Evaluation of Security Risks and Recommendations: Conducted an in-depth evaluation of security risks across the enterprise network, focusing on key areas such as access controls, data encryption, network segmentation, and incident response protocols. Provided executive-level recommendations to mitigate identified risks and improve the overall security posture, aligning network defenses with organizational goals.
  • Formulated and Implemented Security Requirements: Engaged with IT leadership and project teams to identify critical security needs across the enterprise network. Analyzed the existing infrastructure for vulnerabilities and developed a comprehensive set of security requirements, including policies, procedures, and controls. Led the implementation of these tailored security measures to address network-specific risks, ensuring that the organization’s data remained secure and compliant with industry standards.
  • Developed and Executed a Robust Security Architecture: Designed a comprehensive security architecture based on the defense-in-depth principle, ensuring multi-layered protection of the enterprise network. This architecture included the deployment of advanced security controls, such as firewalls, intrusion detection and prevention systems, data encryption, and access controls, to safeguard both horizontal and vertical traffic flows. The resulting framework significantly strengthened the organization’s resilience against evolving cyber threats.
  • Created a Strategic Security Implementation Roadmap: Developed a detailed security roadmap to implement the security architecture, outlining specific steps, timelines, and resource requirements. This roadmap ensured strategic alignment with organizational objectives, allowing for efficient allocation of resources and accurate budgeting to meet the projected costs of each phase of implementation.

University of Manitoba

Project Objective: To replace the existing student cashiering application for the University of Manitoba with a more modern, efficient, and user-friendly system that will streamline the payment process and enhance the overall experience for students, staff, and other stakeholders involved in the payment process. The new system will aim to reduce errors, increase security, and provide real-time access to payment information and transaction history.

  • Led Comprehensive Security Risk Assessments for Payment Systems: Conducted an in-depth evaluation of the existing cashiering system to identify potential security risks and vulnerabilities. The analysis included a thorough review of access controls, encryption standards, and transaction auditing processes to ensure protection from both external threats and internal misuse. Findings were documented and presented to senior stakeholders with actionable recommendations for strengthening the system’s security posture.
  • Developed and Implemented a Robust Security Strategy for Payment Applications: Designed a multi-layered security strategy for the new payment application based on an extensive risk assessment. The strategy included selecting appropriate security technologies, implementing access controls, encryption, and system activity monitoring. Clear security policies and procedures were created to guide the management of security controls and ensure real-time detection and response to threats.
  • Ensured Regulatory Compliance for Payment Systems: Developed a tailored compliance framework to ensure the payment application adhered to key regulations, including PCI DSS and PII. This framework was continuously monitored and updated to align with evolving regulatory standards, ensuring that the system met all industry requirements and maintained a high level of data protection.
  • Integrated Security into the Software Development Lifecycle (SDLC): Provided strategic oversight and guidance to development teams, ensuring that security was embedded throughout the software development lifecycle. This included implementing secure coding practices, conducting regular security assessments, and training teams on best practices. By proactively addressing security vulnerabilities during development, the final product met the highest security standards.
  • Conducted Regular Security Assessments and Penetration Testing: Oversaw comprehensive security assessments and penetration testing throughout the implementation process. These tests were designed to uncover potential vulnerabilities and ensure the system was resilient against both internal and external threats. Based on assessment results, implemented targeted security controls to mitigate risks and enhance overall system security.
  • Implemented Advanced Access Control Mechanisms: Enhanced system security by deploying multi-factor authentication and role-based access control (RBAC). These controls ensured that only authorized personnel had access to the system, and that user access was restricted based on their role within the organization, thereby minimizing unauthorized access and safeguarding sensitive data.

Developed Incident Response and Disaster Recovery Procedures: Led the development and implementation of incident response and disaster recovery plans for the cashiering system. These procedures provided clear guidelines for identifying, reporting, and mitigating security incidents. The disaster recovery plan ensured the continuity of critical operations by enabling the rapid restoration of systems and data in the event of a disruption.

University of Manitoba

Project Objective: To improve the security of the endpoint management platform, secure corporate data on all devices, implement processes and procedures for users and devices to securely access corporate data, review and remediate exposure on remote devices, and implement ongoing support and maintenance of the platform and controls.

