Leadership
Aristofanis Chionis Koufakos
Lead Penetration TesterOffensive-security practitioner and founder of IMIZI Cyber. OSCP credentialled, with an MSc in Computer Security from the Technical University of Denmark. Red-team and penetration-testing experience across Tier-1 Nordic banking, pan-African banking, and securities-trading engagements, and a BlackHat Europe Arsenal contributor. Founded IMIZI Cyber to bring manual, evidence-led VAPT to regulated institutions across Africa.
LinkedIn →How engagements run
We run the work end to end: we scope the engagement, test it by hand, and write the report. No audit-team handoff, no junior-staff output signed off by a managing partner, no scanner-dump PDFs. The person who ran the test writes the findings and the remediation guidance. That is the differentiator, not a constraint: the depth a vendor-list technical reviewer can evaluate before the first call is real methodology depth, evidence-led.
What we deliver
Our focus is manual offensive security: Vulnerability Assessment and Penetration Testing for regulated institutions across Africa. Testing is aligned to BNR supervisory expectations and supplies the technical evidence that PCI DSS, ISO 27001, SOC 2, and SWIFT CSP programmes rely on. Certification and attestation sit with independent assessors; we provide the testing and evidence component that work depends on.
Working with us
Business development and client relationships are handled by a dedicated team member, so the offensive-security work stays with the people doing the testing.
Evalyne Kembabazi
Marketing & Business Development ManagerEvalyne leads business development across Africa: she identifies organisations facing regulatory security pressure, scopes what they need, and runs client relationships from the first conversation to final report delivery. She is usually the first person a prospective client speaks to at IMIZI Cyber.
LinkedIn →Why Kigali, serving Africa?
Kigali is our home base, at Norrsken House in the heart of the city. As regulated institutions across the continent adopt digital banking, mobile money, and cloud infrastructure, the need for qualified, locally-present security testing is growing fast. We work from here across Rwanda, East and Southern Africa and beyond, delivering hands-on VAPT with local regulatory context and BNR-aligned rigour.
How we support compliance programmes
We deliver manual VAPT and the preparation work a compliance programme depends on: gap preparation against frameworks such as PCI DSS, ISO 27001, and SOC 2, the technical testing evidence those frameworks call for, and remediation guidance until findings close. When an engagement reaches the audit stage, we coordinate independent audit and certification firms through our partner network; the certificate or attestation always comes from an independent third party. The fundamentals do not change: the testing stays manual, the reports stay hand-written, and the audit opinion stays independent.
Work with us
Looking for a VAPT engagement, scoped and reported by the people doing the testing? Book a call to discuss your environment.