About me

An Information Security Professional with demonstrated expertise and success in risk management, governance, architecture and design. Significant industry experience in helping organisations meet compliance requirements.

In addition to developing and embedding security within the enterprise, recognised for providing organisational thought leadership for security defence capabilities.

Competencies and Qualities

  • Leadership

    Experience in driving security awareness, maturity and change within information technology, information security and business units.

  • Security Consulting

    Extensive experience in delivering information security within business units, operational and project teams.

  • Risk Management

    Experience in the delivery of risk reporting and awareness in areas such as security risks, reputational risks, information and technology risks within business units, operational and project teams.

  • Compliance Management

    Experience in the delivery of internal, external and 3rd party compliance and audit management.

  • Vulnerability Management

    Experience in the implementation of vulnerability management solutions across infrastructure, applications and code covering both static and dynamic analysis.

  • Security Governance

    Experience in the representation of information security in multiple governance forums.

  • Communications

    Demonstrated ability in effectively communicating complex technical concepts to both technical and non-technical audiences. Also working with various teams and stakeholders to ensure that security plans are implemented effectively.

  • Strategic Thinking

    Experience in thinking strategically about the organisation's security posture and be able to design and implement long-term security plans that align with the organisation's current and future strategies.

  • Collaboration skills

    Experience in working effectively with other members of the organisation, including IT staff, executives, and other stakeholders, to develop and implement effective security measures.

  • Architecture

    Development of information security technology roadmaps, security blueprints and secure reference design patterns.

  • Design

    Experience in security design initiatives that strengthen the organisational security landscape.

  • Stakeholder Relationships

    Experience in developing and maintaining strong relationships with technical, operational and business units.

  • Technical Expertise

    A deep understanding of various technical disciplines, including cloud security, platform security, end user security, network security, data security, and application security.

  • Problem Solving Skills

    Experience in identifying and solving complex security problems and designing creative solutions to address them.

  • Adaptability and Continual Learning

    Continually monitoring and adapting to new technologies to address the changing threat landscapes and implementing new capabilities through people, process or technology changes.

  • Attention to Detail

    A strong attention to detail, as even small mistakes can have significant consequences in the field of cybersecurity.

Training, Development and Certifications

  • Microsoft Azure - Security, Compliance, and Identity Fundamentals

  • Microsoft Azure - Fundamentals

  • Leading SAFe (Scales Agile Framework for Enterprise)

  • Vested Orientation Training

  • SABSA Foundation

  • ITIL 4 Foundation

  • Social Engineering Prevention Specialist

  • SANS - SEC530: Defensible Security Architecture

  • SANS - AUD507: Auditing & Monitoring Networks, Perimeters & Systems

  • SANS - SEC401: Security Essentials

  • Innovation and Idea Creation Workshop Training

  • Ernst & Young – Extreme Hacking

  • MCSE - Microsoft Certified Systems Engineer

quote icon

Resume

Experience

  1. Enterprise Security Architect (Kinetic IT)

    2023 — Present

    Providing security architecture, consultation, and solution design services to Kinetic IT customers.

  2. Security and Infrastructure Architect (CPA Australia)

    2022 — 2023

    Delivering comprehensive security and infrastructure solutions as a part of Technology and Digital Services, through architecture, consultation, advisory, and design services.

  3. Enterprise Security and Solutions Architect (Kinetic IT)

    2015 — 2022

    Providing security architecture, consultation, and solution design services to Kinetic IT customers.

  4. Regional Information Security Officer (Computershare)

    2014 — 2015

    As part of the Global Information Security and Risk Group, providing management and leadership for the Computershare Oceania consulting and architecture group.

  5. Head of IS Capability, Information Security Office (Australia Post)

    2012 — 2014

    Reporting to the CISO, responsibilities include the monitoring of business & IT strategies, the maintenance of the Information security strategy. Working relationships with both IT and business stakeholders to deliver the required organisational security outcomes.

  6. Enterprise Security Architect, Office of the CTO (Australia Post)

    2010 — 2012

    To provide strategic leadership for enterprise security architecture and design initiative including the technology roadmaps and security design and deployment patterns.

  7. Manager, Strategic Security, Enterprise IT Security (Australia Post)

    2007 — 2010

    As the manager within the enterprise IT security group lead and coordinated various security engagements and managed the implementation of new security capability within the group.

  8. Security Analyst, Enterprise IT Security (Australia Post)

    2003 — 2007

    As a security analyst within the enterprise IT security group responsibilities included the management and support of various security technologies.

  9. Security Consultant, eBusiness Group (Australia Post)

    1999 — 2003

    Consulting on an ecommerce program as an infrastructure and Internet security specialist.