  • Developed and Implemented Comprehensive Endpoint Security Strategy: Led the design and execution of a robust security strategy to mitigate risks associated with managing a diverse range of endpoints. The strategy employed a multi-layered defense approach, integrating advanced security measures including firewalls, antivirus solutions, and intrusion detection/prevention systems. Regular testing and updates ensured the strategy’s continued effectiveness against emerging threats, contributing to a secure and resilient IT infrastructure across the organization.
  • Conducted Network Vulnerability Assessments and Established Security Protocols: Directed a thorough analysis of network vulnerabilities, leading to the development of stringent security protocols for secure data transmission and storage. Implemented enhanced access control and authentication policies to minimize the risk of data breaches and unauthorized access, strengthening the organization’s overall cybersecurity posture.
  • Led the Design of Endpoint Management Solutions with Integrated Security: Spearheaded the design of an endpoint management framework that prioritized security throughout asset management, system patching, and mobile device management. This proactive approach ensured comprehensive protection of all endpoints, aligning security measures with lifecycle management and operational needs.
  • Implemented System Hardening and Data Security Policies: Enforced data security and integrity policies through the hardening of over 2,300 endpoints. Achieved an 85% reduction in security risks and a 30% improvement in system integrity within the first year. Ensured all systems were consistently updated with the latest security patches, significantly reducing the likelihood of potential threats.
  • Collaborated with Cross-Functional Teams to Reduce Security Threats: Partnered with cross-functional teams to assess and mitigate risks across systems, applications, and devices. This collaborative effort resulted in a 50% reduction in potential threats by addressing identified vulnerabilities and implementing targeted solutions. The approach fostered a security-focused culture that addressed the unique needs of all stakeholders.
  • Led Regular Security Audits to Strengthen Security Posture: Oversaw periodic security audits to assess the effectiveness of existing controls and identify vulnerabilities. Based on audit results, implemented a range of controls, including updated access management, firewall configurations, and antivirus solutions. Regular testing and evaluations ensured continuous alignment with industry best practices and protection against evolving threats.
  • Developed a Proactive Endpoint Security Strategy: Created a forward-looking endpoint security strategy that adapted to the evolving threat landscape. By employing a multi-layered approach—focusing on prevention, detection, and rapid response—the strategy ensured the ongoing protection, confidentiality, and integrity of the organization’s critical data and systems.

Enterprise Security Architect

Project Objective: To enhance Shared Health Manitoba’s information security program by implementing policies, procedures, and controls that align with industry best practices and regulatory requirements. This involved a thorough assessment of the organization’s current security posture, the development of a roadmap for security enhancements, and the implementation of identified security controls and measures.

  • Led Comprehensive Security Risk Assessments for Payment Systems: Conducted an in-depth evaluation of the existing cashiering system to identify potential security risks and vulnerabilities. The analysis included a thorough review of access controls, encryption standards, and transaction auditing processes to ensure protection from both external threats and internal misuse. Findings were documented and presented to senior stakeholders with actionable recommendations for strengthening the system’s security posture.
  • Developed and Implemented a Robust Security Strategy for Payment Applications: Designed a multi-layered security strategy for the new payment application based on an extensive risk assessment. The strategy included selecting appropriate security technologies, implementing access controls, encryption, and system activity monitoring. Clear security policies and procedures were created to guide the management of security controls and ensure real-time detection and response to threats.
  • Ensured Regulatory Compliance for Payment Systems: Developed a tailored compliance framework to ensure the payment application adhered to key regulations, including PCI DSS and PII. This framework was continuously monitored and updated to align with evolving regulatory standards, ensuring that the system met all industry requirements and maintained a high level of data protection.
  • Integrated Security into the Software Development Lifecycle (SDLC): Provided strategic oversight and guidance to development teams, ensuring that security was embedded throughout the software development lifecycle. This included implementing secure coding practices, conducting regular security assessments, and training teams on best practices. By proactively addressing security vulnerabilities during development, the final product met the highest security standards.
  • Conducted Regular Security Assessments and Penetration Testing: Oversaw comprehensive security assessments and penetration testing throughout the implementation process. These tests were designed to uncover potential vulnerabilities and ensure the system was resilient against both internal and external threats. Based on assessment results, implemented targeted security controls to mitigate risks and enhance overall system security.
  • Implemented Advanced Access Control Mechanisms: Enhanced system security by deploying multi-factor authentication and role-based access control (RBAC). These controls ensured that only authorized personnel had access to the system, and that user access was restricted based on their role within the organization, thereby minimizing unauthorized access and safeguarding sensitive data.
  • Developed Incident Response and Disaster Recovery Procedures: Led the development and implementation of incident response and disaster recovery plans for the cashiering system. These procedures provided clear guidelines for identifying, reporting, and mitigating security incidents. The disaster recovery plan ensured the continuity of critical operations by enabling the rapid restoration of systems and data in the event of a disruption.

