Speakers

Chathura is a trusted cybersecurity advisor with over 20 years of industry experience. He is also an advisory board member of the CREST Australasia. He has delivered complex technical Cyber security assessment programs and Incident Response engagements for a number of high profile Australian and global organisations.

Gabriel Akindeju is an innovative and strategic Technology Risk Management and Security Management thought leader with background in Enterprise Technology Risk Management and Enterprise Security Governance and Architecture; Information Systems Management; Instrumentations and Controls Engineering; Electronic Electrical Engineering; PRInCEII and Agile practices. His overall objectives are to help organisations (1) leverage effective technology risk management and security for the creation of stakeholder values by optimising risk-reward dynamics (i.e. improve Risk Agility and Controls Optimisation Efficiencies);  (2) prevent value erosion via the deployment of effective risk and security operations management framework and processes (i.e. optimise Risk Posture and minimise Risk Profile);  and (3) safely and securely recover, if and when, business disruptions occur due to technology related issues and/or events (i.e. improve resilience and incident response readiness).

Gabriel is skilled in transformational Enterprise Technology Risk Management and Security capability maturity uplifts and has helped various organisations, including in his current role, bootstrap capability maturity programmes through structured yet agile architectural frameworks and processes.  He has a special knack for senior leadership engagement and can drive positive uplift in enterprise culture shift through simple, easy to manage and yet effective initiatives.

Gabriel is a prolific innovator and an advocate of continuous improvements through adoption and applications of complex adaptive system integration concepts.  He is passionate about the alignment and transformation of technologies; and technology governance and management processes into strategic enablers and competitive differentiators for businesses through risk optimisation.

Gabriel was the winner (one of 2) of the UK’s 2006 best IS dissertation award for his work on RFId, courtesy of the ISACA, UK; Gabriel also won the ISACA Certificate of Excellence Award in 2006, courtesy of the ISACA Auckland Chapter; and was cited in the 2008 edition of Marquis Who’s Who in the world. Gabriel won an Oceania Geographic Region CRISC award in Dec 2012; and more recently was cited in the Volume 4 (June 2020) of the ISACA Journal – Building Enterprise Security Programme.

Gabriel often speaks at professional seminars and likes to help professional candidates seeking certifications through both formal review seminars and informal mentorship. He enjoys professional teams, who pride in value creation, professionalism, & training and promote personal professional development as tools to defining, creating, and delivering superlative customer experiences

Rodney is an accomplished information security professional with more than two decades of experience across diverse industries including large corporate, telecommunications, energy, healthcare, and major financial sectors. Currently, he is dedicated to giving back to society, as the Head of Information Security & Compliance (aka CISO) at Barnardos Australia. There, he exercises thought leadership by crafting practical, risk-appropriate security visions and roadmaps through a commitment to continual improvement.

Bharat is a highly accomplished Technology Risk leader with two decades of experience navigating the complex landscapes of Artificial Intelligence, Machine Learning, Cybersecurity, and Privacy. I have partnered with three of the “Big Four” Australian banks, spearheading large-scale transformative projects and architecting robust technology risk mitigation strategies that demonstrably safeguard operations, enabling customer objectives. My approach blends deep industry expertise with incisive strategic thinking, consistently delivering tangible business value.

I am instrumental in the implementation and governance of Machine Learning, Generative AI, and AI Agentic systems. My responsibilities encompass the identification of technology risks and evolving compliance requirements, coupled with the development and implementation of comprehensive guardrails.

As a dedicated Board Director at the ISACA Melbourne Chapter, I am deeply committed to enhancing the professional capabilities of our community. I actively shape and execute the Chapter’s certification strategy and lead the delivery of ISACA certification training programs, empowering individuals to excel in their respective fields.

In previous leadership roles, I cultivated a pragmatic approach to Governance, Risk, and Compliance (GRC), consistently delivering outcome-based value in managing a broad spectrum of risks.

