LEWIS SAWE
About
AWS Security Specialty certified professional who monitors threats, responds to incidents, and builds detection workflows.
I built the entire security posture for multiple SME clients from nothing: monthly assessments, IDS deployment, incident response procedures, endpoint protection. Zero security incidents since the audit.
Before that, I recovered a client from ransomware without paying a cent. Restored critical systems under pressure. Trained non-technical staff to recognize phishing.
I train on TryHackMe and HackTheBox to stay sharp. SOC Level 1 & 2 certified, completed the HTB SOC Analyst path. The work is real: Splunk queries, MITRE ATT&CK mapping, log analysis, malware triage.
"name": "Lewis Sawe" "location": "Kenya (UTC+3)" "clearance": "AWS Security Specialty" "threat_level": "to adversaries: HIGH" "focus": [ "Threat Detection", "Incident Response", "Cloud Security", "Network Defense" ] "status": "ACTIVE"
Arsenal
SIEM & Detection
- Splunk
- ELK Stack
- CloudWatch / CloudTrail
- GuardDuty
- Wireshark
- Windows Event Logs
Incident Response
- MITRE ATT&CK Framework
- Threat Hunting
- Malware Analysis
- Digital Forensics
- Log Analysis
- Incident Triage
Network Security
- Firewalls / IDS / IPS
- VPN / VLAN Segmentation
- Packet Analysis
- Network Monitoring
- Endpoint Protection
- Vulnerability Assessment
Cloud Security
- AWS IAM / Security Groups
- CloudTrail / VPC Flow Logs
- Security Hub / Config
- KMS / Secrets Manager
- Container Security
- Infrastructure as Code
Scripting & Automation
- Python
- Bash
- Detection Rule Authoring
- Log Parsing
- Automated Alerting
- Security Orchestration
Systems
- Linux Administration
- Windows Server / AD
- Docker
- Prometheus / Grafana
- Git / CI/CD Security
- Terraform
Experience
Network & Systems Administrator
Eloho- Built security monitoring and incident response workflows from scratch
- Monthly security assessments with enforced remediation timelines
- Deployed endpoint protection, IDS, firewall rules, network security policies
- Handled real incidents: brute force via IDS, compromised accounts, USB control
- Zero security incidents across all client environments since audit
IT Support Technician
Elpris Kenya- Multi-layered security frameworks across 15 independent client sites
- Ransomware recovery: isolated, assessed, restored from backup, hardened
- Automated alerting for suspicious activity detection
- 95% resolution rate, zero client churn
DevOps Intern
HNG Internship (Remote)- Security-first IAM policies and network segmentation on AWS
- CI/CD pipelines with security gates and automated testing
- Reduced AWS costs ~33% through right-sizing and usage analysis
IT Intern
United Nations Office at Nairobi- 500+ users supported under UN enterprise security standards
- 100% network uptime for critical operations
- Enterprise access controls, data protection, compliance
Projects
Kadi
Won Incident Response category. Full observability: Prometheus, Grafana, Alertmanager. 0% error rate at 500 concurrent users.
ChamaPesa
Security lead on 6-person team. Threat modeling, secure architecture, secrets management.
Guardian
Security monitoring and protection system. Automated threat detection and alerting.
Prisma Cloud DevSecOps
Infrastructure security scanning, policy-as-code, compliance automation.
Agent Containment Protocol
Automated containment and isolation for compromised systems.
Incident Runbook
Structured IR procedures for SOC teams. Standardized response playbooks.
Writeups & Certs
CTF Walkthroughs
Certifications
Let's Talk
Security
Open to SOC Analyst, Security Engineer, and Cybersecurity roles.