Cyber Security Analyst
Collaborative. Innovative. High Performer.
Cyber Awareness Strategies
Designed & implemented gamified security awareness training pilot of 180 people across a large financial organisation – 9.5/10 net promoter score with the training.
Designed & implemented first phishing simulation within a large financial organisation.
Organisation-wide information security awareness surveys and evaluation.
Information security learning modules developed and implemented
Penetration testing scoping, implementation and management of findings.
Exemption management and annual reviews.
Co-ordinating CMDB Asset Management.
Performed basic risk assessments and vulnerability assessments applying appropriate security controls and relevant security frameworks.
Engaged directly with managed security providers, and other external and internal teams for responses to identified security incidents.
Communicated information security risks and issues to stakeholders.
Sourced and contracted external vendors to assist with information security strategies.
Provided security advice on procurement, projects and new initiatives.
Third Party Security Assessments
Completed over 100 TPAs with additional consulting as required.
Reported against NIST 800-53 (Rev 4) and ISO27001:2013 and SOC2 Type II.
Significantly improved a large financial organisation’s risk management maturity score over a 6 month period.
Contributed to Risk Management Audit.
Contributed to digital forensic investigations, including collecting and preserving evidence.
Service Management (ITIL)
Provided first-level analysis and resolution of Information Security requests.
Policies & Standards
Drafted, reviewed and implemented a number of core information security organisational policies and standards.
Led the generation of monthly and quarterly security operations reports for the Leadership Team and Board.
- Bachelor of Information Technology (Computer Science) – Distinction – QUT
- Diploma of Information Technology Networking – TAFE Qld
- Security Information and Event Management (SIEM)
- Web and Email Security
- Enterprise anti-malware and endpoint protection tools
- Vulnerability scanning
- Cybersecurity Frameworks (NIST 800:53, ISO27001:2013, SOC2 Type II, ASD Essential 8)
- Network Infrastructure
- LAN, WAN
- CISCO Routers & Switches
- Office 365 Web & Email Security
- Active Directory
- Symantec Endpoint Protection
- PHP (Basic)
- Java Script (Basic)
- Java (Basic)
- TCP/IP (Intermediate)
- LAN, WAN (Intermediate)
- CISCO routers and Switches (Intermediate)
- Python (Basic)
- MySQL (Intermediate) & noSQL (Intermediate)
- C (Basic) & C# (Intermediate)
- Powershell (Intermediate)
- HTML & CSS (Intermediate)
Interpersonal & Communication
- Experienced in forming strong technical and non-technical stakeholder relationships.
- Strong written and report writing skills.
- Demonstrated high levels of verbal, interpersonal communication skills.
- Effective internal team engagement skills and strategies.
- Highly collaborative and consultative team approach.
- Demonstrated capability to work autonomously.
- Results-focussed high achiever with a creative and positive can-do attitude.
- Demonstrated expertise in working in cross-functional and remote teams.
- Innovative, out-of-the-box thinker.
- Highly adaptable and a quick learner. Welcomes stretch goals.
- Approachable, friendly and effective team player.
- Demonstrated capacity to develop and maintain technical specialism in emerging threats, technology platforms (including Cloud technologies), network and web protocols, security devices, operating systems and security controls.
- Cloud Security Assessment QSC, Qualys
- Multi-Vector EDR QSC, Qualys
- Vulnerability Management, Detection & Response QSC, Qualys