Paul is a seasoned security leader with over 35 years’ experience across Law Enforcement, Defence, Intelligence, and the private sector, spanning New Zealand, the USA, the UK, Europe, and now Melbourne, Australia.

A certified SABSA® practitioner and accredited Business Change expert, he has held key leadership and operational roles including CISO for New Zealand Police, Security Architect and Information Manager, and founder of his consultancy, Hi-Spec Security.

Since 2023, he has served as CISO and Privacy Officer at Grant Thornton, leading Business Assurance initiatives focused on security and privacy strategy, governance, compliance, and risk management.

Currently, Paul is deeply engaged in exploring the paradoxes of AI and data privacy.

In his 50+ years of in-depth experience in IT and security consulting, systems management and technical implementations, Glen Bruce has focused on Security Frameworks, Strategies, Architectures, PKI and Governance supporting business and governments in their approach to managing information and cybersecurity risk.  He has led many information/cyber security engagements, where he has helped clients establish effective strategies, governance, architectures, frameworks, policies, PKIs and infrastructure implementations in support of a wide range of business and technical requirements. Glen is the leader of the SENC workgroup project.

Martin Choluj is a seasoned cybersecurity executive with over 15 years of experience in the field. He currently serves as the CISO at ClickHouse, an open-source, column-oriented OLAP database management system for real time analytics, machine learning, GenAI, observability and data warehousing. In this role, he leads the company’s security, privacy, IT operations and engineering productivity initiatives.

Before joining ClickHouse, Choluj was the CISO at Campaign Monitor, where he oversaw security functions across multiple martech SaaS brands. His prior experience includes roles at the Reserve Bank of Australia, the Central Bank of Ireland and Symantec.

Choluj holds a Master’s Degree in Security and Forensic Computing from Dublin City University and a Bachelor’s Degree in Information Technology. He has earned multiple certifications, including CISSP and GIAC GSE.

In addition to his professional roles, Choluj is an advisor to venture capital firms and an angel investor. He is also a member of Silicon Valley CISO Investments (SVCI), an invite-only community of cybersecurity leaders turned investors.

Andra Cimpean works as Senior Cyber Security Specialist for Department of the Premier and Cabinet of WA, advising state government entities on their cyber maturity journey.

As a former professional chess player, she brings in a unique perspective with her strategic and problem-solving skills. She holds a Master’s in Cyber Security from Edith Cowan University and a Bachelor’s in Psychology along with accreditations such as SABSA Chartered Security Architect and ITILv4. Andra also completed the SABSA A1 Advanced Risk, Governance and Assurance Practitioner course and is currently writing the paper submission.

Andra is the Deputy Chair for the Australian Information Security Association WA Branch. Awarded “Best Volunteer” Award at the CyberCon 2023 for her efforts in organising charity and student-focused initiatives and Finalist for the “One to Watch in Protective Security” at Australian Women in Security Awards 2024, she has contributed to various publications, enjoys public speaking and has been invited as university guest lecturer for cyber students to teach about Enterprise Security.

Prof Clark is an acknowledged expert in Cryptology, Systems Engineering, Information Forensics and Cyber Security.  He has worked in the field of Computer and Information Systems Security and Cryptology since 1984 and is a registered expert witness with more than twenty years’ experience of presenting computer and information systems evidence in a wide range of criminal & civil cases.  He is a co-author of the SABSA Blue Book and was the first recipient of the COSAC award.

Andreas is currently a Director at Accenture Singapore, responsible for the security delivery to mostly clients in the Financial Services industry.

Previously he was working in various Enterprise Security Architecture roles at Standard Chartered Bank in Singapore. At SCB he was responsible for a core Security Architecture team that is delivering the organization’s Security Architecture Framework, Strategy, and relevant Security Capabilities.

Before this he was a Principal Enterprise Security Architect at Australia’s national broadband network (nbn), which is a government owned enterprise, providing critical infrastructure services to millions of Australians. At nbn Andreas was responsible for defining nbn’s Security Strategy and technology roadmap across the organisation.

