Anthony Tuff

Cybersecurity Engineer & Senior Security Consultant

Download CV
~$ whoami

Cybersecurity Engineer with over 7 years of hands-on experience designing, assessing, and improving security controls across enterprise and corporate environments. Specialized in offensive security, red teaming, and penetration testing — with a growing focus on DevSecOps, cloud security, security automation, and AI-driven security solutions.

Successfully delivered 200+ cybersecurity engagements spanning vulnerability assessments, penetration tests, configuration reviews, and risk audits across on-premises, cloud, and hybrid infrastructures. Experienced in embedding security into CI/CD pipelines, hardening cloud environments (AWS, Azure, GCP), and building automated security tooling to scale assessment workflows.

Passionate about leveraging AI and machine learning to advance offensive and defensive security — from autonomous pentesting tools to intelligent threat detection. Actively researching AI red teaming, LLM security risks, and the intersection of generative AI with adversarial tradecraft. Committed to continuous learning, mentorship, and translating complex technical findings into clear, actionable risk insights for executive stakeholders.

>_ skills
Offensive SecurityRed Teaming, Penetration Testing, Cyber Attack Simulation, Active Directory Exploitation, Social Engineering
Web & API SecurityOWASP Top 10, Burp Suite, API Security Assessment, REST/GraphQL Testing, DAST/SAST, Source Code Review
Network SecurityNmap, Wireshark, Metasploit, Nexpose, Nessus, Network Exploitation
Cloud SecurityAWS, Azure, GCP, Docker, Kubernetes, ScoutSuite, Pacu
Mobile SecurityAndroid/iOS Pentesting (OWASP MSTG), APK Reverse Engineering
DevSecOpsCI/CD Security, Semgrep, SonarCube, Container Security, Jenkins
ProgrammingPython, Bash, PowerShell, JavaScript, Go, Laravel
DFIRMalware Analysis, Incident Response, Digital Forensics, SecurityOnion
FrameworksNIST, ISO 27001, GDPR, COBIT, MITRE ATT&CK, CIS Controls, Zero Trust
ToolsCobalt Strike, BurpSuite, Metasploit, ElasticSearch, Postman, AlienVault
[*] certifications
CEH
CEH v10 (Certified Ethical Hacker) - EC-Council EC-Council Verify
CEH
CEH Practical & Master - EC-Council EC-Council Verify
eWPTX
eWPTXv2 (Web Application Penetration Tester Extreme) - eLearnSecurity eLearnSecurity Verify
CRTE
CRTE (Certified Red Team Expert) - Altered Security Altered Security Verify
CRTO
CRTO (Certified Red Team Operator) - Zero Point Security Zero Point Security Verify
CTIA
CTIA (Certified Threat Intelligence Analyst) - EC-Council EC-Council Verify
CSA
CSA (Certified SOC Analyst) - EC-Council Verify
CNSS
CNSS (Certified Network Security Specialist) - ICSI, UK ICSI, UK Verify
CLI
CLI (Certified Lead Implementer ISO 22301) - Datasec Datasec Verify
CSCU
CSCU v2 (Certified Secure Computer User) - EC-Council EC-Council Verify
CEI
CEI (Certified EC-Council Instructor) - EC-Council EC-Council Verify
CCNA
CCNA (Cisco Certified Network Associate) - Cisco Cisco Verify
#!/ experience

Senior Security Engineer — Confidential

Dec 2024 - Present
  • Conduct regular security assessments, code reviews, and penetration testing to identify vulnerabilities in applications and software
  • Mentor cyber security engineers and contribute to internal training, tool development, and process improvement
  • Research and develop new attack techniques and tooling to streamline security assessment processes
  • Automate security testing and vulnerability management processes
  • Collaborate with clients to understand security objectives and tailor engagement strategies accordingly
  • Ensure security best practices are integrated throughout the SDLC, including secure coding guidelines
  • Continuously analyze emerging vulnerabilities, adversarial TTPs, and offensive techniques, integrating findings into training content

Senior Risk Consultant — Serianu Limited

Nov 2021 - Dec 2024
  • Conducted web application, API testing, source code reviews, and threat analysis based on OWASP
  • Performed mobile (iOS/Android) application security assessments based on OWASP MSTG
  • Conducted Red teaming, external and internal infrastructure vulnerability and penetration tests
  • Collaborated with development teams to integrate security into the SDLC and ensure secure coding practices
  • Prepared comprehensive security reports to both technical and executive audiences
  • Contributed to continuous improvement of the offensive security program, refining red team methodologies, playbooks, and tools
  • Engaged clients on cyber security frameworks including NIST 800-53 (CSF), CIS, and ISO 27001
  • Mentored others in advanced attack techniques

Independent Information Security Consultant

2018 - 2022
  • **Confidential** (Sep-Oct 2021): Conducted Information Systems Audit reviewing IT Risk, Business Application Reviews, Networks, Databases, and Operating Systems
  • **Toolkit Iskills LTD** (Jan-Feb 2021): Developed ICT policy defining rules, procedures, and guidelines for IT asset usage and maintenance
  • **Confidential** (Jun-Jul 2019): Conducted ICT Audit evaluating systems, processes, and procedures; prepared 5-year roadmap report
  • **NACC** (Jan-Feb 2019): Performed penetration testing and system audit to analyze potential threats and ensure IT system security
  • **Confidential** (Sep-Dec 2017): Conducted network security assessment across 8 countries using Nessus, Nexpose, and Metasploit

Web Developer & Designer — Impress Creations Ltd

Jan 2018 - Dec 2020 (Part-time)
  • Developed and designed appealing websites ensuring high-performance and availability
  • Managed website back-end including MySQL database and cPanel server access
  • Configured zone records and installed SSL certificates on client websites
  • Developed custom functions and templates with Laravel, JavaScript, HTML, CSS, and Bootstrap 4, integrated with WordPress
[+] achievements
  • Completed 200+ cybersecurity projects across diverse sectors
  • HackTheBox Pro Hacker rank
  • Multiple CTF competition podiums
  • Active security researcher and blogger at sploitony.com
0x education

B.Sc. Cyber Security — EC-Council University (2020 - 2026, Ongoing)

Diploma in Information Technology — Jomo Kenyatta University of Agriculture and Technology (2015 - 2017)

@ links
GitHub LinkedIn inert.fingers-0m@icloud.com
ESC
Enter to open Esc to close