BIO
My Story
I am a seasoned cyber security professional with 6 years of experience in dedicated security roles and 15 years of experience in the IT industry at large. I have a solid foundation of knowledge and experience across a broad range of domains covering both technical and governance functions of cyber security and privacy that allows me to provide consistent, effective, and measurable risk and compliance based outcomes to organizations and agencies with a variety of risk appetites, security postures, and threat models.
In my role as a security specialist I have been an integral part in strategic decision making at an organization level, regularly engaging with key stakeholders to communicate complex and nuanced security and privacy concepts and provide the necessary technical, compliance, and risk context to facilitate meeting business objectives.
My career has been defined by my ability to rapidly learn new technologies and concepts and to take a proactive role in identifying gaps and solving problems and as such I believe I would be an asset to any organization.
SKILLS
What I bring to the table
CLOUD SECURITY AND CLOUD ARCHITECTURE
Cloud Security Architecture
Azure Defender/Security Center
M365 Identity
Azure Sentinel
DevSecOps and MS SDL
SOFT SKILLS
Communication of complex security concepts
Service creation and support establishment
Process creation
Strategic planning
Leadership and Mentoring
NETWORK SECURITY AND SOE
Network engineering
Windows and Linux SOE
XDR/EDR and HIDs (Defender/OSSEC/Wazuh)
Incident response and DFIR
IDS/IPS and WAF (Fortinet, Checkpoint, Azure)
GOVERNANCE, RISK, AND COMPLIANCE
Information Security Governance
Compliance Management
Risk Management
Requirements Management
Security Architecture and Design
Risk and maturity Assessment
DEVOPS
Languages - Python, JS, Java, C#, PHP, Perl, Powershell, bash.
Frameworks - React, Flask.
DevOps - Azure Pipelines, GitHub Actions.
DevSecOps - OWASP Zap, Snyk, secret-scanner, nikto2, testssl, sqlmap, custom audit pipelines.
STANDARDS AND FRAMEWORKS
PSR/NZISM
ASD Essential 8
NIST CSF
GCIO 105/CRA Toolkit
ISO31000
AoG Risk Assessment Process
PROFESSIONAL EXPERIENCE
My journey
SENIOR SECURITY SPECIALIST
2020-2021
A technical leadership role in the security space with a heavy emphasis on Governance, Risk, Compliance as well as Security Operations and design/architecture.
SENIOR SECURITY ENGINEER
2016-2020
A role covering multiple domains of enterprise cyber security including leadership and mentoring, technical implementation and integration, and developing standards, policies, and procedures for secure network and infrastructure implementations.
NETWORK AND SECURITY ENGINEER
2014-2016
A highly focused technical role involving the end to end management of network and network security appliances for both internal and customer networks.
INTERMEDIATE INFRASTRUCTURE ENGINEER
2011-2014
Infrastructure managed services with a heavy emphasis on data center operations in a Microsoft environment.
SERVICECENTRE/SUPPORT ANALYST
2007-2009
Level 1 support operator for a large NZ MSP. This role involved working directly with users to solve problems.
SENIOR TECHNICAL SUPPORT PERSON
2006-2007
As a senior technical support person, I was the primary technical engineer responsible for configuring eftpos terminals for commercial customers.
PROJECT SHOWCASE
Cool stuff I’ve Done
EDUCATIONAL BACKGROUND
What I’ve Learned
OSCP (OFFENSIVE SECURITY CERTIFIED PROFESSIONAL)
2013
A practical qualification, the OSCP includes a grueling 24 hour live test combined with a reporting requirement to test real like penetration testing and offensive security techniques.