Prior to nbn, Andreas has worked in management and security consulting for Accenture, Deloitte and HSBC in various roles, lately purely focussing on delivering Enterprise Security Architecture artefacts like Security Architecture Frameworks and Security Models, and Security Technology Roadmaps to name a few. As a consultant Andreas has served clients in various industries across Europe, Asia and Australia.

In addition to his work at SCB, Andreas held multiple positions at the ISACA Melbourne Chapter board and has been an industry advisor to various organisations, like the Victorian’s Government Box Hill Institute and the Security Architecture Working Group of the IoT Alliance Australia. Andreas is also actively involved in the security architecture community and like running monthly workshops for security architects.

Andreas holds a Master of Computer Science degree from the Technical University of Berlin/Germany, is a Certified Information Systems Auditor (CISA), GIAC Security Essentials certified (GSEC exp.), ITIL Foundation certified, and a SABSA certified (SCF) professional.

For over twenty five years, Dimitrios has been a technology executive with a proven success record of delivering future proof information security strategies and helping organisations implement their digital transformation plans with a commensurate level of assurance. Mastering specialisation in business-driven security strategy, architecture and operational resilience, Dimitrios draws strength from the diverse experience in leadership roles, predominantly within financial services, i.e., Head of Enterprise Security Architecture at Visa and Global Head of Information Risk Strategy at HSBC.

Driven by his vision to shift the resilience risk paradigm by challenging core beliefs and driving better decision making, in 2020, Dimitrios founded Qiomos and started providing value-driven services to guide organisations into building resilient services and products. In 2024, this extensive experience led to the launch of the innovative QnousTM solution – a single source of truth to strengthen operational resilience by modelling the organisation’s security posture and centralising security-related information into a single data model. Dimitrios is now working with organisations, across the globe, streamlining their security risk management and truly simplifying their security decision-making.

Reshma is an AI & Data Risk specialist with experience in Security and Technology. She holds a Master’s Degree in Information Technology, is a Certified Data Privacy Solutions Engineer (CDPSE), and is a Graduate of the Australian Institute of Company Directors (GAICD).

With a passion for Data, AI, and emerging technologies, Reshma brings over 20 years of experience working in Australia and New Zealand. She is deeply committed to Data Security and addressing emerging AI challenges. Currently, Reshma serves as a Director at ISACA Melbourne and sits on the Advisory Board for other not-for-profits. Additionally, she contributes as a Subject Matter Expert Reviewer for ISACA’s CDPSE Manual and regularly writes for blogs, podcasts, and security magazines.

Ken Fitzpatrick: Author of securitypatterns.io, a popular website providing information and resources on how to write and apply security patterns and best practices. Director at Patterned Security Consulting, a professional services company helping organisations mature and embed Security by Design into business practices. Engaged with businesses in achieving certification to ISO 27001 and SOC2. An experienced security expert with 20 years of experience across public and private sectors.

Derek Grocke is the founder of Madrock Advisory and a senior practitioner in space, cyber, critical infrastructure and Defence systems. He has over 20 years of experience leading enterprise transformation initiatives that integrate architecture, cybersecurity, simulation, operational readiness and audit.

Derek has advised Defence, national regulators, critical infrastructure, and private sector organisations across Australia and internationally on integrating cyber resilience into business/operations and critical mission operations. Derek specialises include the critical process desktop assessments and the establishment of simulation-enhanced environments for process simulation, training, testing (ICT, operational technologies, financial processing and RF systems), cyber incident response, and business continuity.

His approach is underpinned by many years assessing, establishing alignment and managing businesses needing to align with frameworks including ISO/IEC 27001, ADF supply chain & specific engineering requirements, NIST SP 800-53/160, ISM/DSPF, AU DHS Right Fit For Risk, ZTA (corporate and OT), CISCO SAFE, CPS 232/234, US CMMC, SABSA, TOGAF and the SOCI Act. He is an active contributor to the advancement of practical, cross-disciplinary security education through cyber ranges and simulation, and an active contributor to the US led Space ISAC, NATO Cyber War Games and AU TISN.