Blog

  • physical

    Lets get physical, physical. I want to get physical

    Why is physical security important

    As I was walking down the street, I noticed that a network cable from a mobile network tower was publicly accessible. This prompted me to explain why physical security is an essential aspect of overall cybersecurity. Physical security measures ensure that the network and its components are protected from unauthorised access, theft, and damage.

    For instance, locked doors, access control systems, and security cameras prevent unauthorised individuals from accessing the network and its components. Without physical security, anyone could walk in, gain access to the network, steal data, or install malicious software.

    While physical security may not always be considered a part of cybersecurity, it remains critical to the overall security of the network and its data. Without physical security, the network and its data would be vulnerable to interception, manipulation, and capture.

    TheCword

    The C word. No, not that C word. The 5 C's in Cyber

    Why is Software CURRENCY Important

    Software currency refers to the practice of keeping software up to date with the latest patches and updates. This is important because it helps protect your system from being exploited by attackers who might take advantage of known vulnerabilities. Software vulnerabilities are often discovered and fixed through updates, so by keeping software up-to-date, you can help secure your system.

    Why is it Important to CONFIGURE Software for Security

    Configuring software for security is crucial because it helps to ensure that the software is used in a secure manner. By setting up secure options and configurations, you can help protect your system from various security threats such as malware, ransomware, and unauthorised access. Enabling built-in security features can also increase the overall security of your system. Additionally, by configuring access controls such as user and privileged accounts and permissions, you can prevent unauthorised access to sensitive data or systems. Furthermore, by setting up security protocols such as SSL/TLS or SSH and disabling the use of clear text protocols, both on private and public networks, you can add an extra layer of security.

    Why is it Important to Detect Unauthorised CHANGES to Systems

    Detecting unauthorised changes to systems is important because it allows you to take timely action to address any security threats and minimise their potential impact. By quickly identifying changes, you can isolate the affected system, restore it to a known good state, or take other appropriate actions to secure your system.

    Why is it Important to CAPTURE All System Events

    Capturing all system events provides valuable information about security-related activities, such as login attempts, unauthorised access to data, and the installation of malicious software. By capturing all system events, you can identify potential security threats and take the necessary actions to address them.

    Why is it Important to CONTAINERISE All System and User Activity

    Containerisation is the practice of packaging an application and its dependencies into a single container that can be easily deployed and run on any system. It helps to improve security by isolating applications from each other and the underlying system. By controlling network and application access, lateral movement can be minimised. Additionally, containerising user access can improve security by ensuring that users only have access to the resources they need to perform their job duties, reducing the risk of unauthorised access or data breaches.

    Cyber2023

    Cyber in 2023. Trends to watch out for in 2023

    Increased reliance on cloud security

    As more businesses move to the cloud, protecting data in the cloud will become a top priority. Cloud posture management will become key as any misconfiguration can lead to unauthorised access. Additionally, clouds do not stand still, and as new features and functions are made available enabling those new capabilities required time and effort to understand what impact they could have.

    Rise of artificial intelligence in cyber security

    Chat GPT has shown us the AI (Artificial Intelligence) can be used to help detect and defend against threats by giving practicians a tool that supplies not only answers but explanations increasing the knowledge of practitioners. As always, any tool can be used for both defensive and offensive capabilities.

    The Internet of Things (IoT) and the need for IoT security

    The continued proliferation of connected devices presents new security challenges, the more we get the more vulnerabilities that will be discovered. Vendors of these products need to secure IoT devices, with basic controls such as implementing proper authentication and regularly updating software.

    Greater emphasis on user education and awareness

    Individuals are critical in protecting their organisation's data, through social engineering attackers can operate in the context of that user and access all information within that user's rights. Ensuring that users only have access to the information required to perform their role is critical in limiting possible unauthorised access to information. The importance of educating users about best practices for security, such as using strong passwords, enabling MFA (Multi Factor Authentication) and being cautious when clicking on links is a continues activity.

    The increased use of 3rd party providers

    Using third-party providers can increase the risk of security vulnerabilities and data breaches. You are relying on that provider to secure your data and protect it from unauthorised access. It is important to assess third-party providers you are considering using and ensure they have and continue to have robust security measures in place to protect your data.

    Conclusion

    The field of technology is constantly evolving, and one of the most significant developments of recent years has been the exponential growth in the use and capabilities of Artificial Intelligence (AI). To ensure the security of your systems, it is essential to stay up-to-date with the latest software updates and security measures. One highly recommended approach is to implement Multi-Factor Authentication (MFA) on all devices and applications, or even better, to adopt the FIDO (Fast IDentity Online) standard, which is supported by major tech companies such as Apple, Google, and Microsoft.

    • Contact

    Contact Form