PwC Canada (End Client – International Bank of Commerce)

Project Objective: To migrate International Bank of Commerce’s current SharePoint environment securely and efficiently to SharePoint Online with minimum downtime and disruption to users. The migration process involved an assessment and mapping of all existing content, applications, and workflows. A detailed migration plan was developed to ensure that the project is completed successfully within the agreed-upon timeline and budget while also maintaining the security, integrity, and compliance of all data with relevant regulations and standards.

 

  • Led Comprehensive Security Assessment of SharePoint 2019 Environment: Directed a thorough evaluation of the SharePoint 2019 system, focusing on configuration, access controls, and security protocols. Identified potential security risks and vulnerabilities that could impact data confidentiality, integrity, and availability. Delivered a detailed report with recommendations to senior stakeholders, outlining critical security enhancements for the SharePoint Online migration to ensure a stronger security posture and system reliability.
  • Established Security Objectives and Scope for Migration to SharePoint Online: Collaborated with key stakeholders to define the scope of the SharePoint Online migration project, addressing security requirements, workflows, and timelines. Established comprehensive security objectives to safeguard sensitive data, ensuring that all necessary precautions were taken to minimize risks and protect against data breaches throughout the migration process.
  • Designed a Secure Architecture for SharePoint Online: Developed a secure architecture for the SharePoint Online environment, incorporating industry best practices and the bank’s regulatory compliance requirements. Conducted a risk assessment to identify vulnerabilities and implemented security measures such as multi-factor authentication, encryption, and access controls. The result was a fortified system that ensured the safety and privacy of sensitive information, aligning with both internal policies and regulatory standards.
  • Collaborated on Security Controls Implementation During Migration: Worked closely with the bank’s IT team to develop and implement robust security controls for data protection during the migration. Identified potential vulnerabilities and employed encryption to secure data in transit and at rest. Strict access controls were enforced, and auditing and monitoring capabilities were integrated to detect and respond to any suspicious activity. The security controls were tailored to align with business objectives, ensuring a seamless and secure migration process.
  • Conducted Security Testing and Vulnerability Assessments: Facilitated comprehensive security testing of the new SharePoint Online environment, including vulnerability assessments and penetration testing. Analyzed results to identify and mitigate any security weaknesses. Provided actionable recommendations to improve system security further, ensuring that all implemented measures met the necessary industry standards and regulatory requirements.

PwC Canada (End Client – Team Inc)

Project Objective: Upgrade Team Inc.’s Dynamics 365 to the latest version to improve operational efficiency, customer engagement, and revenue. Conduct a comprehensive analysis of existing systems, customization, and integration to minimize disruption and deliver a seamless upgrade that meets business objectives.

 

  • Led Comprehensive Security Architecture Review Pre-Upgrade: Conducted a thorough analysis of the existing security architecture and policies to identify potential vulnerabilities and gaps prior to the Dynamics 365 upgrade. This proactive evaluation ensured that the system remained secure, reliable, and resilient throughout the upgrade process, mitigating risks associated with security breaches during critical transitions.
  • Evaluated Security Risks of New Dynamics 365 Features: Assessed the security implications of the new features introduced in Dynamics 365, performing a detailed risk analysis. Adjusted the security architecture to address potential threats, ensuring alignment with the evolving threat landscape. This strategic enhancement fortified the platform’s ability to defend against vulnerabilities while preserving system functionality and user experience.
  • Ensured Timely Security Patch Deployment: Collaborated closely with the IT team to ensure all necessary security patches and updates were installed prior to the system upgrade. This proactive approach resulted in a seamless upgrade process, minimizing the risk of vulnerabilities being exploited during the transition.

Implemented Comprehensive Data Backup Strategy: Directed the creation of a comprehensive data backup plan using Microsoft SQL Server Management Studio, safeguarding all essential data prior to the upgrade. This measure ensured business continuity by minimizing the risk of data loss and enabling swift recovery in the event of any unforeseen complications.

