bengo237.sh — Security Portfolio

ONLINE · AVAILABLE

[ Cyber Resilience · Security Operations (SIEM/SOC) ]

whoami

Dylane Bengono

cat role.txt

Information Security Lead | Governance, Risk & Compliance (GRC)

status --check

● ONLINE · AVAILABLE

Hi, There! I'm

Polytechnic Engineer in Cybersecurity & Digital Forensics. CISO (RSSI) at BVMAC. Certified ISO/IEC 27001, CCNP, NSE4, CCT, CPTA v2. Ethical Hacker · CTF Player · OSINT Researcher.

[ FORENSICS ]

tail -f incident.log

Data acquisition, memory & disk forensics, evidence analysis and chain of custody. Incident response, malware triage, threat hunting and OSINT investigations using open-source intelligence techniques.

[ GRC / RSSI ]

sudo cat policy.conf

Design and deployment of Information System Security Policies (ISSP/PSSI). Risk management with ISO 27001/27002/27005, NIST CSF, EBIOS RM and RGPD. SIEM/SOC implementation (Wazuh, Splunk, QRadar), BCP/DRP and security audits.

[ DEVSECOPS ]

kubectl get pods --all

Shift-left security integrated into CI/CD pipelines (Tekton, ArgoCD). Infrastructure as Code with Terraform and Ansible. Container security with Docker and Kubernetes. Cloud hardening on AWS, GCP and Azure.

[ PENTEST ]

nmap -sV --script vuln

Black/grey/white box penetration testing. Reconnaissance, exploitation and post-exploitation with detailed reporting. Vulnerability assessment and remediation on systems, networks and web applications.

[ DEV ]

git log --oneline -5

Security tooling in Python, Bash and Rust. Web development with JavaScript, React and Node.js. Open-source contributions on GitHub — automation scripts, offensive tools and defensive utilities.

followers

following

repos

WHOAMI

Polytechnic Engineer in Cybersecurity and Digital Forensics, Ethical Hacker, certified ISO/IEC 27001 Associate, CCNP, CCT, CSCU, CPTA v2, and NSE4 Fortinet. Currently serving as CISO (RSSI) at BVMAC, with expertise in intrusion testing, incident response, OSINT research, and offensive & defensive security.

Experienced in designing and deploying Information System Security Policies (ISSP), SIEM/SOC solutions (Wazuh, Splunk, IBM QRadar, Snort 3), Business Continuity Plans (BCP/DRP), and security frameworks (ISO 27001/27002/27005, NIST CSF, EBIOS RM, RGPD). Proficient in Terraform, Helm, ArgoCD, Tekton CI/CD, Docker, Kubernetes, and cloud environments (AWS, GCP, Azure).

Laureate of the o'100 OKWELEANS Excellence Program (2023) and Hall of Fame at EC-COUNCIL Cyber Challenge (2022). Passionate CTF player and winner of the 2021 Cybersecurity Experts Olympiad. Committed to continuous learning and advancing cybersecurity.

Download CV

Professional Experience

● Position

2024 – Present

Company: Bourse des Valeurs Mobilières de l'Afrique Centrale | BVMAC

Position: RSSI – Responsable Sécurité des Systèmes d'Information

● Position

2023 – Present

Company: adorsys GmbH & Co. KG

Position: Security Engineer

● Position

2023

Company: Port Autonome de Kribi, PAK

Position: Cybersecurity Engineer Intern

● Position

2022

Company: Délégation Générale à la Sûreté Nationale, DGSN

Position: Pre-Engineer Network Security Intern

Academic Education

◈ Master's Degree

2023

Institution: École Nationale Supérieure Polytechnique de Yaoundé (ENSPY)

