Cybersecurity professional based in Melbourne. ISO/IEC 27001 Lead Auditor with two years of enterprise security experience at Bosch supporting Honda Japan. Currently completing my Master of Cyber Security at RMIT University.
I'm an engineer who fell in love with the business side of security, the conversations, the trade-offs, the stories behind the controls.
My foundation is in computer science, but cybersecurity is where I found my craft. At Bosch Global Software Technologies, I spent two years on automotive cybersecurity for Honda Japan, radar and video ECU projects, secure on-board communication, secure monitoring, and secure lifecycle management. I learned what it means to engineer trust into systems that people depend on every single day.
Now in the final year of my Master of Cyber Security at RMIT University, my focus has shifted decisively toward GRC. My strengths are deep analytical thinking, structured reasoning, and clear stakeholder communication. I genuinely enjoy documentation, control reviews, and translating technical risk into business language that leadership can act on.
I bring a rare combination to the table: an engineer who has implemented controls in production, who now wants to design, govern and audit them at the organisational level.
Beyond the day-to-day engineering, I've represented the cybersecurity practice at internal Bosch events, presenting our ADAS Security portfolio (Secure Boot, SecOC, secure logging, vulnerability monitoring) to stakeholders from across the organisation.
My ongoing publication where governance, risk and compliance frameworks meet real-world scenarios, not theory in isolation, but ISO 27001 and NIST controls mapped to the risks they were actually built to manage.
A growing collection of writeups exploring GRC the way it actually shows up at work, audits and the miscalculations made inside them, what a GRC analyst should actually do during a live attack, framework comparisons, and a recurring series mapping ISO/IEC 27001 Annex A controls to the risks they're designed to address.
An original GRC framework I designed, the GRC Drift Model, paired with a public interactive web application that teaches it. The Drift Model is a six-stage lifecycle showing how compliance and security reality drift apart over time, the controls that exist on paper but don't work in practice. The Lab features a live animated dual-cycle diagram (documented ideal vs silent reality), real-world breach mappings (Optus, Medibank, Latitude, Equifax, Wells Fargo) sourced from primary documents, and planned AI-marked scenario exercises.
View Live LabBuilding practical GRC artefacts hands-on inside the ServiceNow GRC platform, configuring control libraries, authoring policy and control statements, mapping ISO/IEC 27001 Annex A and NIST CSF controls to risks, and producing risk registers, gap analyses, and control assurance summaries. Designed to demonstrate end-to-end GRC tooling fluency, not just theoretical framework knowledge.
Designed a secure voter registration and voting workflow with emphasis on integrity, authentication, and role-based access control. Applied secure SDLC principles to align technical controls with trust, audit, and compliance objectives. Group project for RMIT's Secure Software Development unit.
View on GitHubA computer-vision system supporting India's Anemia Mukt Bharat initiative. Students photograph their mid-day meal; the system identifies the dish, computes calorie and nutrient values, and tracks attendance via facial recognition. Provides a live dashboard for authorities to monitor child nutrition outcomes in government schools. Recognised as one of the best final year projects of 2023.
Implemented HSM-based Secure Boot signature verification for Video ECUs to ensure firmware authenticity and integrity across the boot chain. In parallel, conducted security validation of Secure On-board Communication (SecOC) protocols across CAN and Automotive Ethernet, reporting findings to programme stakeholders.
A research initiative exploring how adaptive behaviour analytics and anomaly detection can be combined to identify data exfiltration attempts, both from malicious insiders and from malware acting on their behalf. The project sits at the intersection of technical detection (UEBA, anomaly modelling) and governance (insider threat policy, monitoring controls, privacy considerations), the kind of cross-domain problem that GRC roles increasingly face.
Showing up for the cybersecurity community in Melbourne, volunteering, attending and learning from the people shaping the field locally.
Beyond conferences, I make it a point to attend talks, meetups and industry events around the city. The Australian cybersecurity community is genuinely welcoming, and the conversations you have at these events shape how you think about the work.
I'm actively seeking GRC Analyst, Cybersecurity Analyst, Compliance Analyst and related roles across Australia. Open to a chat about full-time opportunities, contracts, or just to talk frameworks.