Application Security Engineer
I Break Things.Build Things.Teach Security.
I'm Ezinne Kalu (Ayy-zee-nayy) — Application Security Engineer, Researcher, Builder, and Speaker.
I help organizations find security weaknesses before attackers do, build products that solve real problems, and teach people how modern security actually works.
About
Security Is What I Do. Building Is Who I Am.
I didn't start in cybersecurity.
I spent years studying medicine before realizing I was more fascinated by systems than symptoms. That curiosity led me into software engineering, then into security — where I found the perfect intersection of problem-solving, creativity, and impact.
Today I work across application security, penetration testing, API security, threat modeling, DevSecOps, and security research. I hold industry certifications including SANS GWEB, CompTIA CASP+, and certifications in DevSecOps, threat modeling, container security, and cloud-native security. I also work at the intersection of AI and security — exploring how large language models introduce new attack surfaces and how they can be used to accelerate security engineering.
I've helped organizations identify vulnerabilities before they became incidents, built open-source tools, spoken at security events, and taught aspiring security professionals across Africa and beyond.
When I'm not working on security, I'm building products, researching startup ideas, playing chess, or exploring ways technology can create leverage.
What I Do
What I Spend My Time On
Security Engineering
- Application Security
- Penetration Testing
- Threat Modeling
- Secure Code Review
- DevSecOps Pipelines
- Cloud-Native Security
Security Research
- Bug Bounty Hunting
- API Security Research
- AI & LLM Security Research
- Vulnerability Discovery
- The Vulnerability Conditions Framework
- Security Writing
Building Products
- Developer Tools
- AI-Powered Security Tools
- Authentication Systems
- Security Platforms
- Automation Workflows
- Open Source Tools
Teaching & Community
- Conference Speaking
- Mentoring
- Technical Writing
- Security Education
- CyberSafe Foundation
Signature Methodology
The Vulnerability Conditions Framework
Most people think about web vulnerabilities as isolated bugs. I think about them as conditions.
Every exploitable vulnerability requires a specific set of preconditions to exist — missing authentication, unsafe deserialization, unchecked input, broken trust boundaries. When you learn to identify conditions rather than hunt for bug patterns, your coverage improves dramatically.
This framework is my signature methodology for application security assessments, threat modeling, and security research.
Career
A Few Stops Along The Way
President, CyberGirls Alumni Community
Leading the alumni network of Africa's largest women-in-cybersecurity program. CyberGirls Alumni
Systems Development Engineer
Building and supporting critical infrastructure and automation systems at scale.
Application Security Engineer
Security assessments, threat modeling, code reviews, and vulnerability research across modern web applications and APIs.
Security Researcher
Independent vulnerability discovery through bug bounty programs and original research.
Software Engineer
Backend systems, APIs, and automation platforms — before transitioning fully into security.
Medical School
Learned how to think critically, analyze complex systems, and solve difficult problems under pressure. Turns out those skills transfer well to security.
Work
What I've Built
CyberGirls Letters
Recommendation letter ticketing system for CyberSafe Foundation alumni. Replaces lost email threads with a proper request and assignment workflow.
Electricity Global
An interactive visualization of global electricity generation and distribution by country and energy source.
eztax
Tax calculation and reference tool for Nigerian professionals.
termclean
A CLI tool for terminal cleanup and environment hygiene.
Authentication Gateway
Passkeys, SSO, access control, and identity infrastructure for modern applications.
DailyCatch
Transforms WhatsApp messages into structured, searchable knowledge automatically.
Writing
Research, Notes & Lessons
I write about security engineering, security research, startup building, and systems thinking.
Topics I cover:
Speaking
Speaking
I deliver talks on application security, API security, vulnerability discovery, and practical security engineering. My goal is to make complex security concepts understandable and actionable — especially for engineers who didn't come up through a traditional security path.
Previous talks include:
- → Postman for API Security
- → Data Privacy in Modern Applications
- → Introduction to Bug Bounty Hunting
Topics available:
Life
Beyond Security
Outside work I play chess competitively, read obsessively across disciplines, stay active, travel whenever possible, and spend a lot of time thinking about startups and building things that are actually useful.
“Curiosity compounds. The best opportunities usually come from following interests long enough to become uncommon expertise.”
Contact
Let's Connect
Whether you're looking for a security engineer, speaker, collaborator, or just want to talk security — I'd love to hear from you.