Ben Kereopa-Yorke is fascinated by the beautiful complexity that emerges when artificial intelligence meets security. As a Senior Security Consultant – AI at nbn, and an AI and security teacher, mentor, and researcher, he approaches complex security challenges with the same curiosity that drives particle physicists to smash atoms – breaking big problems into understandable pieces and rebuilding them into elegant solutions.

A 2024 AISA Researcher of the Year finalist and co-lead of the OWASP Machine Learning Security Top 10, Ben splits his time between developing practical security frameworks and pushing the boundaries of AI security research as an Associate Editor of IEEE Transactions on Technology and Society. His recent work on AI-enhanced cybersecurity for SMEs and the ClausewitzGPT framework demonstrates his knack for making complex concepts surprisingly simple (and simple concepts surprisingly complex).

When he’s not publishing papers or mentoring the next generation of security professionals, you’ll find him explaining why AI security is fundamentally a human challenge – just with more math and better tools. His collection of certifications (including AWS Machine Learning Specialty and IAPP’s AI Governance Professional) and pursuit of a second Master’s degree from UNSW Canberra are really just symptoms of an uncontrollable urge to understand how things work and then make them work better.

Ben’s committed to helping the Australian cybersecurity community understand and tackle emerging AI security challenges. After all, as he often says, the best security solutions are like good science – elegant in theory and practical in application.

Hassan Khan is a highly experienced Security Researcher with a proven track record of internet-wide scanning and penetration testing. A sought-after speaker, Hassan recently presented at the BlackHatMEA 2022, 2023 conference. His expertise extends to Ruby security, where he has conducted extensive research over the past few years. As a certified OSCP (Offensive Security Certified Professional), Hassan has also made a name for himself as a successful bug bounty hunter on both HackerOne and Bugcrowd.

Hassan’s achievements have earned him recognition in the industry, including inclusion in the Google Security Hall of Fame (2017), Twitter Security Hall of Fame (2017), and Microsoft Security Hall of Fame (2017). He has also conducted extensive research into WordPress security and won the HackFest CTF competition.

In addition to his research, Hassan is also the developer of several security testing tools and an npm scanner for account hijacking, further demonstrating his commitment to the security field and his skills as a developer.

Steven is a cyber security professional with a career spanning over 22 years of experience across a range of industries including finance, energy & utilities, resources, transport, manufacturing, government, health, education, and telecommunications.

Practice Lead of security architects at Astralas, Steven is a practitioner and leader focused on building trust. In providing business-driven and outcome-based value to manage risk effectively, Steven has contributed to the improvement of cyber risk management across many ASX-listed companies and some of Australia’s largest organisations in fields such as security architecture & strategy, managed services, incident response, research and development, and technical solutions and controls.

Previously a Director and sector leader within Deloitte Australia’s Cyber practice, he has also held various leadership and technical positions at Computer Associates, CGI, Fujitsu Australia, Dimension Data, and Zimbani.

A Deakin University alumnus, having double-majored in computer science and information systems, Steven’s post-nominals include: SCF, CISSP, CISM, CCSP, and CDPSE.

Steven is currently the Board Secretary of the ISACA Melbourne Chapter, a return speaker to the COSAC conference having previously presented in Ireland & Melbourne, and a regular speaker at AISA’s Australian Cyber Conference.

An avid supporter and member of the Geelong Football Club, he is passionate about enjoying good food & drink (in particularly wood-fired cooking) with his family and friends.

Abbas Kudrati is a highly experienced cybersecurity practitioner and CISO, currently serving as Silverfort’s Regional Chief Identity & Security Advisor. Previously, Abbas was Microsoft Asia’s Chief Cybersecurity Advisor for the Security Solutions Area. Alongside his work at Silverfort, Abbas serves as an executive advisor to multiple prestigious institutions, including LaTrobe University, HITRUST ASIA, EC Council ASIA, and various security and technology start-ups. Abbas also actively supports the wider security community by mentoring students and working with ISACA Chapters.

