I help secure software products and ICT infrastructure through penetration testing, secure code review and architecture/cloud configuration and design review. DevSecOps consulting and implementation is another specialty, and I have experience doing this for some of Australia's largest government and private sector organisations. I'm currently implementing an appsec program for a large multinational organisation with over 200 software developers.
I have developed and delivered cybersecurity training courses in commercial and academic settings, and experience working in cybercrime investigations and cyber operations for government organisations.
I started my career as a software developer so I understand the competing pressures faced by engineers. This gives me a level of empathy that is helpful when working with engineering teams to implement secure development practices in fast-paced organisations.
I have prior experience in Learning Design, and take pride in writing clear, concise, logical and helpful training material, technical documentation and guidance, because I know the frustration that arises when it is not.
I am passionate about breaking, building and fixing things. I am proficient with the following tech:
Security tools: Semgrep, Trivy, Gitleaks, Checkov, Bomber, OWASP ZAP, Nuclei, Arachni, Nmap, OpenVAS, Nessus, Metasploit, BurpSuite, DefectDojo
Dev experience: .NET (Core, MVC), Java (Spring Boot), Python (FastAPI, Django), Go, JavaScript (Svelte, VueJS), C/C++
Cloud: AWS, Azure
Databases: dgraph, mySQL, PostgreSQL, MongoDB
DevOps: Gitlab, GitHub, GitHub Actions, GitHub apps
IaC: Terraform
Configuration Management: Ansible, Bash
Containerisation: Docker/Podman
Virtualisation: Virtualbox, VMware/ESXi, HyperV
