Teagan Cliff
Cyber Security & Governance Specialist
Experienced
Collaborative. Innovative. High Performer.
Mentoring & Training
Trained and supervised three Information Security Graduates in their roles in information security, and trained an additional two staff members during their first 6 months to ensure they understood the platforms and security environment.
Undertook ongoing mentoring of a number of graduates across the company.
Spoke as part of a panel at the Australian Women in Security Network as part of International Women’s Day to attract women into Information Security as a career.
Vulnerability Management
Led the Vulnerability Management Uplift Project: Eliminated backlog of vulnerabilities; Introduced new automation within platforms.
Penetration testing scoping, implementation, and management of findings.
Policy exemption management and annual reviews.
Co-ordinated and managed the CMDB Asset Management Uplift.
Performed risk assessments and vulnerability assessments applying appropriate security controls and relevant security frameworks.
Designed and implemented a new software security assessment process for applications being introduced to the network.
Forensic Investigations
Contributed to digital forensic investigations including collecting and preserving evidence.
Contributed to threat investigations and the remediation of vulnerabilities.
Managed and refined the data loss prevention process across a number of platforms.
Policies & Standards
Designed and generated monthly and quarterly reporting to the Leadership Team and Board that aligned to APRA standards.
Drafted, reviewed, and implemented core Information Security Organisational Policies, Standards, Procedures and Documentation.
Drafted and implemented Security Incident Response Playbooks.
Stakeholder Management
Engaged directly with managed security providers, and other external and internal teams for responses to identified security incidents.
Communicated information security risks and issues to stakeholders.
Managed two third-party MSSP Providers.
Procurement Panel member for RFP projects selecting key platforms and companies.
Sourced and contracted external vendors to assist with information security strategies.
Provided security advice on procurement, projects and new initiatives.
Service Management (ITIL)
Cyber Awareness Strategies
Designed & implemented gamified security awareness training pilot of 180 people across a large financial organisation – 9.5/10 net promoter score with the training.
Designed & implemented first phishing simulation within a large financial organisation.
Organisation-wide information security awareness surveys and evaluation.
Information security learning modules developed and implemented
Third Party Security Assessments
Completed over 100 TPAs with additional consulting as required.
Reported against NIST 800-53 (Rev 4) and ISO27001:2013 and SOC2 Type II.
Risk Management
Significantly improved a large financial organisation’s risk management maturity score over a 6 month period.
Contributed to Risk Management Audit.
Skills
Technical
- SIEM Platforms (Splunk and McAfee)
- Web and Email Security (Proofpoint, Microsoft, WSS)
- Enterprise anti-malware and end point protection tools (Trend Micro, Symantec, Microsoft Defender, Varonis)
- Data loss Prevention (Microsoft Defender, Proofpoint, Trend Micro)
- Microsoft Platforms and Infrastructure
- Cybersecurity Frameworks (NIST 800:53, ISO27001:2013, SOC2 Type II, ASD Essential 8, SOCI)
- Network Infrastructure
- Service Management Tools (Service Now and Cherwell)
- Confluence and Jira
- Archer
- Sharepoint
- Qualys Platform Vulnerability Scanning
- TCP/IP (Intermediate), LAN, WAN (Intermediate)
- CISCO routers and Switches (Intermediate)
- mySQL (Intermediate) & noSQL (Intermediate)
Skills
Interpersonal & Communication
- Experienced in forming strong technical and non-technical stakeholder relationships.
- Strong written and report writing skills.
- Demonstrated high levels of verbal interpersonal communication skills.
- Effective internal team engagement skills and strategies.
- Highly collaborative and consultative team leadership approach.
- Demonstrated capability to work autonomously.
- Results-focussed high achiever with a creative and positive can-do attitude.
- Demonstrated expertise in working in cross-functional, remote, and merged corporation security teams.
- Innovative, out-of-the-box thinker.
- Highly adaptable and a quick learner. Welcomes stretch goals.
- Demonstrated capacity to develop and maintain technical specialism in emerging threats, technology platforms, network and web protocols, security devices, operating systems, and security controls.
Degrees & Certifications
- Bachelor of IT/ Computer Science (Distinction)
- Diploma of Information Technology Networking
- GIAC Security Essentials Certification (GSEC)
- Cloud Security Assessment QSC, Qualys
- Multi-Vector EDR QSC, Qualys
- Vulnerability Management, Detection & Response QSC, Qualys
