David Clarke


Cyber Security Professional / People Leader / Cloud Security Advocate


Melbourne
Australia
Also available remotely

dave@david-clarke.id.au
+61 Please reach out to me privately (email/keybase) if you require my mobile #

A Little Bit About Me

I loathe writing CV’s, but I understand why it’s required, hence why it’s now in a Code Repository. Simple to update, modern, backed up and demonstrates many technical skills right off the bat.

I honestly think you should get a good picture of who I am, what I do and what might be a good future fit for me from the links above. OSINT

This CV is ordered deliberately. In my opinion, in order of importance.

Starting with me, an informal and honest introduction.

Followed by what I work on day to day and am responsible for, my skillset and what I’m passionate about.

Followed by my work history.

Followed by my training and education.

What I love doing is TALKING to people…. So please feel free to get in contact with me and setup a chat.

Anyway, all the boring stuff below…

Skillset / Passions / Areas of Interest

Cyber Security Culture, Awareness & Uplift

Cyber Security Leadership

Cyber Security Strategy

Cyber Security Evangelist (is there a non-religious equivalent? If so, that….)

Cloud Security, with preference to

Working with clients to assist in Security maturity uplift and continual service improvement

BugBountys - from a client (SaaS) side though, assisting companies doing the initial discovery and beginning their journey into Bug Bounty programs via BugCrowd, HackerOne, Cobalt.IO etc…

Data Centre - have historically completed a significant amount of work and large projects in Data Centres. Always something I’ve enjoyed.

Experience

2019 - Present

CyberCX

SOC Operations Manager - VIC - Managed Security Services

In my role as SOC Operations Manager (VIC) MSS I am responsible for overall delivery, performance and continual service improvement of Managed Security Operations Centre (SOC), Security Information and Event Management (SIEM), Vulnerability Management System (VMS), Managed Endpoint Detection & Response (MEDR) and Digital Forensics & Incident Response (DFIR) offerings.

The SOC Operations Manager (VIC) MSS is a key member of the MSS leadership team in the region. The Manager - SOC Operations (VIC) MSS leads the activities and management of the Managed Security Services operations team in the region, positioning CyberCX as Australia’s greatest force of cyber security professionals.

Senior Service Delivery Manager

In my role @ CyberCX I am responsible for

Service Delivery Management - Managed SIEM, SOC, VMS, MEDR, DFIR
Service Transition - Project -> BAU
Service Delivery Governance
Service Level Risk Management

Security Operations Management:
Lead and Owner of SecOps Process & Procedures
Lead and Owner of SecOps Governance
Continual Service Improvement
Enhancement and Innovation
Service Activation and Onboarding
Bridge between Service Delivery and Security Operations

CyberSecurity Project Management

PreSales engagements for CyberCX portfolio offerings

2019 - 2020

Enosys Solutions

Senior Service Delivery Manager

(this role folded into CyberCX in July 2020)

Please see the role above for details

2016 - 2019

PageUp

Head Of Security & Compliance

I was promoted into this global role to ensure PageUp’s IT Assets are secured by best of breed technology, practices and processes whilst maintaining compliance with relevant contractual and industry obligations in order to accelerate the growth of PageUp. Growing the team was also an important function in this role.

Create, maintain and operate PageUp’s cyber security strategy leveraging appropriate technology, threat information, training and operational processes in order to reduce the likelihood of business critical security breaches.

Track and communicate technology risk to the business in order to ensure the leadership team are adequately informed to make decisions on resource allocation, budgets and risk mitigation.

Support the growth of the business in all targeted markets by externally promoting PageUp’s security platform USP to clients, prospects and the wider market. Ensure PageUp gains/maintains appropriate security credentials and certifications to leverage in promotion of USP.

Manage and maintain a security technology budget with appropriate spend to meet the needs of the operation and implementation of the cyber security strategy

Champion and embed a culture of security awareness and practices in order to enable autonomous teams to progress unimpeded whilst ensuring security of outcomes delivered.


ISO Compliance & Security Officer

My role at PageUp at a high level boils down to maintaining and constantly improving PageUp’s Information Security Management System (ISMS) ensuring PageUp People’s security practices meet the needs of its clients and industry standards.

Key tasks include -
maintenance of ISO 27001 certification
manage information security risks (identify, assess, document, propose treatments and manage action plans)
work with other team members to implement a variety of information security controls
conduct regular checks on the effectiveness of security controls
arrange regular information security meetings and audits
document clear and concise procedures and configuration standards to meet policy and audit requirements
regularly review and update information security policies
process information security incident reports and any suggestions for information security improvements
develop information security awareness material and run awareness sessions
work with other team members to assess the information security risks related to new initiatives and identify appropriate controls
develop information security responses to tenders and client queries
monitor security threats and bulletins
monitor data privacy threats and bulletins
perform Adhoc duties as assigned

2012 - 2016

VicSuper

Analyst IT Security & Operations

The purpose of the role is to provide technical expertise and assistance in security operations, projects, infrastructure and daily business needs.