With extensive expertise in Identity Security, Identity and Access Management (IDM), Identity Threat Detection and Response (ITDR), and Identity Governance, Abbas has a proven track record of helping organizations strengthen their security postures and protect critical digital assets in an increasingly complex threat landscape.

As a bestselling author, Abbas has published several books that have become industry-standard references, including “Threat Hunting in the Cloud” by Wiley, “Zero Trust Journey Across the Digital Estate” by CRC Press, and “Managing Risks in Digital Transformation” by Packt. He is also the Technical Editor for two books, “Effective Crisis Management” by BPB and “IoT Security with Microsoft Defender for IoT” by Packt, he is currently authoring his latest book on the topic of “Cybersecurity Mesh Architecture – Hype or Hope”.

In addition to his writing, Abbas is a part-time Professor of Practice with LaTrobe University and a sought-after keynote speaker on topics such as Zero-Trust, Cybersecurity, Identity Security, Cloud Security, Governance, Risk, and Compliance. His extensive experience and knowledge make him a valuable asset to any organization seeking to improve its cybersecurity and identity security strategies.

https://aka.ms/abbas

Kirk is a security architect who loves that the job is an endless source of puzzles and learning.He is an SES volunteer, SABSA Institute Board member and instigator of SABSA World Australia.

Someday the novelty will wear off, but not today.

Muhammed Zubair (MZ) Omarjee, is a former Enterprise Security Architect providing advisory to leading banking institutions in South Africa and abroad. He is instrumental in crafting technology strategies as it relates to digital transformation, mobile banking and cyber security. He plays a pivotal role in shaping information technology practices as a transformative business driven and risk-oriented discipline.

Samuel Pinzon is a Senior Cyber Security Architect at Western Power, a critical infrastructure provider in Western Australia’s energy sector. With almost two decades of experience in cybersecurity and enterprise architecture, Samuel specialises in aligning security strategies with business transformation initiatives, regulatory compliance, and operational resilience.

At Western Power, Samuel leads the development of a SABSA-based Enterprise Security Architecture, enabling the organisation to navigate the complexities of digital transformation while  maintaining a risk-informed cyber security posture. His work focuses on creating reusable, interoperable cybersecurity artefacts that bridge the gap between business objectives and technical implementations.

Prior to join Western Power, Samuel worked for about 15 years in the Oil & Gas sector, where he supported the implementation of multiple cybersecurity solutions across both upstream and downstream operations as security architect. He also led programs to implement cybersecurity practices in operational technology (OT) environments, applying the standard IAS/IEC62443 standard.

Samuel holds industry-recognised certifications, including CISSP, SABSA Chartered Foundation (SCF), ISA/IEC62443 Cybersecurity Expert, and TOGAF Foundation. He brings a pragmatic, business-aligned perspective to security architecture and is an advocate for using SABSA as a strategic enabler in complex environments.

Andy is a cyber-security veteran with 30+ years of IT experience, most of which has been in cyber security. From being a software developer for global giants such as IBM, Ericsson & Vodafone, to pen testing and vulnerability research, to more recently as a tech entrepreneur founding 6 firms, including Aura InfoSec, and RedShield Security. Andy is a previous winner of the EY NZ Entrepreneur of the Year, and was inducted into the NZ InfoSec Hall of Fame 2023. His new company Qubit focuses on Digital Safety (keeping humans safe in a modern technical world), and is on the board of both NZTech and the NZITF (NZ Internet Taskforce). He’s also a parttime student, studying a PhD in Digital Safety and Cyber-Engineering.

Joshua Qwek is a business focus, forward-thinking technology & cyber leader who has over nearly two decades of value creation experiences across different industries & sectors spanning higher education, financial services, and industrial sectors.

