This project involved orchestrating, methodology and delivery of a global Security Operations Centre (SOC) for an external client (NDA). Many components through Cloud Access Security Broker (CASB) cloud models to enhance security measures and compliance within cloud environments. The project deployment, based on PowerShell and Terraform adhered to the National Institute of Standards and Technology (NIST) frameworks, ensuring robust security practices and adherence to industry standards, and within each country hold specific security governance for those specific industry sectors, and standards. This ensures that all devices, vulnerabilities met coverage globally with CIS and NIST, and azure baseline models.

Project milestones included implementing well-architected designs, which encompassed comprehensive and scalable solutions to meet a global organizational security need with 3rd party tools, cloud deployments and on-premises coverage. This deployment focused on Azure benchmark security governance, ensuring that all security protocols and measures aligned with best practices and compliance requirements. This approach facilitated the development of a resilient and secure SOC infrastructure capable of addressing global security challenges effectively. The cloud based SIEM/SOAR deployment was Sentinel and Entra Identity, Defender. 

This project involved orchestrating, methodology and delivery of a global Security Operations Centre (SOC) for an external client (NDA). Many components through Cloud Access Security Broker (CASB) cloud models to enhance security measures and compliance within cloud environments. The project deployment, based on PowerShell and Terraform adhered to the National Institute of Standards and Technology (NIST) frameworks, ensuring robust security practices and adherence to industry standards, and within each country hold specific security governance for those specific industry sectors, and standards. This ensures that all devices, vulnerabilities met coverage globally with CIS and NIST, and azure baseline models.

Project milestones included implementing well-architected designs, which encompassed comprehensive and scalable solutions to meet a global organizational security need with 3rd party tools, cloud deployments and on-premises coverage. This deployment focused on Azure benchmark security governance, ensuring that all security protocols and measures aligned with best practices and compliance requirements. This approach facilitated the development of a resilient and secure SOC infrastructure capable of addressing global security challenges effectively. The cloud based SIEM/SOAR deployment was Sentinel and Entra Identity, Defender. 

Designed and delivered a dulpication of the live environment, for testing within Azure. This required a target state operational technology testing environment duplication of all technical, security, domain and 

Executed security assessments, incident remediation, tool configuration, and located faults and performed correction within operational technology environment.

Reviewed, implemented, and managed security tools across various domains including OT, IACS, Signalling, and Communications (14 security domains, 34 Network domains).

Developed and deployed Splunk applications for Security Information & Event Management (SIEM) data ingestion using PowerShell, Shell Script, Python, Terraform, and ARM.

Led Incident Remediation (IR) efforts and conducted investigations within SIEM systems to ensure security and compliance.

Managed the OT Cyber team, focusing on organizational asset safety and risk mitigation.

Conducted investigations into Splunk and security logging infrastructure to enhance security posture.

Delivered security architecture and design, ensuring robust and compliant security systems.

Specialized in Splunk Enterprise applications, including SIEM, Security Orchestration, Automation and Response (SOAR), and Enterprise Security (ES).

Designed and implemented Splunk architecture, focusing on governance, risk, and compliance (GRC) and cybersecurity frameworks.

Delivered under solution design and planning the Operational Technology Testing Environment clone for OT Cyber team within Sydney Trains, including Splunk ingestion, application deployment, search head configuration, and asset collection.

Ensured the OT Cyber team's compliance and accurate operations within the internal Information Security Management System (ISMS)/Cyber Security Management System (CSMS) standards.

Performed comprehensive security investigations, incident response activities, and threat assessments to safeguard systems.

Designed and deployed the "Operational Technology Testing Environment," including detailed design documentation (DLD, LLD, HLD, and as-built documents).

Aligned monitoring processes with industry standards such as ASD8, MITRE ICS/Ent, ISA 62443, and ISO standards.

Delivered and integrated syslog systems and API integrations for enhanced security monitoring and incident response.

Led project delivery, including planning, stakeholder management, deployment, and training in cybersecurity roles, with a focus on vendor management, supply chain analysis, and cost optimization. 

Security and GRC Solutions: Developed and implemented security operations and GRC alignment strategies for large enterprises, optimizing technical systems for enhanced security posture without imposing significant overheads.

Data Collection and Analysis: Spearheaded the collection of event and metric logging information using sensors and MS Graph, facilitating comprehensive analysis through Sentinel and SIEM/SOAR platforms.

Automated Security Configuration: Innovated automated security change configurations for cloud-based assessments and infrastructure deployments, catering to the specific needs of large enterprise clients across public and private clouds.

