KIGALI, RWANDA

Offensive security and penetration testing for regulated organisations

OSCP-certified. Serving banks, telecoms, and government agencies across East Africa and South Africa.

Book a Free Call WhatsApp us Our services

Or take our free security score quiz. 3 minutes, instant results

imizicyber - security assessment
$ imizicyber --scan webapp api mobile
[+] 3 targets queued - manual testing mode
[+] OSCP methodology loaded
$ report --format executive --compliance bnr pci iso27001
[+] Report generated - 14 findings, 3 critical
$
ABOUT

Independent offensive security consultancy, based in Kigali

imizicyber is a registered Rwandan offensive security firm serving banks, government agencies, and enterprises across East Africa and South Africa. We combine hands-on penetration testing with managed security tooling deployment.

Aristofanis Chionis Koufakos, Founder & Lead Penetration Tester
Aristofanis Chionis Koufakos Founder & Lead Penetration Tester OSCP & OSCP+ certified. BlackHat Europe Arsenal presenter. Red team experience at Tier-1 banks across Europe and Africa.
6+Countries served
50+Security engagements
500+Professionals trained
CREDENTIALS
CERT
OSCP and OSCP+ Offensive Security
CERT
PNPT TCM Security
TALK
BlackHat Europe Arsenal Presenter, London 2023
MSc
Computer Security Technical University of Denmark
BSc
Informatics & Telecommunications NKUA
OSS
Google Summer of Code Honeynet Project 2023/2024

Why choose imizicyber

01

OSCP-certified, in Kigali

OSCP and OSCP+ certified penetration tester physically based in Rwanda. Not remote contractors, not scanner output.

02

We build custom tooling

Security validation tools in Python, Go, and JavaScript tailored to your specific APIs and systems.

03

Banking red team experience

Our lead consultant comes from threat-led red team operations at European banks protecting millions of customers.

SERVICES

What we do

Security tooling, testing, and training for East African banks and regulated organisations.

IMIZI Platform

Security tools built for East African banks and regulated organisations. We scan, monitor, and report so you can fix what matters.

IMIZI Monitor External attack surface monitoring
IMIZI Mobile Coming Soon Automated mobile app security analysis
IMIZI Comply Coming Soon Compliance gap assessment & reporting
IMIZI Aware Coming Soon Phishing simulation & awareness training
IMIZI Trust Coming Soon Third-party vendor risk scoring
IMIZI Detect Coming Soon Fraud & insider threat detection
IMIZI Defend Coming Soon EDR intelligence & smart alerting

Consulting Services

Security Testing & Assessments

Penetration testing, vulnerability assessments, configuration audits, and compliance gap analysis by an OSCP-certified consultant. Web apps, APIs, mobile banking, USSD, network, and IoT.

Learn more →

Managed Security

Continuous monitoring, vulnerability management, and cybersecurity advisory as a monthly service. Built for banks and fintechs that need ongoing protection.

Learn more →

Training & Workshops

Hands-on cybersecurity training for employees and IT teams. Security awareness, phishing response, and incident handling.

Learn more →
PROCESS

How we work

From scoping to remediation, we keep it straightforward.

1

Scoping call

We understand your environment, compliance needs, and testing objectives

2

Proposal and SOW

Clear scope, timeline, cost, and rules of engagement within 48 hours

3

Testing

1 to 6 weeks of manual testing with daily status updates on critical findings

4

Report and support

Detailed report with remediation guidance and 30 days of free follow-up

INSIGHTS

From the field

Security insights for regulated organisations in East Africa.

MAR 2026 · 10 MIN READ

AI Fraud Detection in Banks Is an Attack Surface. Most CISOs Are Not Ready. | imizicyber

AI fraud detection models in East African banks are themselves attack surfaces. How adversaries exploit them and what to do about it.

Read more →
MAR 2026 · 11 MIN READ

BNR Cybersecurity Audit Preparation Guide | imizicyber

Step-by-step BNR cybersecurity audit preparation. Timelines, evidence checklists, common deficiencies, and what inspectors actually look for.

Read more →
MAR 2026 · 10 MIN READ

Supply Chain Attacks on African Banks | imizicyber

How supply chain attacks through local software vendors and integrators compromise African banks. Defense strategies, vendor assessment frameworks, and practical checklists.

Read more →
View All Posts →
FAQ

Common questions

Why do banks in Rwanda need penetration testing?
BNR requires regulated financial institutions to maintain cybersecurity programs. Penetration testing finds vulnerabilities in your web apps, mobile banking, APIs, and USSD services before attackers do. It is a core component of BNR compliance.
Do you help with BNR cybersecurity compliance?
Yes. We help banks, microfinance institutions, and insurance companies meet BNR cybersecurity requirements through penetration testing, vulnerability assessments, security audits, and ongoing managed security.
How much does penetration testing cost in Rwanda?
Every engagement is scoped individually based on the number of applications, infrastructure complexity, and testing depth. Contact us with your requirements and we will provide a detailed quote within 48 hours.
What is BNR Regulation on cybersecurity?
The National Bank of Rwanda requires all regulated financial institutions to implement cybersecurity programs including regular vulnerability assessments, penetration testing, incident response plans, and security awareness training. We help organisations meet these requirements.
What certifications does your lead consultant hold?
Certifications: OSCP and OSCP+ (the gold standard in penetration testing), PNPT (TCM Security). Speaking: BlackHat Europe Arsenal 2023. Physically based in Kigali, Rwanda.
How often should banks do penetration testing?
BNR requires at minimum annual penetration testing for supervised institutions, and after any significant infrastructure or application changes. For critical systems like mobile banking and payment APIs, quarterly testing is industry best practice.
What is the difference between VAPT and penetration testing?
VAPT combines automated vulnerability scanning with manual penetration testing. Vulnerability assessment identifies weaknesses using tools. Penetration testing goes further by manually exploiting vulnerabilities to demonstrate real business impact. We do both.
Do I need ISO 27001 certification in Rwanda?
ISO 27001 is not legally mandatory in Rwanda but is increasingly required by international partners, investors, and clients. BNR encourages ISO 27001 alignment for financial institutions. We help organisations prepare through gap analysis and security improvements.
Do you offer cybersecurity training for employees?
Yes. We deliver security awareness training for all staff levels, from executive briefings to hands-on technical workshops for developers and IT teams. Training covers phishing recognition, secure coding practices, incident response procedures, and BNR compliance requirements. Available on-site in Kigali or remotely across East Africa.
Do you work with organisations outside Rwanda?
Yes. We are based in Kigali but deliver engagements across East Africa, including remote assessments. Our lead consultant has worked in offensive security roles in Denmark and the UAE, and has delivered penetration testing engagements in multiple African countries.
COMPLIANCE

BNR requires regular security assessments. Is your institution compliant?

Your next audit could be weeks away. Get a free 30-minute scoping call to identify compliance gaps before your regulator does.

Book a Free Call WhatsApp us now
CONTACT

Get in touch

We respond within 24 hours.

Email
Loading...
Phone
+250 793 146 617
Location
Kigali, Rwanda
Entity
IMIZI Cyber Consulting Ltd
Book a free 30-min call WhatsApp for immediate response

Request a consultation