He brings deep expertise in Governance, Risk, and Compliance (GRC), with hands-on experience implementing and building cyber capabilities and developing architecture functions.

Dr Ahmad Salehi Shahraki is a Lecturer in Cybersecurity at La Trobe University’s Department of Computer Science and Information Technology. He is a recognised expert in decentralised access control, applied cryptography, secure data systems, and blockchain security. His research focuses on privacy-preserving access control, federated trust models, and secure architectures for cloud, IoT, and digital health environments. His extensive publication record in top-tier journals and conferences is a testament to his academic prowess. He actively supervises postgraduate students working at the forefront of cybersecurity innovation, further contributing to the field.

Dr Ahmad Salehi Shahraki is a leader in industry engagement initiatives, working at the intersection of academia and industry to advance applied cybersecurity research and education. He is the driving force behind the La Trobe Cybersecurity Club, a platform that fosters student development and professional engagement. As a member of the university’s Cybersecurity Industry Advisory Board, he plays a crucial role in shaping the future of cybersecurity. His academic journey includes significant roles at La Trobe University, RMIT University, and Monash University. At RMIT, he was instrumental in the Digital CBD initiative and held esteemed research fellow positions at the Blockchain Innovation Hub and the Centre for Cyber Security Research and Innovation. He holds a PhD in Cybersecurity from Monash University and a master’s in research from QUT. Dr Ahmad is an active member of IEEE, AISA, IACR, ACM, and ACS, and is a regular reviewer for leading cybersecurity venues. His work highlights the importance of collaboration, impact, and the development of future-ready cybersecurity capability across
sectors.

Malcolm had a career in the RNZAF before joining GSCB as the Director of Information Systems Security where he developed and managed the national information security programme for New Zealand. As Technical Director CES Communications where he was responsible for developing embedded cryptography products. As Technical Director at BAE Systems Applied Intelligence he managed the security evaluation, reverse engineering and penetration testing teams. His current role as Technical Director at Kode-1 involves management of technical training and consultancy on AI security.  He has held a number of Chief Security Officer roles in the telecommunications field, including Telecom NZ, NBN Co, and Huawei Australia. As a consultant he has undertaken security architecture contracts in the UK, Australia and the Gulf region.

Malcolm has represented Australia and New Zealand in cybersecurity forums internationally, has participated in the ISO and Open Group standards bodies, and has held board roles in both AISA and the SABSA Institute. He is also through Kode-1 a partner in the Global Forum for Cyber Expertise (GFCE).

As a part time academic, Malcolm developed and lectured in the Post Graduate Diploma in Forensics and Security at Canterbury University in New Zealand and is now an adjunct PhD Supervisor at Deakin University in Melbourne.  Malcolm was instrumental in developing and launching the vocational Certificate IV in Cybersecurity throughout Australia.  He has published research in the cybersecurity field, and is the author of numerous online cybersecurity and programming courses published through Linkedin Learning and Offsec.

He is an accredited Functional Safety Engineer (TÜV Rheinland, SIS) where his career has seen him work across autonomous and traditional surface and underground mining operations, ports, rail environments, utility and power (LV + HV), as well as water pipeline networks.

Since 2020 he has focused on supporting critical infrastructure and major hazard facilities; where he is solving problems related to automation, edge compute, hybrid cloud, and industrial data centers.

Luke frequently rides the Architect’s Elevator from the “engine room” to the “executive suite”, is a firm believer in solving business problems with technology instead of technical issues with products and tooling, and is quite cheeky about challenging the norm.

Outside of technology you’ll find him engaging in all sorts of creative shenanigans be that improv theatre, writing on his blog ether-net, or trying to find unsuspecting people to indoctrinate into his Dungeons & Dragons campaigns. He also co-coordinates SABSA World Perth.

Concept definition and early-stage acquisition for secure information and communications systems have been the focus of Carol’s career.  Particularly in military aircraft platform acquisition, Carol has specialized in supporting systems such as command and control, training as well providing guidance on system security requirements for a range of other platforms.