SOC Infrastructure Delivery: Delivered SOC infrastructure, ensuring seamless design and functionality of network/security domains and the flow of data/tools using a variety of collection/inspection tools.

Standards and Compliance Alignment: Assessed and aligned security measures with cloud architecture and compliance standards, ensuring robust and compliant security infrastructures.

Azure Security Operations: Implemented and managed security tools for the Azure platform, overseeing configuration change requests, design, and implementation.

Leadership: Provided technical leadership, guiding multiple security operations to ensure the safety and security of organizational assets.

Security Framework Design: Conceptualized and presented scalable security architectures, Splunk and CrowdStrike, Qualys and Nessus.

MITRE ATT&CK and Essential 8: Implemented security frameworks, playbooks, and bookmarks for government/council projects.

Splunk Architecture, design and delivery.

Technical Implementation and lead project manager

Splunk Cloud Infrastructure, Approximately 890 Universal Forwarders (UFs), 55 Splunk apps created in various forms for collection (powershell, Bash shell, or Py)

Applicaiton groups, server classes and  and groups and groups under a deployment server, 8 heavy folders (HFs) running Ubuntu and CentOS deployment servers and. integrating Syslog-NG servers and various technical addons.

API and Network Support: Managed API implementations/collection in event/metric over O365, Azure, Zscaler/ZFA, 365, TACACS, RADIUS, syslog, Cisco APs, ATDs, switches and routers (3000 -> 9000 range).

Security Operations Management: Managed security across a vast network, ensuring seamless connectivity and protection for council sites.

Advanced Security Frameworks: Aided in the design and implementation of scalable security architectures, enhancing network resilience.

Qualys and Nessus Deployments: Led the configuration and deployment of these tools, bolstering our vulnerability management capabilities.

MITRE ATT&CK and Essential 8: Played a key role in deploying these frameworks, developing playbooks and bookmarks to guide security practices.

Project Leadership: Drove project design and planning, collaborating with SMEs and teams across multiple government and council projects.

Splunk Infrastructure: Spearheaded the implementation of Splunk Enterprise and Cloud, establishing robust logging and monitoring systems.

Syslog-NG Implementation: Built and deployed CentOS8 Syslog-NG servers, enhancing our logging infrastructure with high-efficiency forwarders and indexers.

Technical Addons Integration: Integrated Splunk technical addons within a unified management framework, employing the Mitre ATT&CK framework for enhanced security operations.

API Management: Implemented APIs for O365, Azure, Zscaler, Cisco, Palo Alto, and more, facilitating seamless integration and operational efficiency.

Comprehensive Project Management: Oversaw the entire project lifecycle, from initial buildout and planning through vendor management, pricing, and documentation, ensuring projects were delivered on time, within budget, and in compliance with specified requirements.

Cisco Prime/DNAC Support: Provided configuration and ongoing support for these network management tools, contributing to the stability and security of our network infrastructure.

PCI DSS Compliance: Conducted daily security tasks for logging and auditing under PCI DSS governance.

Security Engineering: Addressed daily security challenges by resolving CVEs and patching, ensuring compliance, and maintaining a secure platform.

Certificate Management: Managed external/internal certificates (SSH/PEM) to secure access and connections.

Automation Scripts: Crafted PowerShell scripts using Octopus automation to streamline operations.

Documentation and Policy Creation: Developed comprehensive documentation, policies, change requests, and management documents.

AWS Architecture: Led AWS platform buildouts, designs, and deployments.

Identity System Maintenance: Troubleshot and maintained identity systems like OKTA, incorporating MFA, push tokens, RSA, and DUO.

VMware and Linux Systems: Managed VMware systems, Linux environments, appliances, SAN, network infrastructure, and AWS subscriptions.

Network Analysis: Performed network discovery and analysis, creating network diagrams based on OSI standards.

Encryption and Security: Investigated encryption, applications, and negotiation protocols across layers 5-7.

Technology Integration: Utilized a broad range of technologies including Nagios, Splunk, Zabbix, UpGuard, Bitbucket, and many others for monitoring, logging, alerting, and system integration.

Global Azure Architecture: Spearheaded the architectural planning and implementation across global Azure infrastructures, ensuring scalability and reliability for stock market risk management and development software.

Design and Security: Led the design efforts, integrating robust security measures to protect sensitive financial data and software development environments within Azure.

Risk Management Systems: Developed and maintained systems critical for managing stock market risks, utilizing Azure's advanced capabilities to support real-time data processing and analysis.

