Australian Permanent Resident Β· Canberra, ACT Β· Open to Sydney / Remote
Master of Information Technology (Cyber Security) graduate (GPA 4.92) working as an IT Support Specialist at Extratech while transitioning into a dedicated SOC analyst role.
I don't just study security β I build systems, expose them to live internet threats, and engineer the detections to stop them.
- π‘οΈ Running a live Azure honeypot β 1,400+ real brute-force attempts captured, enriched, and mapped from 6+ countries
- π Built a Dual SIEM Detection Lab β identical detection logic across Microsoft Sentinel (KQL) and Splunk Enterprise (SPL) simultaneously
- β‘ Deployed zero-touch SOAR pipelines β automated Jira ticketing via Logic Apps and piloting AI-driven tier-1 triage via IBM watsonx Orchestrate agents
- π Pursuing CompTIA Security+ (July 2026) Β· SC-200 (Q3 2026) Β· BTL1 (Q4 2026)
- π― Targeting Junior SOC Analyst roles in Australia
Security & SIEM
Cloud & Identity
Automation & Tools
Microsoft Sentinel Β· Splunk Enterprise Β· KQL Β· SPL Β· MITRE ATT&CK Β· Azure
Live Windows Server 2022 honeypot simultaneously ingesting into both Microsoft Sentinel and Splunk Enterprise. 5 detection rules built in KQL and SPL β brute force, account lockout, geo-anomaly, privilege escalation, persistence. 4 real incidents auto-generated in Sentinel. Real attacker IPs. No simulated data.
β Cross-platform query parity across KQL and SPL on live attacker traffic
Microsoft Sentinel Β· KQL Β· PowerShell Β· Azure Workbooks Β· IP Geolocation API
Exposed a Windows Server 2022 VM to the raw internet, then built a full SIEM pipeline with custom PowerShell scripts enriching every failed RDP event with geolocation data. Visualised on a live SOC dashboard with dual-state urgency logic (π΄ last 30 min / π‘ last 24h).
β 1,400+ real brute-force attempts from 6+ countries mapped in real time
Microsoft Sentinel Β· Azure Logic Apps Β· Jira REST API Β· KQL Β· SOAR
Zero-touch incident response pipeline β Sentinel detects a brute-force attack, fires an analytic rule, triggers a serverless Logic App playbook, and autonomously creates a fully contextualised Jira ticket in the SOC queue. No analyst touch required from detection to ticket.
β Mean Time to Ticket: seconds. Manual effort: zero.
Microsoft Entra ID Β· MFA Β· Sign-in Logs Β· Audit Logs Β· Incident Response
Full red team compromise and blue team recovery β one person, both hats. Exploited the MFA enabled vs MFA enforced gap to perform a complete account takeover using credential theft and MFA hijacking. Then switched hats: detected impossible travel (Australia β Seattle), rebuilt the full attack timeline from Sign-in and Audit Logs, and executed a complete IR cycle β Contain β Eradicate β Recover β Document.
β Zero malware. Zero exploits. Just timing, stolen credentials, and a misconfigured control.
Splunk Enterprise Β· SPL Β· Windows Security Events Β· Azure Β· Incident Response
Standalone Splunk Enterprise SIEM deployment on Azure catching live brute-force attacks against an exposed Windows Server. Custom SPL queries correlating EventID 4625 β 4740 (failed login β lockout lifecycle). 28,963+ events ingested. 4 attacker IPs across 3 countries isolated. Emergency account recovery via Azure RunCommand when the attacker succeeded in locking out the admin.
β 28,963 events ingested Β· 4 attacker IPs isolated Β· live incident response executed
Microsoft Fabric Β· KQL Β· Data Activator Β· Eventhouse Β· Eventstream
Built a real-time anomaly detection pipeline on live streaming transit telemetry β same architecture as a Sentinel analytic rule but on Fabric's Eventstream engine. Iterated through 3 versions of KQL detection logic and resolved alert fatigue through threshold tuning (0 threshold β 15 spam alerts in minutes β >1h too strict β >30min optimal). Case solved β
β Same KQL pattern used in Microsoft Sentinel analytic rules β applied to live IoT streaming data
| Certification | Issuer | Status |
|---|---|---|
| π΅ Blue Team Level 1 (BTL1) | Security Blue Team | In Progress β Target Q4 2026 |
| π΅ SC-200: Security Operations Analyst | Microsoft | In Preparation β Target Q3 2026 |
| π΅ CompTIA Security+ | CompTIA | Exam Booked β July 2026 |
| β Pre Security | TryHackMe | Completed May 2026 |
Master of Information Technology (Cyber Security) Charles Sturt University Β· GPA 4.92 Digital Forensics Β· Cloud Security Β· Threat Intelligence Β· Dark Web Β· Data Mining
Bachelor of Computer Science & Mathematics Birendra Multiple Campus Β· First Division
IT Support Specialist β Extratech (June 2025 β Present) 30+ daily escalations Β· IAM & RBAC via Entra ID Β· Endpoint management via Intune Β· ASD Essential Eight alignment
Operations Support Specialist β Calvary Hospital (July 2022 β May 2025) Clinical data integrity Β· 100% Australian Privacy Principles compliance Β· Zero breaches across entire tenure
Always building. Always learning. Open to Junior SOC Analyst opportunities in Australia.
