Thato Aphane

Senior Infrastructure and Security Engineer | Netsurit (Nov 2023 – Present)

Design and implement secure network and cloud architectures, integrate security into engineering workflows, and lead incident response and compliance activities.

• Design and implement secure network architectures (firewalls, IDS/IPS, micro-segmentation) and SIEM solutions.
• Integrate automated security testing into CI/CD pipelines (Jenkins, GitLab CI, GitHub Actions) including SAST, DAST and dependency scanning.
• Lead incident response, forensic analysis, and remediation while minimising business impact.
• Manage IAM systems and conditional access policies to enforce least-privilege and strong authentication.
• Ensure compliance with POPIA, PCI DSS and ISO 27001; develop policies and run internal audits.
• Azure expertise: Security Center/Defender for Cloud policies, Key Vault, NSGs, conditional access, and M365 security (Exchange, SharePoint, Teams).

Senior Cloud Security Analyst / Pen Tester | Jinjer.co.za (May 2021 – Oct 2023)

Led penetration testing and security assessments for infrastructure, applications, and physical security, with focus on automation and methodology improvement.

• Executed network, web and mobile penetration tests, social engineering and physical security reviews.
• Developed custom exploits, scripts and automation to support continuous security assessments.
• Authored rules of engagement, security standards and automation for repeatable testing.
• Performed code reviews and worked with developers to validate and remediate vulnerabilities.
• Technologies: Metasploit, Burp Suite, Nessus, Wireshark, Kali Linux, Python, Bash.

IT Security Specialist | Johannesburg City Parks & Zoo (Aug 2017 – Mar 2023)

Implemented and administered enterprise security solutions across on-prem and cloud environments, with focus on IAM, compliance, and security operations.

• Designed and administered identity platforms (Active Directory, Azure AD), group policy and IAM tooling.
• Performed ethical hacking and managed EDR/anti-malware and SIEM solutions.
• Implemented security controls including PKI, RADIUS, LDAP, SAML/OAuth, MFA, PAM and Zero Trust.
• Azure/M365: Defender for Cloud, Key Vault, NSGs, conditional access, Exchange Online Protection, Teams security.

IT Senior Analyst | Webhelp SA Outsourcing (Mar 2014 – May 2017)

Day-to-day monitoring, investigation and response to cybersecurity alerts; automation of processes and vulnerability management.

• Operated anti-malware and vulnerability management tooling (McAfee, Symantec, Nessus, Qualys).
• Managed incident response, access reviews and security awareness initiatives.
• Supported penetration testing, policy enforcement and security standards.

Systems Administrator | LDS Church Corporate (Dec 2008 – Mar 2012)

Managed systems administration including configuration, performance tuning, and ITIL-based processes.

• Windows Server, Cisco networking and VMware administration; supported ITIL processes.
• Network device configuration and developer workstation optimization.

Azure Zero-Trust Enterprise Rollout

Outcome: Blocked 80% of identity attacks, boosted MFA adoption to 98%. Deployed a Zero-Trust identity & access model using Conditional Access, MFA, and Identity Governance. Integrated Defender for Cloud with a Sentinel SOC.

Multi-Cloud Red Team Engagement

Outcome: Discovered a critical privilege escalation chain in a fintech environment. Executed a phishing simulation to gain an EntraID foothold, exploited misconfigured IAM for lateral movement, and established cloud persistence.

CI/CD Security Automation Framework

Outcome: Cut vulnerability remediation cycle by 60%. Automated SAST, DAST, IaC scanning, and secrets detection within GitHub and GitLab pipelines.

AI-Assisted Threat Detection Lab

Outcome: Prototyped an LLM-augmented SOC for advanced threat detection. Researched and developed methods for automated intelligence parsing and adversarial prompt protection.