Software Development Support: Provided architectural support for software development projects, ensuring optimal performance, security, and scalability within Azure environments.

Product Development Strategy: Instituted a comprehensive product development process across the company, enhancing efficiency and innovation.

Cross-functional Training: Developed and deployed training programs for presales, sales, marketing, and engineering teams, aligning product knowledge and capabilities.

Team Management: Led and coordinated tasks across all teams involved in the product development cycle, ensuring timely and successful product launches.

Market Analysis: Conducted detailed reporting and market analysis, identifying gaps and opportunities for strategic positioning.

Stakeholder Engagement: Crafted and presented product layouts and strategies to directors, investors, and executives, securing buy-in and resources.

Financial Planning: Managed market placement, costing, forecasting, and budgeting to align product offerings with market demands and financial goals.

Technical Leadership: Oversaw the technical design and feature implementation, culminating in the launch of a fusion telecommunication system product (VOIP/SIP).

Engineering Support: Provided senior engineering support, leading morning standup meetings to resolve technical escalations and facilitate project progress.

Operations and Support: Led the technical operations within the Sax Institute, focusing on building and maintaining custom research environments that met stringent security standards.

Infrastructure Management: Held comprehensive knowledge in various hardware and software platforms, including SAN, virtualization, and network configurations, both in cloud and physical deployments.

Technology Deployment: Was responsible for the support, troubleshooting, and deployment of a wide range of technologies, encompassing backend networks, servers, Windows and Unix operating systems, DMZ infrastructure, and advanced security measures like certificate-based/MFA security.

Network and Security: Managed routing and switching hardware, contributing to the security and efficiency of the research environment.

Project Management: Took on secondary roles that included scoping, planning, and executing technical projects and upgrades, alongside managing issue resolution, change requests, and technical escalations to support the team.

Automation and Scripting: Utilized scripting and PowerShell to automate processes, significantly enhancing operational efficiencies.

Security and Compliance: Ensured the SURE environment, supporting around 450 external researchers across over 120 segregated networks, adhered to OSI model standards and ISO 27001, including undergoing PEN testing to uphold security accreditations and protect data for government research.

System Administration: Directly supported a variety of software solutions and security measures, such as firewalling, GPO, AD, DNS, DHCP, and IP tables, to maintain a secure and efficient research environment.

Network Engineering: Designed and implemented sophisticated network infrastructures, focusing on VLANs, VPNs, and Sophos, along with mastering other complex networking concepts.

Managed Services: Functioned as a key senior engineer and managed service provider within the Sydney team, offering high-level support and solutions.

Infrastructure Support: Provided comprehensive support for client infrastructure, including virtualization, backups, networks, and SAN/NAS, for both Windows and Linux platforms.

Cloud and Virtualization: Configured environments in VMware, Hyper-V, Azure, and AWS, ensuring optimal setup and integration for clients.

Advanced Networking: Managed Extreme, Cisco, and Juniper switching and routing, enhancing network efficiency and security.

Remote Desktop Services: Implemented RDS solutions, streamlining remote access and application delivery.

Scripting and Automation: Developed scripts in PowerShell, VB, Python, and HTML to automate system tasks and improve operational efficiency.

Configuration Management: Led SCCM, Windows ADK, WDM, and PE buildouts, creating effective task sequences for deployment and management.

Team Support: Served as a technical escalation point and resource for a medium-sized team, facilitating knowledge sharing and problem resolution.

Cloud Services Management: Managed Office 365, Azure, Exchange, Skype for Business, ADFS, and Teams, ensuring effective onboarding and service delivery.

Project Leadership: Oversaw internal documentation, and change requests, and functioned as a client advisor and technical lead for projects, demonstrating project management skills and technical alignment and risk management.

SCCM: implemented infrastructure and SCCM

Built and configured AHCI Windows 10 images for Standard Operating Environment (SOE) laptops, ensuring system uniformity and reliability.

Automation: Automated the rollout of drivers and software for both existing and new hardware platforms, enhancing operational efficiency.

Script Development: Crafted PowerShell, VB, and Python scripts to streamline automation and facilitate seamless image rollouts.

SCCM Software Deployment: Created applications and packages within SCCM for efficient software deployment across the organization.

NetAPP SAN Management: Configured and upgraded NetAPP SAN units (FAS 2XXX, 3XXX), optimizing storage solutions.

Advanced Support: Provided Level 3 support for security system, network, and server issues across the full Wintel stack and Linux environments.

