MUHAMMED CAMARA

IT Risk & Cybersecurity Engineer · Software Developer · Penetration Tester
📍 Tallinding, KM, The Gambia
📞 (+220) 3243033
✉️ c3m2r4@gmail.com
🔗 github.com/c3m2r4
💼 linkedin.com/in/muhammed-camara-2227352a5
"Be the change that you want to see in the world."

Professional Summary

Cybersecurity and IT Risk professional with hands-on experience securing banking infrastructure, performing advanced penetration testing, and integrating security into software development lifecycles. Proven ability to reduce enterprise vulnerabilities, secure APIs and mobile applications, and align security operations with NIST, ISO 27001, and GDPR. Strong background in DevSecOps, threat detection, and system architecture, with practical experience building enterprise-grade security labs, Active Directory attack simulations, and AI-assisted security workflows. Recognized for delivering high-impact, real-world security solutions across enterprise and consulting environments.

Core Competencies

Security & Testing

  • Penetration Testing & Ethical Hacking
  • Vulnerability Assessment & VAPT
  • API & Mobile Application Security
  • Network Security & Protocol Hardening
  • Active Directory Security
  • SIEM & Threat Detection

Tools & Technologies

  • Nessus, Burp Suite, OWASP ZAP
  • Metasploit, BloodHound, MobSF
  • Wazuh, Security Onion, Prometheus
  • Linux, Windows Server, Active Directory
  • Docker, Git, REST APIs
  • Ollama (Local AI Deployment)

Development & Infrastructure

  • Laravel, Node.js, Express.js, React
  • PHP, JavaScript, Python, Bash
  • MySQL, Redis, Apache, Nginx
  • DevSecOps & CI/CD Integration
  • System Hardening & Configuration
  • Compliance: NIST, ISO 27001, GDPR

Professional Experience

IT Risk & Cybersecurity Officer
Bloom Bank Africa Gambia Limited
Mar 2025 – Present
  • Conduct enterprise-wide vulnerability assessments across 70+ systems, identifying and prioritizing critical risks
  • Reduced exposure to critical vulnerabilities through structured remediation tracking and risk-based prioritization
  • Perform API and mobile application security testing, including reverse engineering and cryptographic analysis
  • Develop System Security Plans (SSP) aligned with ISO 27001, NIST CSF, and GDPR frameworks
  • Implement IT risk exception tracking and remediation workflows
  • Collaborate with IT, developers, and management to enforce secure configurations and access control systems
Software Developer
The Web Way · Gambia
Nov 2023 – Present
  • Designed and implemented RESTful APIs using Raw PHP, Express.js, and Laravel
  • Developed responsive, user-friendly front-end interfaces using React, Bootstrap, HTML5, CSS, and SASS
  • Integrated comprehensive cybersecurity measures, including encryption and vulnerability assessments
  • Administered Linux servers, ensuring high availability, performance, and secure configurations
  • Collaborated with teams to deliver innovative technical solutions aligned with client requirements
Cybersecurity Analyst
Gambia Cybersecurity Alliance
Feb 2022 – Present
  • Implemented and maintained cybersecurity measures to protect enterprise systems
  • Conducted penetration testing, vulnerability assessments, and security audits
  • Provided Linux system administration support including server configuration and monitoring
  • Engaged in continuous learning and knowledge sharing on emerging threats and mitigation strategies
DevSecOps Consultant
Self-Employed
Jan 2024 – Present
  • Integrated security into DevOps pipelines, orchestrated containerized deployments, and automated compliance checks
  • Implemented secure CI/CD workflows and infrastructure-as-code security practices
Freelance Penetration Tester
Self-Employed
June 2019 – Present
  • Conduct web, mobile, cloud, and hardware security assessments for clients
  • Identify vulnerabilities, provide detailed risk reports, and recommend mitigation strategies
  • Assist organizations in strengthening security posture through targeted testing and advisory services

