Cyber Security Professional / People Leader / Cloud Security Advocate / Internet Explorer

I want to work, for the best, with the best and help them be the best…

Melbourne
Australia
Working 100% remotely

dave@david-clarke.id.au
+61 Please reach out to me privately (email/keybase) if you require my mobile #

Did a pesky recruiter send you this as a PDF? Ugh, please use this

A Little Bit About Me

I loathe writing CV’s, but I understand why it’s required, hence why it’s now in a Code Repository. Simple to update, modern, backed up and demonstrates many technical skills right off the bat.

I honestly think you should get a good picture of who I am, what I do and what might be a good future fit for me from the links above. OSINT

This CV is ordered deliberately. In my opinion, in order of importance.

Starting with me, an informal and honest introduction.

Followed by what I work on day to day and am responsible for, my skillset and what I’m passionate about.

Followed by my work history.

Followed by my training and education.

What I love doing is TALKING to people…. So please feel free to get in contact with me and setup a chat.

Anyway, all the boring stuff below…

Skillset / Passions / Areas of Interest

Cyber Security People Leadership - Hiring, building, growing and reatining top Security Talent while ensuring they are supported in career growth, interesting and fulfilling work.
“As a leader, I want to hire good people and then get out of their way…“

Blue Team operations and leadership. Leading teams that are the protectors of the business or customers.

Cyber Security Culture, Awareness & Uplift

Cyber Security Leadership - vCISO, CISOaaS, Deputy CISO etc..

Cyber Security Strategy

Cyber Security Evangelist (is there a non-religious equivalent? If so, that….)

Cloud Security, with preference to

MEDR Technologies with preference to CrowdStrike

Attack Surface Management tooling and strategy

Digital Risk Protection tooling and strategy

Working with clients to assist in Security maturity uplift and continual service improvement

BugBountys - from a client (SaaS) side though, assisting companies doing the initial discovery and beginning their journey into Bug Bounty programs via BugCrowd, HackerOne, Cobalt.IO etc…

Data Centre - have historically completed a significant amount of work and large projects in Data Centres. Always something I’ve enjoyed.

Love communicating, collaborating and generally working with teams (both internal and external) on Slack

And more broadly…

Music, Motorsport, Camping, Hiking…

Experience

2022 - Ongoing

CrowdStrike

Manager, Falcon Complete

I am lucky enough to lead a team of the best Analysts on the globe that stop the most sophisticated hackers and adversaries targeting our many customers.

“We Stop Breaches” - The Falcon Complete MDR offering commits to outcomes, not just SLA’s.

Our Falcon Complete analysts own the full response to intrusions, including surgical remediation of threats in near real time. With Falcon Complete, intrusions are often detected and eradicated before attackers are even able to leverage their access.

The Falcon Complete team is composed of seasoned security professionals who have experience in incident handling, incident response, forensics, SOC analysis and IT administration. The team has a global footprint, allowing true 24/7 “follow the sun” coverage.

2019 - 2021

CyberCX

SOC Operations Manager - VIC - Managed Security Services

In my role as SOC Operations Manager (VIC) MSS I am responsible for overall delivery, performance and continual service improvement of Managed Security Operations Centre (SOC), Security Information and Event Management (SIEM), Vulnerability Management System (VMS), Managed Endpoint Detection & Response (MEDR) and Digital Forensics & Incident Response (DFIR) offerings.

The SOC Operations Manager (VIC) MSS is a key member of the MSS leadership team in the region. The Manager - SOC Operations (VIC) MSS leads the activities and management of the Managed Security Services operations team in the region, positioning CyberCX as Australia’s greatest force of cyber security professionals.

Senior Service Delivery Manager

In my role @ CyberCX I am responsible for

Service Delivery Management - Managed SIEM, SOC, VMS, MEDR, DFIR
Service Transition - Project -> BAU
Service Delivery Governance
Service Level Risk Management

Security Operations Management:
Lead and Owner of SecOps Process & Procedures
Lead and Owner of SecOps Governance
Continual Service Improvement
Enhancement and Innovation
Service Activation and Onboarding
Bridge between Service Delivery and Security Operations

CyberSecurity Project Management

PreSales engagements for CyberCX portfolio offerings

2019 - 2020

Enosys Solutions

Senior Service Delivery Manager

(this role folded into CyberCX in July 2020)

Please see the role above for details

2016 - 2019

PageUp

Global Head Of Security & Compliance

I was promoted into this global role to ensure PageUp’s IT Assets are secured by best of breed technology, practices and processes whilst maintaining compliance with relevant contractual and industry obligations in order to accelerate the growth of PageUp. Growing the team was also an important function in this role.

Create, maintain and operate PageUp’s cyber security strategy leveraging appropriate technology, threat information, training and operational processes in order to reduce the likelihood of business critical security breaches.

Track and communicate technology risk to the business in order to ensure the leadership team are adequately informed to make decisions on resource allocation, budgets and risk mitigation.

Support the growth of the business in all targeted markets by externally promoting PageUp’s security platform USP to clients, prospects and the wider market. Ensure PageUp gains/maintains appropriate security credentials and certifications to leverage in promotion of USP.

