Osama Okunbo
Security Engineer, Immibuddy
Ipswich, United Kingdom
Actions
Osama Okunbo is a Security and Software Engineer who consults with startups and scaleups on cloud-native security, Kubernetes, and compliance. Before working in tech he competed as a professional Judoka and studied Sports Science, eventually transitioning into software engineering through game development before finding his way into cloud security and DevSecOps. He leads security engineering at Immibuddy, a Canadian immigration SaaS platform, and holds consulting clients in fintech and retail. He is the author of Hello Fraud: Why You Feel Like an Impostor in Tech and How to Fix It and holds an MSc in Cybersecurity from the University of Suffolk. He spoke at Manchester Tech Festival 2025 on agentic AI in cybersecurity.
Area of Expertise
Topics
The 4C's of Cloud Native Security: A Layered Defence from Code to Cloud
93% of organisations have at least one overprivileged Kubernetes service account. Most teams bolt on security tools, react to CVEs, and hope for the best because they never learned to think about cloud native security as layers. The Kubernetes documentation defines four of them: Cloud, Cluster, Container, and Code.
In this talk, I'll walk through each layer using real production examples. How enabling AWS Security Hub and GuardDuty revealed blind spots we didn't know existed. Why RBAC misconfigurations and missing network policies are quietly exposing clusters everywhere. How Trivy caught vulnerabilities in base images we'd been shipping for months. And how Semgrep and Gitleaks in our CI/CD pipeline caught a hardcoded API key before it ever hit production.
You'll leave with a practical framework for evaluating your own security posture layer by layer and a set of tools you can start using this week.
Securing Distributed Systems When You're Not a FAANG Company
80% of organisations experienced a cloud security incident last year. Misconfigurations account for nearly 40% of breaches. Non-human identities outnumber humans 45-to-1. The reports are loud and clear, but they're written for companies with dedicated SOCs and six-figure tooling budgets. What about the rest of us?
I run security for a 25-person SaaS company. No SOC, no CNAPP platform, no dedicated security team. Just me. This talk is the honest version of what securing a distributed system on AWS and Kubernetes actually looks like at that scale. I'll cover the three things that moved the needle most: getting cloud posture right with the security tools AWS already gives you but most teams never turn on, locking down identity and access so overprivileged service accounts stop being your biggest attack surface, and building compliance into your workflow so ISO 27001, GDPR and SOC2 stop being a yearly fire drill.
If you're a developer, architect, or team lead at a company that isn't Google and you know your security posture needs work but don't know where to start, this one's for you.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top