Cyber Security Professional / People Leader / Cloud Security Advocate / Internet Explorer
Also available remotely
+61 Please reach out to me privately (email/keybase) if you require my mobile #
KeyBase - davidclarke_au
PGP - 1234 E339 C30C C855
GitHub - davidclarke-au
GitLab - davidclarke-au
Canary 1 Canary 2
Did a pesky recruiter send you this as a PDF? Ugh, please use this
A Little Bit About Me
I loathe writing CV’s, but I understand why it’s required, hence why it’s now in a Code Repository. Simple to update, modern, backed up and demonstrates many technical skills right off the bat.
I honestly think you should get a good picture of who I am, what I do and what might be a good future fit for me from the links above. OSINT
This CV is ordered deliberately. In my opinion, in order of importance.
Starting with me, an informal and honest introduction.
Followed by what I work on day to day and am responsible for, my skillset and what I’m passionate about.
Followed by my work history.
Followed by my training and education.
What I love doing is TALKING to people…. So please feel free to get in contact with me and setup a chat.
Anyway, all the boring stuff below…
Skillset / Passions / Areas of Interest
Cyber Security Culture, Awareness & Uplift
Cyber Security Leadership - vCISO, CISOaaS, Deputy CISO etc..
Cyber Security Strategy
Cyber Security Evangelist (is there a non-religious equivalent? If so, that….)
Cloud Security, with preference to
MEDR Technologies with preference to CrowdStrike
Attack Surface Management tooling and strategy
Digital Risk Protection tooling and strategy
Working with clients to assist in Security maturity uplift and continual service improvement
BugBountys - from a client (SaaS) side though, assisting companies doing the initial discovery and beginning their journey into Bug Bounty programs via BugCrowd, HackerOne, Cobalt.IO etc…
Data Centre - have historically completed a significant amount of work and large projects in Data Centres. Always something I’ve enjoyed.
And more broadly…
Music, Motorsport, Camping, Hiking…
2019 - Present
SOC Operations Manager - VIC - Managed Security Services
In my role as SOC Operations Manager (VIC) MSS I am responsible for overall delivery, performance and continual service improvement of Managed Security Operations Centre (SOC), Security Information and Event Management (SIEM), Vulnerability Management System (VMS), Managed Endpoint Detection & Response (MEDR) and Digital Forensics & Incident Response (DFIR) offerings.
The SOC Operations Manager (VIC) MSS is a key member of the MSS leadership team in the region. The Manager - SOC Operations (VIC) MSS leads the activities and management of the Managed Security Services operations team in the region, positioning CyberCX as Australia’s greatest force of cyber security professionals.
Senior Service Delivery Manager
In my role @ CyberCX I am responsible for
Service Delivery Management - Managed SIEM, SOC, VMS, MEDR, DFIR
Service Transition - Project -> BAU
Service Delivery Governance
Service Level Risk Management
Security Operations Management:
Lead and Owner of SecOps Process & Procedures
Lead and Owner of SecOps Governance
Continual Service Improvement
Enhancement and Innovation
Service Activation and Onboarding
Bridge between Service Delivery and Security Operations
CyberSecurity Project Management
PreSales engagements for CyberCX portfolio offerings
2019 - 2020
Senior Service Delivery Manager
(this role folded into CyberCX in July 2020)
Please see the role above for details
2016 - 2019
Global Head Of Security & Compliance
I was promoted into this global role to ensure PageUp’s IT Assets are secured by best of breed technology, practices and processes whilst maintaining compliance with relevant contractual and industry obligations in order to accelerate the growth of PageUp. Growing the team was also an important function in this role.
Create, maintain and operate PageUp’s cyber security strategy leveraging appropriate technology, threat information, training and operational processes in order to reduce the likelihood of business critical security breaches.
Track and communicate technology risk to the business in order to ensure the leadership team are adequately informed to make decisions on resource allocation, budgets and risk mitigation.
Support the growth of the business in all targeted markets by externally promoting PageUp’s security platform USP to clients, prospects and the wider market. Ensure PageUp gains/maintains appropriate security credentials and certifications to leverage in promotion of USP.
Manage and maintain a security technology budget with appropriate spend to meet the needs of the operation and implementation of the cyber security strategy
Champion and embed a culture of security awareness and practices in order to enable autonomous teams to progress unimpeded whilst ensuring security of outcomes delivered.