Key Projects

Mobile Banking Application Security Assessment
  • Conducted full security assessment of a banking mobile application
  • Identified vulnerabilities in authentication, permissions, and encryption
  • Performed static and dynamic analysis using MobSF and runtime instrumentation
  • Delivered technical and executive-level security reports
Banking API Security Testing Environment
  • Performed penetration testing on staging banking APIs
  • Tested authentication, data exposure, and injection vulnerabilities
  • Provided remediation guidance aligned with secure coding practices
Active Directory Penetration Testing Lab
  • Designed and deployed a simulated enterprise Active Directory environment
  • Conducted enumeration, privilege escalation, and lateral movement scenarios
  • Used BloodHound to map attack paths and identify misconfigurations
  • Provided remediation strategies for securing AD infrastructure
Local AI Security Assistant (Ollama-Based)
  • Built a locally hosted AI system using Ollama for cybersecurity workflows
  • Used AI for vulnerability report summarization, log analysis, and documentation generation
  • Enabled secure, offline processing of sensitive data
Career Development Community (CDC) Platform
cdcommunity.org
  • Developed a full-stack platform using Laravel + Statamic CMS
  • Built features including course management, dashboards, and analytics
  • Implemented access control, caching, and performance optimization
WWCG Consulting & Training Platform
  • Designed and developed a scalable consulting platform for WorldWell Consulting Group
  • Implemented client portals, training systems, and consultation workflows
  • Built secure architecture using Laravel, MySQL, and Redis
  • Integrated monitoring, logging, and DevSecOps practices

Enterprise Home Lab & Security Engineering

Designed and maintained a personal enterprise-grade cybersecurity lab simulating real-world enterprise environments:

  • Security Monitoring & SIEM: Deployed Wazuh for endpoint monitoring and threat detection; implemented Security Onion for network intrusion detection
  • Monitoring & Observability: Built monitoring pipelines using Prometheus; designed dashboards with Grafana; deployed Uptime Kuma for service monitoring
  • Active Directory & Offensive Security: Built Windows Server-based Active Directory lab environment; performed enumeration, privilege escalation, and lateral movement simulations; used BloodHound for attack path analysis
  • AI Integration & Automation: Deployed local AI models using Ollama; integrated AI into security workflows for analysis and reporting
  • Infrastructure & DevSecOps: Built Linux-based environments with web servers, APIs, and databases; implemented system hardening, segmentation, and secure configurations

Extracurricular Activities

CORE MEMBER · Terminal Titans (Underground Hacker Team)
Gambia · Sept 2023 – Present
  • Gained expertise in penetration testing, especially targeted on web application and software security
  • Participated in multiple hacking competitions and qualified for international events
  • Held several hacking competitions for community engagement and knowledge sharing
MEMBER · GSCA (Hacking & Security Research Group)
Gambia · Jun 2023 – Present
  • Gained expertise in hardware hacking and penetration testing on devices including wireless routers, smartphones, CCTVs, and set-top boxes
  • Trained aspiring cybersecurity professionals on hacking techniques from basic to advanced levels with ethical guidelines
  • Hosted annual Hacking Camp for community education and skill development

Honors & Awards

2023 – Qualified, ECOWAS CTF INTERNATIONAL Hacking Competition World Final · Togo
2021 – 1st Place, ECOWAS CTF National Hacking Competition · Gambia

Certifications & Training

2024 – Google Cybersecurity Professional Certification (Completed)
2024 – Computing Science Level 4 (ATheC) (Completed)
2025 – Computing Science Level 5 (ATheC) (In Progress)
2026 – Computing Science Level 6 (ATheC) (Planned)
2023 – Data Science Bootcamp (Completed)

Languages

English
Fluent
Wolof
Fluent
Mandinka
Fluent

Last Updated: June 2026 | For inquiries: c3m2r4@gmail.com | github.com/c3m2r4