Most developers think in terms of systems. Most analysts think in terms of risk. Mariam Sanusi has built her career balancing both. It’s not an easy act, writing code that powers live systems while also dissecting other people’s code to detect blind spots. Yet that’s exactly where she thrives.
In her work, engineering and evaluation are not separate tasks; they’re inseparable perspectives that inform one another. Her dual role as both a cybersecurity analyst and IT developer has made her one of the few professionals capable of building secure systems and judging them with equal clarity.
In a recent internal initiative, she was tasked with reviewing and validating security tools developed across different product teams. These tools, often created by developers with limited exposure to compliance standards, were meant to automate checks like dependency scanning, access control validation, and configuration drift detection. But their inconsistent quality posed a hidden risk, not just of technical failure, but of false confidence in systems that weren’t actually secure.
She approached the evaluation with the mind of a builder and the scrutiny of an auditor. Instead of simply flagging issues, she rewrote flawed logic, offered architectural alternatives, and helped teams understand the principles behind her reviews. The tools that passed her inspection were built to withstand compliance audits and withstand production stress.
Her feedback loop didn’t stop at code. She worked closely with engineering leads to integrate secure defaults into continuous integration pipelines, so tools would be tested and validated automatically with every code push. This not only reduced manual QA workload but drastically improved incident prevention. Systems under her oversight began shipping with fewer vulnerabilities and clearer audit trails; resulting in smoother reviews, faster approvals, and higher team confidence.
One of the more visible outcomes of this work was the organization’s improved audit readiness. With Mariam’s vetted tools in place, compliance teams were able to map security functions to policy requirements without extra layers of manual verification. Auditors reported a 40% improvement in documentation accuracy, and technical teams reported fewer last-minute fixes before quarterly reviews.
She saw the role of a technical reviewer as elevating standards across the board. Her peers often describe her reviews as sharp but constructive, guided by the belief that developers don’t just need oversight; they need clarity and collaboration. By pairing her engineering background with a risk-based lens, she’s helped shape a culture where security is treated not as a checklist, but as a shared language.
Armenian Dram
Ghana Cedi
Gambian Dalasi
Guinea Franc
Nigerian Naira
CFA Franc BEAC
