I build security tools that turn noisy technical signals into clear, reproducible findings. My work spans phishing detection, vulnerability triage, secure CI/CD, supply-chain hardening, and evidence auditable by maintainers, compliance teams, and security engineers.
The strongest theme across my public work: practical security automation - small, testable, well-documented tools that make risk easier to detect, explain, and act on.
| Evidence | Status | Link |
|---|---|---|
| PhishGuard AI reusable GitHub Action | Published on GitHub Marketplace | Marketplace |
| PhishGuard benchmark improvement | Public-safe recall improved with documented regression evidence | PR #52 |
| PhishGuard Python API guide | Stable import examples with executable documentation tests | PR #53 |
| PhishGuard adoption path | Safe third-party workflow trial and showcase issue template | PR #54 |
| PhishGuard email-auth parser coverage | SPF/DKIM/DMARC parser trust-boundary tests expanded | PR #55 |
| PhishGuard July maintenance | CodeQL, article links, product attribution, and documentation cleanup merged | PRs #60-64 |
| Security tools as GitHub Actions | Added SARIF 2.1.0 and reusable Action support to Secrets Scanner and Log Analyzer | Log |
| BehaviorSense and VulnGPT maintenance | Fixed Windows CLI output crashes and restored passing tests | Log |
| Prowler Amplify secret detection | Prototype for app and branch environment-variable secret scanning | Issue #11817 |
| Security tool portfolio verification | CVE, log-analysis, secret-scanning, behavior, and vulnerability tools tested | Log |
| OWASP Agent Security Regression Harness | Merged upstream contribution | PR #150 |
| OWASP cve-lite-cli | Merged upstream contribution | PR #602 |
| RamenDR ramenctl - GitHub Actions hardening | Merged upstream contribution | PR #466 |
| Prowler cloud security platform | Credited upstream contribution | PR #11098 |
| SecOps-NG Framework | Merged compliance/security mapping | PR #281 |
| SPF, DKIM, and DMARC in Phishing Detection | Published engineering article | Article |
| OWASP Agent Security Batch Validation | Published engineering article | Article |
Full contribution history: Open-Source Activity Log
PhishGuard AI is an explainable offline phishing detection engine for URLs and email with zero external dependencies - safe for local analysis, CI workflows, and security education.
Key capabilities:
- URL, email, redirect, typosquatting, and authentication-signal analysis
- Conservative SPF, DKIM, and DMARC scoring from trusted receiver headers
- JSON and SARIF 2.1.0 output for automation and GitHub Code Scanning
- Zero runtime dependencies
- Stable Python API guide with importable examples covered by tests
- Adoption guide for safe third-party workflow examples and public usage reports
- Public benchmark fixtures, documented model limitations, and dated before/after regression evidence
- Good-first issues and contribution guidance for new contributors
Use it in GitHub Actions:
# Drop into any GitHub Actions workflow:
- uses: omobolajiadeyan/phishguard-ai@v0.5.1|
Behavioral anomaly detection engine for user and IP risk scoring. UEBA-style patterns for insider-threat and account-risk scenarios. |
Threat detection with MITRE ATT&CK mappings, JSON and SARIF output, and a reusable GitHub Action for security operations workflows. |
|
CI-friendly credential and API key scanner with redacted JSON/SARIF output and a reusable GitHub Action for Code Scanning workflows. |
CVE analysis with NVD data and AI-assisted remediation guidance. |
|
Real-time CVE intelligence dashboard pulling live data from the NVD API, with filtering, severity scoring, and trend tracking. |
A cloud-security contribution prototype that scans AWS Amplify app and branch environment variables for possible secrets without exposing secret values. |
AppSec Compliance Bridge (private) - converts appsec scan findings into traceable NIST SP 800-53 control mappings and POA&M evidence.
| Project | PR | Description |
|---|---|---|
| Dependency-Track | PR #6477 | Runtime-backed OpenAPI Finding response schema |
| OpenSSF Scorecard | PR #5098 | Dangerous Workflow detection for committer-controlled Actions contexts |
| cisagov/ScubaGear | PR #2237 | DMARC policy discovery improvements for M365 baseline assessment |
- SPF, DKIM, and DMARC in Phishing Detection: Useful Signals, Not Magic Answers
- From Single Files to Scenario Suites: Batch Validation in the OWASP Agent Security Regression Harness
Open to senior security engineering roles, appsec tooling collaboration, technical advisory, and community work around practical security automation.


