UTS cybersecurity student with 3+ years in quality assurance, automation, and scripting.
I build Python and API-driven tooling for security checks and workflow automation.
Delivered 35% faster case handling by replacing manual steps with repeatable systems.
Focused on misconfigurations, attack surface reduction, and practical security tooling.
Python, APIs, Automation, Security Tooling
My professional journey
Migrate Zone
Migrate Zone
ITonKey
Python network scanner that identifies devices and services, checks them against the NVD vulnerability database, maps findings to known CVEs, and prioritises results by risk. Major independent project at UTS.
Sideloaded a DLL via a Microsoft-signed binary and exfiltrated a file by hiding it in normal DNS traffic, bypassing Defender, AMSI, SmartScreen, and Windows Firewall. Includes a paired blue team detector. Isolated VMware lab.
Production toolkit at Migrate Zone. Staff upload case documents; the tool merges, OCR-reads, and validates them against visa-specific checklists. Missing or outdated items are flagged and results are bundled into review-ready packages.
Neural network trained on SMS text that scores how much a message resembles bulk or automated wording. Deployed as a live API with an interactive demo.
Production tool at Migrate Zone. OCR-reads case documents, validates against visa-specific checklists, flags missing or expired items, then auto-fills verified data into Excel lodgement templates.
Multi-class intrusion detection pipeline using Random Forest and MLP models on network flow data. Includes train/test splits, scaling, confusion matrices, and per-class evaluation. Benchmark scope, not a live deployment.
ITonKey internship. Converts structured business data into branded, multi-page PDF invoices. Also built inventory tracking and reporting features.
Man-in-the-middle attack using mitmproxy in an isolated lab. Installed a rogue CA on a Windows 10 VM to intercept and decrypt HTTPS traffic in real time, including login flows. Lab environment only.
.png?v=3)
Android app with a wellness-style UI that demonstrates notification listener risk: what the permission actually exposes and why "tap allow" matters. Tested on my own device/emulator only.
Technical writing: assessments, lab reports, and research-style submissions from my degree.
Formal study and subject depth from my UTS transcript: these are degree topics, not separate industry certifications.
Built STRIDE-style threat models for sample applications and documented mitigations for each threat class in written assessments.
Hardened Linux VMs (services, permissions, updates) and compared access-control models in practical lab submissions.
Deployed small workloads using IAM roles, security groups, and least-privilege reviews in AWS console lab exercises.
Imaged virtual disks, extracted timelines and artefacts with forensic tools, and wrote short reports with documented handling steps.
Bachelor of Cybersecurity
University of Technology Sydney
2023 to present. Expected graduation: June 2026