Teaching Assistant — INFO6004 Cloud Security

Delivering Cloud Security curriculum: cloud threat models, identity security, and platform hardening. Facilitating RangeForce labs, supporting assessment design and evaluation, and mentoring students from diverse backgrounds.

Co-Lead SOC — Adelaide University Partner Run

Co-led blue team defensive operations across simulated enterprise environments — directing triage workflows in SentinelOne, leading endpoint and network vulnerability assessments, and modelling adversary behaviour against MITRE ATT&CK to proactively close attack-surface gaps.

• Spearheaded threat hunting across endpoints and Active Directory, mapping findings to MITRE ATT&CK TTPs.
• Established triage prioritisation frameworks to streamline alert handling and reduce MTTR across high-volume detection pipelines.
• Developed and tuned SIEM detection rules to improve signal-to-noise ratio and ensure high-fidelity alerting.
• Tuned EDR policies in SentinelOne to optimise visibility while minimising false positives.
• Mentored junior SOC analysts in detection methodology, log analysis, and security tooling during live red vs blue exercises.
• Collaborated with red team operators post-exercise to translate adversary tactics into defensive improvements and detection rule enhancements.
• Conducted post-incident analysis and contributed to after-action reports — attack timelines, detection gaps, hardening recommendations.
• Mapped observed actor behaviour to real-world APT profiles to enrich the team's threat intelligence picture.

Junior Cyber Security Analyst

Triaged threats across Microsoft Sentinel and Splunk, ran incident investigations across endpoint, network, and cloud, and contributed to security architecture and identity reviews — alongside hands-on security control validation and risk assessment work.

• Reviewed and analysed threats using intelligence feeds, security logs, and reports to identify and prioritise cyber incidents.
• Operated SIEM dashboards (Microsoft Sentinel, Splunk) to detect, investigate, and respond to security events.
• Performed security scanning and vulnerability analysis to identify control gaps and misconfigurations.
• Analysed alerts using SIEM and EDR tools — confirming true positives and reducing noise.
• Enhanced detection use cases aligned with MITRE ATT&CK techniques.
• Supported authentication and identity reviews across Active Directory and Entra ID.
• Conducted security control validation and supported risk-assessment activities.
• Built small automation scripts to improve investigative efficiency.
• Documented findings and escalated issues with actionable insights for technical and business stakeholders.

Teaching Assistant — COMPSCI 7328 Concepts in Cyber Security

Delivered foundational cyber security tutorials covering threat landscapes, cryptography, and network security. Adapted explanations to varying technical backgrounds and supported assessment marking with constructive feedback.

SOC Analyst Intern — University of Adelaide Partner Run

Monitored simulated enterprise environments during red vs blue team exercises. Performed incident response and triage with Splunk and CrowdStrike, identified endpoint and network vulnerabilities, and supported threat-hunting initiatives by correlating logs and anomalies against MITRE ATT&CK techniques.

Junior Associate Security Engineer

Tier 1/2 support across hybrid infrastructure: patching, endpoint access, and IAM tasks including account provisioning, MFA configuration, and AD group policy. Participated in SOC-lite alert logging, credential reset validation, and O365 triage — and authored SOPs for service interruptions, policy inconsistencies, and user onboarding.