// Nairobi, Kenya

Geoffrey
Kiuna

IT Support & Security Compliance Specialist

Cybersecurity practitioner with hands-on experience in GRC frameworks, SOC 2 compliance, IT support, and network operations. Passionate about building secure, resilient systems and helping organisations navigate risk.

View GRC Projects Get In Touch
Geoffrey Kiuna

// Background

Resume

Work Experience

IT Support & Security Compliance Specialist
Nexuscale AI (10xEngage Inc) — Remote, Dover DE
Sep 2025 – Mar 2026
Served as Information Security Officer, building the company's full SOC 2 compliance program from scratch. Managed customer support via Intercom, coordinated bug escalation with the dev team, wrote technical blogs, and supported product demos and subscriber onboarding.
IT Support Agent & Field Technician (Volunteer)
WEON Networks — Nairobi, Kenya
Aug 2024 – Present
Provided L1 customer support for a WiFi ISP — triaging connectivity complaints, managing tickets, and coordinating field technicians. Currently volunteering with the field team on broadband installation and on-site network troubleshooting.
Cybersecurity Analyst – Ethical Hacking
CyberShujaa — Nairobi, Kenya
May 2025 – Aug 2025
Completed an intensive hands-on apprenticeship in ethical hacking and offensive security, conducting penetration testing exercises and producing detailed vulnerability reports.
Technical Support Specialist
Nammy International Travel — Nairobi, Kenya
Jul 2021 – Jul 2024
First point of contact for technical queries. Diagnosed issues, maintained documentation, and collaborated with internal teams to improve resolution processes.
Customer Support Specialist
Pamatech Global Solutions — Remote
Apr 2020 – Jun 2021
Delivered first-line technical assistance for software systems, tracked issues via case management tools, and trained clients on platform usage.

Education

BSc Agribusiness Management
University of Nairobi
2014 – 2018 | 2nd Class Upper
CompTIA Security+ Bootcamp
Moringa School
Aug 2024 – Jan 2026
Cisco Ethical Hacking
Cisco Networking Academy / USIU-Africa
May – Aug 2025

Certifications

  • CompTIA Security+ (SY0-701) — Jan 2026
  • Cisco Certified Ethical Hacker — Aug 2025
  • Google IT Support Professional — Jun 2025
  • Intercom Academy Certificate — Mar 2026
  • AI Career Essentials — ALX Africa, Nov 2024
  • Introduction to Cybersecurity — Cisco
  • Networking Basics — Cisco
  • System Administration & IT Infrastructure — Google

Key Skills

SOC 2 Compliance ISO 27001 NIST SP 800-61 Risk Assessment Incident Response Vendor Risk GRC Frameworks IT Support L1/L2 Network Troubleshooting Ethical Hacking Penetration Testing Vulnerability Assessment Intercom Python Bash AWS

// Governance, Risk & Compliance

GRC Project Portfolio

As part of building the security foundation for Getaki Tech Solutions, I designed and authored a complete GRC framework from the ground up — covering policy development, risk management, incident response, data governance, and vendor compliance. All documents are mapped to SOC 2, ISO 27001, NIST, and GDPR.

🛡️
SOC 2 Compliance Program
Designed and authored a comprehensive SOC 2 Type I compliance program covering all Trust Services Criteria. Includes the full policy library, code of conduct, NDA templates, and background verification framework.
SOC 2 TSC AICPA ISO 27001
  • Information & Data Classification Policy
  • Employee Code of Conduct
  • Employee NDA Template
  • Background Verification (BGV) Tracker
  • Physical Access & Visitor Management
  • Fire Safety & Compliance Documentation
View Documents ↗
⚠️
Risk Management Framework
Built an end-to-end risk management system including a formal Risk Assessment Policy, a quantitative Risk Scoring Matrix (Likelihood × Impact), a live Risk Register, and documented treatment strategies for each identified risk.
NIST SP 800-30 ISO 27001 6.1.2 SOC 2 CC3 COSO ERM
  • Risk Assessment Policy
  • Risk Assessment Report
  • Risk Register (with scoring matrix)
View Documents ↗
🚨
Incident Response Program
Developed a formal Incident Management Policy and detailed Procedure aligned to the NIST SP 800-61 four-phase lifecycle. Includes severity classification matrix, escalation paths, platform-specific response guides, and post-incident review templates.
NIST SP 800-61 SOC 2 CC7.4 ISO A.5.24–A.5.27
  • Incident Management Policy
  • Incident Management Procedure
  • Incident Report Template
View Documents ↗
🗄️
Data Governance Suite
Created a complete data governance framework covering classification, retention, breach notification, and backup/recovery. Defines handling requirements across four classification tiers and maps controls to GDPR, CCPA, and SOC 2 criteria.
GDPR CCPA SOC 2 CC6/CC8 NIST SP 800-88
  • Data Classification Policy
  • Data Retention Policy & Matrix
  • Data Breach Notification Policy
  • Backup & Recovery Policy
  • Data Recovery Test Log
View Documents ↗
🤝
Vendor & Third-Party Risk Management
Assessed and documented the security posture of third-party cloud vendors (AWS, Stripe, DigitalOcean) against SOC 2 Trust Services Criteria. Built a Contractor Access Control Register with offboarding checklists and periodic access review logs.
SOC 2 CC9.2 ISO A.5.19 PCI DSS
  • Vendor Compliance Review (AWS, Stripe, DigitalOcean)
  • Contractor Access Control Register
  • Client Contract, SOW & SLA Templates
View Documents ↗
🔄
Change Management Policy
Authored a formal Change Management Policy establishing the framework for controlling modifications to production environments. Defines the full change lifecycle, separation of duties requirements, emergency change procedures, and documentation standards.
SOC 2 CC1.3 SOC 2 CC8.1 ISO A.8.32
  • Change Management Policy v1.3
View Document ↗

// Technical Work

Technical Projects

🔍
Network Traffic Analysis Tool
Python-based tool to capture and analyze network packets, flagging anomalous traffic patterns for security review.
Python Scapy Wireshark
View on GitHub ↗
📋
Incident Response Playbook
Structured incident response guide for SMEs covering detection, containment, eradication, and recovery phases for common attack scenarios.
NIST 800-61 Documentation SME Security
View on GitHub ↗
🛠️
Vulnerability Scanner
Automated scanner designed to detect outdated software versions and common misconfigurations across networked systems.
Python Bash Nmap
View on GitHub ↗

// Hands-On Practice

Lab Challenges

SQL Injection Lab
Exploit and mitigate SQL injection vulnerabilities
Manual payload testing + automated scanning
SQLmap Burp Suite
Key Takeaway
Importance of parameterised queries and prepared statements in preventing injection attacks.
Web Application Penetration Test
Identify OWASP Top 10 vulnerabilities
Black-box testing with manual validation
OWASP ZAP Nmap Burp Suite
Key Takeaway
Defence in depth — layered security controls significantly reduce the blast radius of any single vulnerability.

// Let's Connect

Get In Touch

Open to GRC Analyst, IT Support, Security Compliance, and Customer Success roles. Always happy to connect.

geoffreykiuna071@gmail.com
LinkedIn ↗ GitHub ↗ Blog ↗