Principal Security Engineer2022 - PRESENTMYOB
Technologies: Application Security, Security Architecture, Security Operations Centers (SOC), Incident Response
- Provided leadership in security for the financial services vertical, partnering with delivery and engineering managers to manage, control, and improve security controls around people, processes, and technology.
- Set up a governance framework to oversee security risks and optimize resource utilization.
- Developed a security metric to track security initiatives' progress.
- Led workshops on threat modeling, security architecture, and secure software design and provided security reviews of solution designs.
- Refreshed and reviewed the organization's information and cyber security strategy.
- Established a minimum set of security requirements and a security scorecard to measure the risk of non-compliance.
Head of Technology2021 - 2022Victorian Electoral Commission
Technologies: IT Governance, Management, Projects, IT Strategy, IT Services, IT Service Management (ITSM)
- Provided technical leadership and guidance for development, operation, testing, and security teams to continuously improve the efficiency of the software development lifecycle.
- Planned and managed capacity, growth, upskilling, and performance of development, operation, testing, and security teams.
- Assisted departments in using technology to achieve their business goals.
- Held the position of deputy CISO and chair of the security steering committee.
- Developed the organization's cyber security strategy and oversaw implementation in collaboration with project managers, department heads, and third-party vendors.
- Managed the organization's information and security risk profile.
- Ensured compliance with Australian government security regulations, including the Victorian Protective Data Security Framework, Victorian Protective Data Security Standards, and Protective Security Policy Framework.
- Provided guidance and advice to the project team as a member of the enterprise architecture board.
- Oversaw the change and configuration management of ICT systems in collaboration with the change advisory board as an accountable technology approver.
IT Security and DevOps Manager2018 - 2021Victorian Electoral Commission
Technologies: DevOps, Azure, Security Operations Centers (SOC), Incident Response, IT Operations, Security Management
- Achieved operational and security stability of the infrastructure, platform, and services during the elections in 2018 and 2020.
- Spearheaded a project to upgrade the standard operating environment to Windows 10, Microsoft 365, SharePoint Online, and Dynamics 365 to modernize the workspace.
- Led a project to migrate the company's core business systems from the on-premises data center to the Azure cloud to enhance stability, scalability, and security.
- Partnered with Telstra and led a project to enhance the corporate network and regional offices' remote networks across Victoria.
- Ensured continuous compliance with regulations, including Victorian Protective Data Security Standards, Protective Security Policy Framework, and Victorian Protective Data Security Framework.
- Represented the organization during successive internal and external security audits and managed and mitigated risk through projects.
Technical Lead2017 - 2018Victorian Electoral Commission
Technologies: React, .NET, C#, Windows Presentation Foundation (WPF), TFS, Azure DevOps, CI/CD Pipelines, Software Architecture
- Managed software development teams and vendors to implement numerous software projects for the election.
- Designed microservices architecture and converted monolithic applications into the new architecture to automate CI/CD and improve manageability.
- Led the IT Operations team in implementing an infrastructure-as-a-code Docker hosting platform in Azure cloud.
- Implemented DevOps practices and adopted cloud platforms to host the Victorian Electoral Commission's public-facing website for the first time.
- Delivered the complete disaster-recovery solution leveraging Azure Site Recovery in collaboration with the business and a third-party vendor.
Senior Consultant2015 - 2017Telstra Purple
Technologies: DevOps, .NET, Azure, Front-end, Back-end, Architecture, Solution Design
- Consulted customers on better software development practices and helped the development team manage their code and packages as part of the software development lifecycle.
- Implemented an automated build and deployment process for various software projects.
- Developed platforms on the Azure cloud and trained customers in infrastructure-as-code management.
- Provided training sessions and workshops with customers and fellow consultants, educating them on DevOps principles and its technologies to achieve high performance in software project delivery.
Lead Developer2012 - 2015Telstra
Technologies: .NET, C#, ASP.NET, TFS
- Led a team to develop and maintain software used to manage a large number of conference rooms and theatres with high-quality video communication.
- Participated in R&D activities at Telstra Labs to develop new business solutions that integrate modern software-based video conferencing systems with traditional hardware-based systems like Cisco TelePresence and Polycom's RealPresence.
- Developed multiple business cases with proof of concepts in software applications to help customers by collaborating with business development managers and assisting with pre-sales activities.