There is a high degree of complexity in the role, balancing projects, vendor management, change management, problem management and incident management.

Security Operations
Project Management/Coordination
IT Operations administration
Stakeholder management
ServiceDesk Support
SOE/desktop management

IT Infrastructure Specialist

The purpose of the role is to provide technical expertise and assistance in projects, infrastructure and daily business needs.

Pre 2012

Previous Work History

Previous work history before 2012 can be provided on request or visible on my LinkedIn

Blogs & Articles

Dates stated on articles - Ongoing

Links: LinkedIn - Medium - Other

Tackling MFA for AWS Organization Member Accounts - -
With the recent advice published by AWS around best practice for MFA on AWS Organisations (not a typo ) management and member accounts, I thought it would be a good chance to write up how I tackled this previously and hopefully provide some guidance for others.

GDPR & PageUp Security -
The aim of this article is to talk though some key GDPR terms and the parts of the GDPR that matter to our clients and how we are addressing them.

PageUp Passwords — Housekeeping and Best Practice -
A short piece on password best proactive for SaaS and the options that PageUp provided for clients. SSO vs Non-SSO.

AusPost Parcel Lockers — Hardening Required -
I wanted to call this piece AusPost Parcel Lockers - Insecure by Design but we agreed to change it. A write up on a discovered Security weakness and the follow ups, disclosures etc.

PageUp Disabling TLS 1.0
A blog discussing the reason for the disablement of TLS 1.0, who, what, when, why etc…

Deleted your Yahoo! Account? Check again… -
A write up of the mess that was deleting a Yahoo account post their Security Incident.

G Suite + SPF, why bother?
A piece on the very frustrating shortcomings and insecurities of GSuite SPF and DKIM implementation, which was thankfully fixed.

Stevie Ray Vaughan — Cast of Thousands
Eh, not tech related, but a passion piece.

Training

Ongoing

My preferred way of learning is on the job, with smart, driven and passionate people!


2016 AWS Security Fundamentals

This self-paced course is designed to introduce you to fundamental cloud computing and AWS security concepts including AWS access control and management, governance, logging, and encryption methods. It also covers security-related compliance protocols and risk management strategies, as well as procedures related to auditing your AWS security infrastructure.

Nessus DeploymentTenable University

Nessus ScanningTenable University

Nessus Analysis and ReportingTenable University

2011

ITIL-F HDAA, Melbourne

This certification verifies that support center professionals possess the knowledge of the ITIL® framework necessary to support an ITIL initiative. ITIL Foundation certified individuals have demonstrated their awareness of the ITIL processes and terms and satisfied the prerequisite requirement for pursuing additional ITIL certifications.

Education

2005-2006 Customised Course, EXCOM Education, Melbourne, VIC, AUS.
Given my previous credits earned in my diploma, I sat a customised course at EXCOM Education which consisted of the CompTIA A+ Hardware and Software Course and the Career Builder Course. Once completed I was hired by EXCOM.

2004-2006 Diploma of eBusiness Support, Computer Power Training Institute, Melbourne, VIC, AUS.
The course provides the comprehensive training needed in today’s business world to develop and support electronic business solutions. Completion of the course includes the attainment of two of the industry’s highly sought, globally recognised vendor certifications:Microsoft Certified Professional and either a CompTIA i-Net+ or Red Hat Linux Certified Technician certification.

2003 VCE, Successfully completed Year 12 and achieved my VCE, State School FTW.

Conference activity

2019

BSides Melbourne 2019

Speaker, Strengthening Security in a Post-Incident World.

I spoke @ the inaugural BSides Melbourne 2019 on “Strengthening security in a post-incident world”

The structure of my talk was to talk about the incident, who we are, the legislative landscape that we faced, the challenges we saw and how to strengthen security from the lessons we learnt, both technical and non technical.

The goal of the talk was to share with the wider Security community what happened, share knowledge and leanings, and give attendees easy to implement suggestions for potential uplift at their own companies.

Interests

Come on, we covered this above… OSINT. Hit up my then we can talk or or or

Languages

Native: English

Basic: None, yet, hopefully Italian soon :)

Personal

Birth date: I’m likely applying for a Security role, so adding this should fail me instantly. Plus you don’t need this information at this stage of the recruitment process anyway.

Citizenship: Australian Citizen

Clearances: None currently, eligible and willing to obtain

Family: Married, Dad to one

References

Available on request only..

Source

Clone away, help yourself..

Badge License