Cloud and Communication Services: Managed Office 365, Azure, Exchange, and implemented Skype for Business solutions, addressing DNS, DHCP, AD, and routing needs.

Security Enhancements: Recommended and implemented security measures such as MFA, AppLocker, BitLocker, and email security (SPF and DKIM).

Email Security: Conducted mail MIME analysis and integrated third-party gateways for enhanced spam protection.

Troubleshooting: Addressed issues with Papercut and Linux load balancers, ensuring system stability and performance.

Advanced Technical Support: Served as a senior resource and escalation point for a team of twelve, guiding them through complex technical challenges.

Customer Support and Onboarding: Supported over 250 customers in cloud environments, overseeing their successful onboarding and continuous service satisfaction.

Application Management: Ranging from end-user applications to server-based systems, including Office 365, Azure, Exchange, and Skype for Business with PBX, SIP, and VOIP capabilities.

Technical Leadership: Served as a critical level 3 resource and the primary escalation point for a team of twelve members, guiding them through complex technical challenges.

Customer Support: Supported over 250 customers in cloud environments, facilitating smooth onboarding processes and ensuring a high level of customer satisfaction.

Application Management: Managed support for over one thousand applications, ranging from end-user applications to server-based systems, encompassing Office 365, Azure, Exchange, and Skype for Business, including PBX, SIP, and VOIP solutions.

System and Network Management: Oversaw and provided expert support across cloud services, SAN infrastructures, network configurations, and both Windows and Linux systems and applications, ensuring operational efficiency and reliability.

Consultation and IT Management: Served as the primary onsite consultant, offering expert advice and management for databases, networks, SAN, and cloud computing environments utilizing Vcenter and Hyper-V technologies.

Client Support and Implementation: Delivered real-time mapping, API, phone systems, and cloud implementations, enhancing client capabilities and operational efficiency.

Disaster Recovery and Collocation: Provided support for clients with offsite disaster recovery collocations, including notable clients like McDonald's and Morphew Photos, ensuring their critical data was safeguarded and readily available.

Infrastructure Support: Managed co-location and onsite server rooms, overseeing air conditioning, power regulations, cabling, server racking, as well as the deployment and maintenance of servers and appliances.

Operating Systems and Maintenance: Administered both Windows and Linux servers, covering applications and operating system support, alongside conducting regular maintenance and backup tasks.

Server Infrastructure Support: Business-As-Usual (BAU) support, maintaining the Standard Operating Environment (SOE) for server infrastructure.

Global Network Implementation: Implemented a fully meshed global network, integrating company infrastructure and applications with SolarWinds for monitoring and alert notifications. This extensive network setup included Infoblox, Silver Peak appliances, Palo Alto networks for security system/routing, Juniper EX switches and SRX routers, subnetting, a DMZ, and a Juniper virtual chassis spanning the Kronos global network.

VOIP System Deployment: Rolled out a least-cost routing VOIP phone system across Australia, enhancing communication for remote users with QOS between offices and mobile GSM/SIP gateways, alongside IVR system management.

Data Centre Migration: Managed the migration of all servers/server rooms to the Equinix data centre, incorporating full backup and disaster recovery solutions.

Telecommunications Management: Oversaw mobile/data and wireless contracts with major providers, ensuring a fully meshed and redundant network.

ROI Reporting/Budgeting: Delivered reports on the cost-effective ROI of IT investments at Kronos, including ESX-hosted images, VMware VCenter 5.1 and 5.5 at interstate locations, HP 3PAR filer, NetApp SAN, HP Backup Libraries, and all related IT contracts.

International Support: Provided international support on servers, SAN, and network to teams globally, covering deduplication, fibre pathing, zoning, subnet calculations and design, VLAN setups, SAN and virtual environment design, and wireless network implementation using Blue Socket and Symbol technologies.

Virtual Classroom Design: Spearheaded the design and implementation of the Kronos virtual classroom using Adobe classroom environments, establishing a fully remote training environment.

Career at Seagate as a support representative, evolving into a key IT team infrastructure resource for issues in APAC.

Transitioned into backend IT support as Seagate expanded into Seagate Software/Veritas, later focusing on cloud support with VMware vCenter as an Infrastructure Engineer.

Served as a primary resource for Crystal Enterprise, Crystal Reports, and various software platforms under the company's portfolio.

Managed support for all internal client/server-side applications, operating systems, and Citrix users.

Travelled across Asia Pacific to address significant customer issues in software platforms.