Manage and maintain a security technology budget with appropriate spend to meet the needs of the operation and implementation of the cyber security strategy

Champion and embed a culture of security awareness and practices in order to enable autonomous teams to progress unimpeded whilst ensuring security of outcomes delivered.

ISO Compliance & Security Officer

Please use LinkedIn if you’d like more information on this role.

2012 - 2016

VicSuper

Analyst IT Security & Operations

Please use LinkedIn if you’d like more information on this role.

IT Infrastructure Specialist

Please use LinkedIn if you’d like more information on this role.

Pre 2012

Previous Work History

Previous work history before 2012 can be provided on request or visible on my LinkedIn

Blogs & Articles

Dates stated on articles - Ongoing

Links: LinkedIn - Medium - Other

Tackling MFA for AWS Organization Member Accounts - -
With the recent advice published by AWS around best practice for MFA on AWS Organisations (not a typo ) management and member accounts, I thought it would be a good chance to write up how I tackled this previously and hopefully provide some guidance for others.

GDPR & PageUp Security -
The aim of this article is to talk though some key GDPR terms and the parts of the GDPR that matter to our clients and how we are addressing them.

PageUp Passwords — Housekeeping and Best Practice -
A short piece on password best proactive for SaaS and the options that PageUp provided for clients. SSO vs Non-SSO.

AusPost Parcel Lockers — Hardening Required -
I wanted to call this piece AusPost Parcel Lockers - Insecure by Design but we agreed to change it. A write up on a discovered Security weakness and the follow ups, disclosures etc.

PageUp Disabling TLS 1.0
A blog discussing the reason for the disablement of TLS 1.0, who, what, when, why etc…

Deleted your Yahoo! Account? Check again… -
A write up of the mess that was deleting a Yahoo account post their Security Incident.

G Suite + SPF, why bother?
A piece on the very frustrating shortcomings and insecurities of GSuite SPF and DKIM implementation, which was thankfully fixed.

Stevie Ray Vaughan — Cast of Thousands
Eh, not tech related, but a passion piece.

Training

Ongoing

My preferred way of learning is on the job, with smart, driven and passionate people!

2022

CCFA - CrowdStrike Certified Falcon Administrator - CrowdStrike University

CrowdStrike Certified Falcon Administrators effectively manage the Falcon platform based on the risk profile of your business, including:

• Effective user management
• Deploying and managing the Falcon sensor
• Configuring deployment and prevention policies based on business risk
• Configuring allowlists, blocklists, and file-path exclusions
• Conducting administrative reporting

2016 AWS Security Fundamentals

This self-paced course is designed to introduce you to fundamental cloud computing and AWS security concepts including AWS access control and management, governance, logging, and encryption methods. It also covers security-related compliance protocols and risk management strategies, as well as procedures related to auditing your AWS security infrastructure.

Nessus Deployment — Tenable University

Nessus Scanning — Tenable University

Nessus Analysis and Reporting — Tenable University

2011

ITIL-F HDAA, Melbourne

This certification verifies that support center professionals possess the knowledge of the ITIL® framework necessary to support an ITIL initiative. ITIL Foundation certified individuals have demonstrated their awareness of the ITIL processes and terms and satisfied the prerequisite requirement for pursuing additional ITIL certifications.

Education

2005-2006 Customised Course, EXCOM Education, Melbourne, VIC, AUS.
Given my previous credits earned in my diploma, I sat a customised course at EXCOM Education which consisted of the CompTIA A+ Hardware and Software Course and the Career Builder Course. Once completed I was hired by EXCOM.

2004-2006 Diploma of eBusiness Support, Computer Power Training Institute, Melbourne, VIC, AUS.
The course provides the comprehensive training needed in today’s business world to develop and support electronic business solutions. Completion of the course includes the attainment of two of the industry’s highly sought, globally recognised vendor certifications:Microsoft Certified Professional and either a CompTIA i-Net+ or Red Hat Linux Certified Technician certification.

2003 VCE, Successfully completed Year 12 and achieved my VCE, State School FTW.

Conference activity

2019

BSides Melbourne 2019

Speaker, Strengthening Security in a Post-Incident World.

I spoke @ the inaugural BSides Melbourne 2019 on “Strengthening security in a post-incident world”

The structure of my talk was to talk about the incident, who we are, the legislative landscape that we faced, the challenges we saw and how to strengthen security from the lessons we learnt, both technical and non technical.

The goal of the talk was to share with the wider Security community what happened, share knowledge and leanings, and give attendees easy to implement suggestions for potential uplift at their own companies.

Interests

Come on, we covered this above… OSINT. Hit up my then we can talk or or or

Languages

Native: English

Basic: None, yet, hopefully Italian soon :)

Personal

Birth date: I’m likely applying for a Security role, so adding this should fail me instantly. Plus you don’t need this information at this stage of the recruitment process anyway.

Citizenship: Australian Citizen

Clearances: None currently, eligible and willing to obtain

Family: Married, Dad to two

References

Available on request only..

Source

Clone away, help yourself..