Offensive security for Africa's regulated institutions

IMIZI Cyber is an offensive-security company based in Kigali, Rwanda, serving banks, fintechs, telecoms, government, ministries, healthcare and other regulated institutions across Africa. Our testing is led by an OSCP-credentialled practitioner and BlackHat Europe Arsenal contributor, with hands-on context inside BNR-supervised regulated-enterprise engagements. Every report is evidence-led and written by hand. Today we deliver manual Vulnerability Assessment and Penetration Testing, aligned to BNR supervisory expectations.

  • OSCP and PNPT · Offensive Security
  • BlackHat Europe Arsenal · contributor, London 2023
  • BNR-supervised engagement context · Africa-wide
  • Evidence-led reports, written by hand · no scanner-dumps

Leadership

Aristofanis Chionis Koufakos

Aristofanis Chionis Koufakos

Lead Penetration Tester
OSCPPNPT BlackHat Europe Arsenal

Offensive-security practitioner and founder of IMIZI Cyber. OSCP credentialled, with an MSc in Computer Security from the Technical University of Denmark. Red-team and penetration-testing experience across Tier-1 Nordic banking, pan-African banking, and securities-trading engagements, and a BlackHat Europe Arsenal contributor. Founded IMIZI Cyber to bring manual, evidence-led VAPT to regulated institutions across Africa.

LinkedIn →

How engagements run

We run the work end to end: we scope the engagement, test it by hand, and write the report. No audit-team handoff, no junior-staff output signed off by a managing partner, no scanner-dump PDFs. The person who ran the test writes the findings and the remediation guidance. That is the differentiator, not a constraint: the depth a vendor-list technical reviewer can evaluate before the first call is real methodology depth, evidence-led.

What we deliver

Our focus is manual offensive security: Vulnerability Assessment and Penetration Testing for regulated institutions across Africa. Testing is aligned to BNR supervisory expectations and supplies the technical evidence that PCI DSS, ISO 27001, SOC 2, and SWIFT CSP programmes rely on. Certification and attestation sit with independent assessors; we provide the testing and evidence component that work depends on.

Working with us

Business development and client relationships are handled by a dedicated team member, so the offensive-security work stays with the people doing the testing.

Evalyne Kembabazi

Evalyne Kembabazi

Marketing & Business Development Manager

Evalyne leads business development across Africa: she identifies organisations facing regulatory security pressure, scopes what they need, and runs client relationships from the first conversation to final report delivery. She is usually the first person a prospective client speaks to at IMIZI Cyber.

LinkedIn →

Why Kigali, serving Africa?

Kigali is our home base, at Norrsken House in the heart of the city. As regulated institutions across the continent adopt digital banking, mobile money, and cloud infrastructure, the need for qualified, locally-present security testing is growing fast. We work from here across Rwanda, East and Southern Africa and beyond, delivering hands-on VAPT with local regulatory context and BNR-aligned rigour.

How we support compliance programmes

We deliver manual VAPT and the preparation work a compliance programme depends on: gap preparation against frameworks such as PCI DSS, ISO 27001, and SOC 2, the technical testing evidence those frameworks call for, and remediation guidance until findings close. When an engagement reaches the audit stage, we coordinate independent audit and certification firms through our partner network; the certificate or attestation always comes from an independent third party. The fundamentals do not change: the testing stays manual, the reports stay hand-written, and the audit opinion stays independent.

Work with us

Looking for a VAPT engagement, scoped and reported by the people doing the testing? Book a call to discuss your environment.

Chat on WhatsApp Chat with us