Defensive security and IT support practitioner based in Australia.

• full working rights, open to on-site, hybrid, and remote roles across Australia (including APS).

Focus areas: SOC operations, SIEM detection engineering, incident investigation, Active Directory security, and end-user support across Windows, Linux, and macOS.

• HTB Certified Defensive Security Analyst (CDSA) — Dec 2025 · hands-on SIEM investigations, AD attack analysis, threat hunting, DFIR reporting
• Google Cybersecurity Professional Certificate — Feb 2025
• AWS Certified Developer — Associate — Dec 2024
• AWS Certified Solutions Architect — Associate — Jun 2023

A seven-repo portfolio covering Detection → Investigation → Response → Automation, with MITRE ATT&CK mapping and Essential Eight alignment throughout.

• SIEM-Detection-Lab — Splunk SIEM deployment with Windows Event Log and Sysmon forwarders; Docker-based lab infrastructure
• Detection-Engineering-Lab — 13 Sigma and Splunk SPL detection rules mapped to MITRE ATT&CK (credential access, persistence, defence evasion)
• AD-Lab-Setup — Active Directory forest with automated PowerShell provisioning, Sysmon monitoring, and ATT&CK-mapped SOC detection scenarios

• Incident-Investigation-Portfolio — DFIR case studies reconstructed from public advisories: MOVEit Transfer (CVE-2023-34362 / CISA AA23-158A) and Scattered Spider help-desk vishing (CISA AA23-320A). 19 ATT&CK techniques across both reports with timelines, IOCs, and detection rules.

• Attack-Simulation-Lab — Atomic Red Team adversary emulation (credential dumping, lateral movement, persistence) correlated against SIEM detections to measure coverage

• claude-web-safety-hooks — Defence-in-depth hooks protecting AI coding assistants from prompt-injection; 580+ patterns across 16 threat categories
• Help-Desk-Ticketing-Lab — osTicket ITSM on Ubuntu LAMP with SLA tiers, department-based routing, and role-based access control

Labs cover control areas from the ACSC Essential Eight Maturity Model:

• Restrict administrative privileges — AD-Lab-Setup (tiered admin, privilege audit)
• Patch applications & operating systems — SIEM-Detection-Lab (patch status monitoring via Sysmon/Event Logs)
• Application control — Attack-Simulation-Lab (validating control effectiveness through adversary emulation)
• Multi-factor authentication — Incident-Investigation-Portfolio (Scattered Spider MFA-fatigue case study and detections)

Security Operations — Splunk, Elastic/ELK, Sysmon, Windows Event Log analysis, phishing investigation, incident response, MITRE ATT&CK, NIST, ISO 27001, CIS Controls

Systems & Infrastructure — Active Directory, Windows Server, Linux, macOS, DNS, DHCP, Group Policy, TCP/IP, VLANs, KAPE, Timeline Explorer

Scripting & Tools — Python, PowerShell, Bash, Git, Docker, Jira Service Management, osTicket, Microsoft 365 administration

Cloud — AWS IAM, EC2, S3, Lambda, CloudTrail, CloudWatch (monitoring cloud activity, least-privilege controls, serverless security)

• Studying for HTB CPTS (Certified Penetration Testing Specialist) — offensive perspective to sharpen defensive detection
• Expanding the Incident Investigation Portfolio with additional CISA advisory case studies
• Deeper Essential Eight mapping across the detection and response labs

Brisbane, QLD · Open to SOC Analyst, Security Analyst, Detection Engineer, and IT Support / Service Desk roles.