Application Security Consultant & Penetration Tester with 8+ years blending offensive security expertise with full-stack engineering. I uncover high-impact vulnerabilities, architect resilient systems, and build open-source security tooling that mirrors real-world attack scenarios.
- OSCP+ Certified | Based in Melbourne, Australia ๐ฆ๐บ
- Specializing in Web/API Pentesting, Cloud Security (AWS/GCP), and OT/ICS Security
- Developer background in React, Node.js & Python gives me insight into how attackers exploit developer assumptions
- Currently: Application Security Engineer @ Sydney Tools PTY LTD
|
Offensive Security
|
Defensive Security
|
Cloud & DevSecOps
|
๐ญ OT SOC-in-a-BoxA containerized Security Operations Center for industrial control systems (OT/ICS). Simulates a full Purdue Model environment with a 7-phase attack simulation, custom Suricata IDS rules, Wazuh correlation, and SOAR-driven automated response. Mapped to: MITRE ATT&CK for ICS ยท NIST SP 800-82 ยท ISA/IEC 62443
|
๐ก๏ธ Wazuh SOAR AutomationA Docker-based SIEM & SOAR platform integrating Wazuh Manager, OpenSearch, and a custom web dashboard. Features automated threat detection, host monitoring via Wazuh agents, and turnkey deployment with encrypted communications.
|
|
A honeypot solution pairing Dionaea with the ELK stack for real-time attack capture across HTTP, SMB, MySQL, FTP, Telnet and more. Generates live threat intelligence visualized through interactive Kibana dashboards.
|
A production-grade AWS WAF deployment with 10 custom rules (SQLi, XSS, rate limiting, bot detection, geo-blocking, CSRF) in front of CloudFront. Auto-blocks malicious IPs and includes 30+ attack vector test suite via Python/boto3.
|
Security
Cloud & Infrastructure
Languages & Frameworks
Monitoring & CI/CD
Open to penetration testing engagements, AppSec consulting, and security research collaboration.