PwC Canada (End Client – Caliber  Home Loans)

Project Objective To design and implement an Azure Cloud Foundation for Caliber Home Loans that enables the organization to securely and efficiently migrate its IT infrastructure to the cloud. The new cloud infrastructure should be secure, scalable, cost-effective, and aligned with the organization’s business objectives. The project involved assessing the organization’s current infrastructure, designing a cloud architecture that meets its requirements, and implementing the new cloud environment with minimal disruption to business operations.

 

  • Led Comprehensive IT Infrastructure and Security Assessments: Directed a thorough evaluation of the bank’s IT infrastructure and security measures, utilizing stakeholder workshops and advanced cloud assessment tools. Conducted vulnerability scans and penetration testing to identify potential weaknesses in the bank’s hardware, software, data management, and network security protocols. Delivered actionable recommendations to improve operational efficiency and fortify the bank’s security posture, ensuring alignment with business objectives and regulatory standards.
  • Designed a Secure Azure Cloud Adoption Framework: Developed a comprehensive Azure Cloud Adoption Framework with a strong emphasis on security and compliance. Leveraged Azure Security Center, Azure Policy, and guidelines from the Center for Internet Security (CIS) Benchmark to create a secure, compliant cloud environment. The framework enabled seamless Azure adoption while ensuring the protection of sensitive data and adherence to industry and regulatory requirements.
  • Collaborated with Key Stakeholders to Execute Secure Cloud Solutions: Worked closely with cross-functional stakeholders to design and implement secure, cloud-based solutions tailored to the bank’s unique needs. Ensured the solutions prioritized data protection, reliability, and regulatory compliance, aligning security measures with the bank’s broader strategic goals.
  • Spearheaded Evaluation and Implementation of Security Technologies: As the security lead, directed the evaluation and testing of various security tools and technologies to safeguard the bank’s sensitive data. Recommended and implemented customized security technologies based on a detailed analysis of the bank’s requirements, ensuring optimal protection against emerging threats and compliance with security best practices.

PwC Canada (End Client – New American Funding)

Project Objective: To design and implement an Azure Secure Landing Zone for New American Funding that provides a secure and compliant cloud environment to host their applications and data. The project ensured that the Landing Zone was configured with best practices and industry standards for security, compliance, and governance. This will enable Caliber Home Loans to achieve increased agility, scalability, and cost-effectiveness while maintaining high levels of security and regulatory compliance.

 

  • Led Security Workshops and Risk Assessments for Financial Institution: Facilitated a series of workshops with key stakeholders to identify potential vulnerabilities and risks within the bank’s IT and security infrastructure. Conducted a comprehensive security assessment that involved a detailed analysis of the bank’s IT architecture, network infrastructure, and security protocols. The objective was to develop robust mitigation strategies to protect the bank from potential cyber threats, ensuring the safety and integrity of its financial assets.
  • Designed and Implemented Secure Cloud Architecture: Architected and deployed a secure landing zone that ensured the confidentiality, integrity, and availability of the bank’s data. The solution was fully aligned with security requirements, compliance standards, and industry best practices. The scalable and flexible architecture provided a reliable foundation for the bank’s cloud-based operations, ensuring robust data protection and ease of maintenance.
  • Implemented Advanced Security Controls for Data and Applications: Strengthened the bank’s security posture by deploying multiple security controls, including Azure Firewall for network-level protection, Azure Security Center for advanced threat protection, and Azure Active Directory for managing user identities and access. Azure Key Vault was also implemented to securely manage cryptographic keys and secrets, ensuring that sensitive data was encrypted and protected.
  • Established Secure Connectivity Between On-Premises and Cloud Infrastructure: Led the establishment of secure connections between the bank’s on-premises infrastructure and Azure environments. This included implementing network security groups to control traffic, configuring virtual private networks (VPNs) for secure access, and setting up ExpressRoute connections to extend on-premises networks to Azure through a dedicated, private link. These measures ensured secure and reliable connectivity for cloud operations.
  • Developed a Comprehensive Disaster Recovery Plan: Created and implemented a disaster recovery plan to ensure data backup, replication, and recovery in the event of a security breach or outage. This plan was designed to protect the bank’s critical systems and data, ensuring business continuity and rapid recovery from potential disruptions.