Cyber Security
Threat analysis, blue team operations, and building positive security culture through orange teaming. This is my primary professional focus - where I spend most of my time.
Why Cyber Security?
Billions of people means billions of devices - and billions of attack surfaces. Cyber Security isn't just a career choice for me, it's one of the most important fields in the modern world. The threat landscape evolves constantly, and so do I.
4+ Years in Cyber Security
Spanning self-directed study, a degree apprenticeship, and hands-on experience in real organisational environments - covering security culture, compliance, threat analysis, and defensive operations.
What I work on
My focus is primarily defensive and organisational - building cultures that take security seriously, understanding the threat landscape, and applying governance to protect people and data.
Security Culture
Orange teaming - building positive security behaviours across organisations. Training individuals, running phishing simulations, gamification, awareness campaigns, and making security something people engage with rather than ignore.
Governance, Risk & Compliance
Policy controls aligned to ISO 27001:2022, risk registers, compliance functions, and information security management. Translating regulatory requirements into controls that actually protect the business.
Threat Analysis
Analysing threat intelligence, understanding attacker TTPs, and mapping current threat actors and campaigns to defensive controls using frameworks like MITRE ATT&CK.
Digital Forensics
Post-incident investigation - examining compromised systems, recovering artefacts, and tracing attack timelines to understand what happened, how, and what to do next.
Blue Team Operations
Defensive monitoring and detection - using SIEM tooling, Microsoft Defender, and security operations to identify suspicious activity and respond before damage escalates.
Secure Development
Applying security principles to software from the ground up - input validation, secure authentication, OWASP best practices, and reviewing code with an attacker's mindset.
My toolkit
Tools I use day-to-day or actively work with across both technical and business environments.
Goals & certifications
Qualifications I'm working through to formalise skills across security operations, governance, and Microsoft cloud platforms.
Cyber Security Technical Professional Degree
Full degree running 2022–2026. Currently averaging a 1:1 across modules covering network security, threat intelligence, governance, compliance, digital forensics, and security operations. This is my primary ongoing qualification.
CompTIA Security+
In ProgressVendor-neutral foundation cert covering network security, threats, compliance, and cryptography. Widely recognised as an industry entry point.
CISSP
PlannedIndustry gold-standard certification covering eight domains including governance, risk, asset security, and identity management.
SC-900 - Security Fundamentals
PlannedMicrosoft certification covering the fundamentals of security, compliance, and identity across cloud services.
SC-200 - Security Operations Analyst
PlannedMicrosoft certification for threat detection and response using Sentinel, Defender, and cloud-native security tooling.
SC-300 - Identity & Access Admin
PlannedMicrosoft certification covering identity governance, conditional access, privileged identity management, and Entra configuration.
Have a security question?
Whether it's a consultation, advisory work, or you simply want to talk shop - I'm open to the conversation.