ISO Compliance & Security Officer
My role at PageUp at a high level boils down to maintaining and constantly improving PageUp’s Information Security Management System (ISMS) ensuring PageUp People’s security practices meet the needs of its clients and industry standards.
Key tasks include -
maintenance of ISO 27001 certification
manage information security risks (identify, assess, document, propose treatments and manage action plans)
work with other team members to implement a variety of information security controls
conduct regular checks on the effectiveness of security controls
arrange regular information security meetings and audits
document clear and concise procedures and configuration standards to meet policy and audit requirements
regularly review and update information security policies
process information security incident reports and any suggestions for information security improvements
develop information security awareness material and run awareness sessions
work with other team members to assess the information security risks related to new initiatives and identify appropriate controls
develop information security responses to tenders and client queries
monitor security threats and bulletins
monitor data privacy threats and bulletins
perform Adhoc duties as assigned
2012 - 2016
Analyst IT Security & Operations
The purpose of the role is to provide technical expertise and assistance in security operations, projects, infrastructure and daily business needs.
There is a high degree of complexity in the role, balancing projects, vendor management, change management, problem management and incident management.
IT Operations administration
IT Infrastructure Specialist
The purpose of the role is to provide technical expertise and assistance in projects, infrastructure and daily business needs.
Previous Work History
Previous work history before 2012 can be provided on request or visible on my LinkedIn
Blogs & Articles
Dates stated on articles - Ongoing
Links: LinkedIn - Medium - Other
Tackling MFA for AWS Organization Member Accounts - -
With the recent advice published by AWS around best practice for MFA on AWS Organisations (not a typo ) management and member accounts, I thought it would be a good chance to write up how I tackled this previously and hopefully provide some guidance for others.
AusPost Parcel Lockers — Hardening Required -
I wanted to call this piece AusPost Parcel Lockers - Insecure by Design but we agreed to change it. A write up on a discovered Security weakness and the follow ups, disclosures etc.
My preferred way of learning is on the job, with smart, driven and passionate people!
AWS Security Fundamentals
This self-paced course is designed to introduce you to fundamental cloud computing and AWS security concepts including AWS access control and management, governance, logging, and encryption methods. It also covers security-related compliance protocols and risk management strategies, as well as procedures related to auditing your AWS security infrastructure.
Nessus Deployment — Tenable University
Nessus Scanning — Tenable University
Nessus Analysis and Reporting — Tenable University
ITIL-F HDAA, Melbourne
This certification verifies that support center professionals possess the knowledge of the ITIL® framework necessary to support an ITIL initiative. ITIL Foundation certified individuals have demonstrated their awareness of the ITIL processes and terms and satisfied the prerequisite requirement for pursuing additional ITIL certifications.
Customised Course, EXCOM Education, Melbourne, VIC, AUS.
Given my previous credits earned in my diploma, I sat a customised course at EXCOM Education which consisted of the CompTIA A+ Hardware and Software Course and the Career Builder Course. Once completed I was hired by EXCOM.
Diploma of eBusiness Support, Computer Power Training Institute, Melbourne, VIC, AUS.
The course provides the comprehensive training needed in today’s business world to develop and support electronic business solutions. Completion of the course includes the attainment of two of the industry’s highly sought, globally recognised vendor certifications:Microsoft Certified Professional and either a CompTIA i-Net+ or Red Hat Linux Certified Technician certification.
VCE, Successfully completed Year 12 and achieved my VCE, State School FTW.
BSides Melbourne 2019
Speaker, Strengthening Security in a Post-Incident World.
I spoke @ the inaugural BSides Melbourne 2019 on “Strengthening security in a post-incident world”
The structure of my talk was to talk about the incident, who we are, the legislative landscape that we faced, the challenges we saw and how to strengthen security from the lessons we learnt, both technical and non technical.
The goal of the talk was to share with the wider Security community what happened, share knowledge and leanings, and give attendees easy to implement suggestions for potential uplift at their own companies.
Basic: None, yet, hopefully Italian soon :)
Birth date: I’m likely applying for a Security role, so adding this should fail me instantly. Plus you don’t need this information at this stage of the recruitment process anyway.
Citizenship: Australian Citizen
Clearances: None currently, eligible and willing to obtain
Family: Married, Dad to one
Available on request only..
Clone away, help yourself..