With innovation in technologies, the need to be smart about how security is defined and implemented, Carol has taken the lessons identified earlier in her career to help develop holistic solutions including people, processes, data and infrastructure.  This approach led to the successful implementation of a new specialist cell within Australia’s Air Operations Centre.  Carol’s responsibility within the implementation team was the development of the security artefacts for certification of the systems.

Subsequently Carol was invited to create a ‘green field’ Operational Command and Control Centre for the fifth and future generation Royal Australian Air Force.  Currently awaiting acquisition related information from a major ally, the capability management office is working to create an environment for a successful implementation and transition into service.  Although in the early stages of the ADF’s capability lifecycle model, Carol is working to create a design that is secure, resilient and operational by design.

Pierre Tagle, Ph.D., is an esteemed Information Technology and Cybersecurity professional with over 20 years of experience encompassing extensive consulting, executive
management, and 24×7 operational roles across diverse sectors including government, financial services, manufacturing, not-for-profit and academia. Dr. Tagle is adept at
translating complex security concepts into actionable strategies for both business and technical stakeholders, and is recognized for his analytical acumen and innovative approach to cybersecurity. He holds a Ph.D. in Computer Science and numerous prestigious certifications such as CISA, CISM, CRISC, ISO 27001 Lead Auditor, PCIP, and CDPSE.

In his current role as DXC Technology’s Head of Digital Identity and Zero Trust for Australia and New Zealand, Dr. Tagle leads a team that expertly balances business needs with risk mitigation and cost-effective security solutions. He leads team of close to 50 SMEs covers all four of DXC’s Security service pillars. This includes Cyber Risk & Compliance, Digital Identity, Infrastructure, App & Data Protection, and Cyber Transformation & Operations. Prior roles includes leading advisory and consulting teams in Secureworks and Sense of Security (now part of CyberCX).

His own direct work spans several critical areas including security strategy and roadmap development, compliance and maturity frameworks management, IT and OT security, and business continuity planning. Dr. Tagle’s leadership not only drives the strategic direction of security practices but also fosters a culture of accountability and continuous improvement within his teams.

Danish Tariq is a Security Engineer by profession and a Security researcher by passion. He has been working in Cyber Security for over 8 years and it all started out of a curiosity to break things and look deep down into those things (physical or virtual) back in his teenage years. His major expertise is Penetration Testing and Vulnerability Assessments.

• He was also involved in bug bounty programs as well, where he helped many companies by finding vulnerabilities at different levels. Companies include Microsoft, Apple, Nokia, Blackberry, Adobe,
• Spoke @ BlackHat MEA 2022 (Briefing: Supply-Chain Attacks)
• Featured in “The Register” for an initial workaround for the NPM dependency
• Certified Ethical Hacker, Certified Vulnerability Assessor (CVA), Certified AppSec Practitioner, Certified Network Security Specialist (CNSS), IBM Cyber Security Analyst
• Ex-Chapter Leader @ OWASP
• Ex-Top Rated freelancer (Information security category) on Upwork
• Recent security research and CVEs include – CVE-2022-2848 & CVE-2022-25523
• Served as a Moderator @ OWASP 2022 Global AppSec

A political science nerd, that stumbled into a career in cybersecurity by accident over 14 years ago. Lucky to be selected and work with the Australian national security community within the Australian Signals Directorate, followed by several stints in software product and consulting companies across the UK, Europe and North America.

In the last few years, I’ve moved back to Australia and now work at CyberCX, the leading sovereign cyber security consultancy, solutioning and providing delivery quality assurance across cyber security deliveries on cyber strategies, operating model designs, multi-skillset engineering and integration projects and dabble in assisting penetration testing and threat intelligence integration into non-standard programs of work.

A recent SABSA convert, just beginning my security architecture career, there’s plenty more to learn and understand ahead.