Lead Technical Engineer @ Advania UK · Cape Town, South Africa
| 5 yrs | 30% | 35% | Top 4.85% |
| Experience | Breach reduction | Malware incidents cut | HTB global rank |
Script Kiddie · Rank #1 / 6 in South Africa · Top 4.85% globally · 13 solves
| Challenge | Type | Result | Date |
|---|---|---|---|
| Conversor | Machine | User + Root | Nov 2025 |
| RomCom | Sherlock | Full | Nov 2025 |
| Expressway | Machine | User + Root | Nov 2025 |
| Brutus | Sherlock | Full | Dec 2024 |
| UnderPass · Cap | Machines | User + Root | Dec 2024 |
| 8× Challenges | Flags | Captured | Nov 2025 |
PowerShell toolkit automating security audits for IoT/OT environments. 100+ controls, 0–100 risk score, multi-framework compliance.
PowerShell ISO 27001 IEC 62443 PCI-DSS HIPAA GDPR MDE Defender for IoT
GUI PowerShell suite for MSP technicians — 60+ one-click diagnostic and repair functions with real-time colour-coded logging.
PowerShell Windows Forms Active Directory M365
KQL queries, YARA rules, and CVE-to-MITRE ATT&CK mapping for emerging CVEs. Published detectors for CVE-2025-55182 and CVE-2025-60787.
KQL YARA Microsoft Sentinel MITRE ATT&CK Threat Hunting
Honeypot + MISP + Microsoft Sentinel. Python Azure Function App ingesting STIX/TAXII feeds into Log Analytics with real-time KQL IOC correlation.
Python KQL MISP STIX/TAXII Azure Functions Honeypot
Grafana platform integrating SentinelOne EDR, Sophos Firewall, and Datto RMM via Python. Unified IPS/SD-WAN and endpoint threat visualisation.
Grafana Loki PromQL Python SentinelOne Sophos
Production-ready Azure observability: Log Analytics, AMA, DCRs, App Insights, Network Watcher, NSG Diagnostics, automated Action Groups.
Azure Monitor AMA DCR KQL App Insights
Lead Technical Engineer & Senior Service Desk Engineer Advania UK (Mirus IT Solutions) · Cape Town · July 2025 – Present
- Top escalation point for complex FinTech security incidents — EDR telemetry, log analysis, RCA
- Engineers KQL detection rules and threat hunts across hybrid environments with Defender for Cloud Apps
- Zero Trust architecture with Conditional Access and SAML SSO, eliminating lateral movement vectors
- Automated SOC workflows via Power Automate and Graph API integrating Sentinel, Jira, and Salesforce
- ISO 27001 and Cyber Essentials compliance — 99.999% SLA adherence
Previous experience
Senior Technical & Cybersecurity Engineer — Gavotech IT Solutions · May 2024 – Jun 2025
- Penetration tests and vulnerability assessments across web apps, networks, and infrastructure
- End-to-end incident response with custom playbooks; deep forensic investigations (Autopsy, FTK, SANS SIFT)
- Sophos XG and FortiGate firewalls — breaches down 30%; Mimecast blocking 1,000+ malicious emails/month
- On-premises CI/CD pipelines with automated vulnerability gates and Docker image hardening
Technical Engineer — Gavotech IT Solutions · May 2022 – May 2024
- Managed 1,000+ endpoints across Windows, macOS, and Linux; 20% efficiency improvement
- SentinelOne EDR with behavioural AI — malware down 35%, response times down 30%
- Multi-regional VPN (IPsec, SSL VPN, L2TP, PPTP); QoS improving throughput by 20%
| Domain | Tools & Technologies |
|---|---|
| Penetration Testing | Nmap · Burp Suite · OWASP ZAP · Nikto · SQLmap · Metasploit · Hydra · ffuf |
| SIEM & SOC | Microsoft Sentinel · Wazuh · KQL · MISP · STIX/TAXII · TheHive · Shuffle |
| Cloud Security | Azure Monitor · Log Analytics · Entra ID · Conditional Access · AWS IAM · EC2 |
| Scripting | PowerShell · Python · Bash · Power Automate · Graph API |
| Vuln Management | Nessus · Qualys · Greenbone GVM · Tenable · YARA · CVE triage |
| Digital Forensics | Autopsy · FTK · SANS SIFT · Disk Imaging · IOC Extraction |
| Network Security | Sophos XG · FortiGate · Cisco · Wireshark · tcpdump · SD-WAN · IPsec |
| GRC & Compliance | ISO 27001 (Lead Auditor) · Cyber Essentials · PCI-DSS · GDPR · NIST CSF |
| Containers | Docker · Kubernetes · Cilium · Terraform · Ansible · CI/CD |
View all certifications
GRC & Compliance
- ISO/IEC 27001:2022 Lead Auditor — Mastermind Assurance (Apr 2025)
- IT Audit & Risk Management Specialist — Mastermind Assurance (Apr 2025)
Microsoft & Cloud
- Applied Skills: Deploy & Configure Azure Monitor — Microsoft (Dec 2025)
- Applied Skills: Administer Active Directory DS — Microsoft (May 2025)
- AWS Cloud Technology Consultant Specialization — AWS (Dec 2024)
Defensive Security
- Blue Team Junior Analyst (BTJA) — Security Blue Team (Mar 2024)
- Tenable Vulnerability Management Specialist — Tenable (Dec 2024)
- MITRE ATT&CK Operationalizing Foundations — AttackIQ (Sep 2024)
- Sophos Firewall Certified Engineer v20.0 — Sophos (Nov 2024)
- N-able EDR / SentinelOne Specialist — SentinelOne (Nov 2022)
- Kaseya Certified Technician — Datto Cybersecurity (Oct 2024)
Networking & Fortinet
- Fortinet Certified Associate — Cybersecurity (exp. Feb 2028)
- Fortinet FortiGate 7.6 Operator — Fortinet (Feb 2026)
- Aruba Accredited SD-WAN Expert — HPE (exp. Feb 2028)
- Aruba Accredited SD-WAN Professional — HPE (exp. May 2027)
- NSE 1, 2 & 3 Network Security Associate — Fortinet (Jan 2023)
Cisco & Other
- Junior Cybersecurity Analyst Career Path — Cisco (Jun 2023)
- Certified Calico Operator Level 1 (Kubernetes) — Tigera (May 2024)
- Discovery: Platform Engineer — Isovalent (Feb 2026)
- API Security Fundamentals — APIsec University (May 2024)
- Scientific Computing with Python — freeCodeCamp (2025)
"Security is not a product, but a process. It's about building resilient systems that fail securely and recover gracefully."