Category: Master's Degree – University of Yaoundé I

Title: Master of Engineering, Cybersecurity and Digital Investigation – BAC+5

Certifications

✓ Professional Courses

2026

CASA: Certified API Security Analyst

Institution: APIsec University

✓ Professional Courses

2024

ISO/IEC 27001 Associate

✓ Professional Courses

2024

CCNP – Cisco Certified Network Professional

Institution: Cisco

✓ Professional Courses

2024

CCT: Certified Cybersecurity Technician

Institution: EC-COUNCIL

✓ Professional Courses

2023

CPTA: Certified Purple Team Analyst V2

Institution: CyberWarfare Lab

✓ Professional Courses

2023

Cisco Ethical Hacker

Institution: Cisco Netacad

✓ Professional Courses

2022

NSE4: Network Security Professional

Institution: Fortinet

✓ Professional Courses

2022

CSCU: Certified Secure Computer User V2

Institution: EC-COUNCIL

Awards & Recognition

★ Award

2023

Lauréat – Programme d'Excellence o'100 THE OKWELEANS 3e Édition

★ Award

2022

Hall of Fame – Cyber Challenge

Institution: EC-COUNCIL

★ Award

2021

Lauréat – Olympiades des Experts en Cybersécurité

Institution: AEC-CTF

Category: Capture The Flag

PROJECTS

Python

glpwnme

GLPI vulnerability assessment tool — automated detection of known CVEs and misconfigurations in GLPI instances.

Created on: 25/03/2025

Shell

wazuh-kubernetes

Production-ready Wazuh SIEM deployment on Kubernetes with AWS integration.

Created on: 26/02/2024

Python

CipherBuster

RSA vulnerability analysis tool with automated attack techniques — Wiener, Fermat, common modulus and more.

Created on: 29/07/2024

risqueNumeriqueSI

Cybersecurity risk management framework — PSSI, EBIOS RM, ISO 27001/27005 and regulatory compliance resources.

Created on: 02/12/2024

JavaScript

SNORT-GUI

Blue team companion GUI for Snort IDS — real-time alert visualization and rule management.

Created on: 05/09/2024

wazuh-agent-status

Go application to monitor and report the real-time status of Wazuh agents across the infrastructure.

Created on: 19/08/2024

Dockerfile

snort-docker

Dockerized Snort3 deployment for Network Functions Virtualization — plug-and-play network intrusion prevention.

Created on: 20/03/2024

Shell

keycloak-traefik-letsencrypt-docker-compose

Keycloak IAM with Traefik reverse proxy and Let's Encrypt TLS — full zero-trust identity stack via Docker Compose.

Created on: 29/02/2024

JavaScript

dylane

Personal cybersecurity portfolio built with Next.js and React — showcasing projects, certifications and expertise.

Created on: 11/05/2024

ciso-assistant-community

One-stop GRC platform covering Risk, AppSec and Audit — supports 70+ frameworks: NIST CSF, ISO 27001, SOC2, GDPR, DORA, NIS2, CMMC, PCI DSS and more.

Created on: 30/11/2024

active-directory-verifiable-credentials-dotnet

Entra Verified ID implementation — issuance and verification of verifiable credentials for decentralized identity (Zero Trust).

Created on: 22/06/2025

Elixir

firezone

WireGuard-based zero trust access platform with OIDC authentication, user/group sync and zero firewall configuration.

Created on: 07/03/2024

Shell

wazuh-tools

Operational scripts and utilities for Wazuh SIEM/XDR administrators — streamlining SOC management and automation.

Created on: 25/10/2024

keycloak-ssi-deployment

Keycloak Identity Provider deployment with Self-Sovereign Identity (SSI) integration — decentralized IAM architecture.

Created on: 21/08/2024

ossec-hids

OSSEC open-source HIDS — log analysis, file integrity monitoring, rootkit detection, real-time alerting and active response.

Created on: 30/09/2024

wazuh-helm

Helm chart for deploying Wazuh SIEM at scale on Kubernetes — production-grade security monitoring infrastructure.

Created on: 24/07/2024

Java

sd-jwt

Java library for SD-JWT (Selective Disclosure JWT) — privacy-preserving credential issuance compliant with W3C VC standards.

Created on: 11/07/2024

CISSP-Study-Resources

Curated CISSP study resources covering all 8 domains — governance, risk management, cryptography, network security and more.

Created on: 15/11/2024