Initialising Security Operations Interface

Establishing telemetry

MARKUS WALKER

Security · AI · Cloud · Brisbane

--:--

Security · AI · Cloud Engineering Portfolio

Security, AI
and Cloud Engineering

Brisbane-based Security, AI and Cloud Engineer with 7+ years of infrastructure and field engineering across Australia's mining and energy sectors.

AWS SAA · 3× OCI · AISA MAISA · Brisbane AU

01 / ABOUT

Security, AI and Cloud Engineer.

Brisbane-based Security, AI and Cloud Engineer with 7+ years of infrastructure and field engineering across Australia's mining and energy sectors.

Most recently embedded as a Tata Consultancy Services Dedicated Service Engineer supporting Shell QGC and QCLNG upstream and midstream operations across remote Queensland energy and gas environments. Hands-on across network, endpoint, connectivity and field operations at twenty plus FIFO remote sites.

Current focus is evidence-backed across security operations, offensive security labs, cloud architecture, incident response planning, web application testing and AI security research.

Positioning

  • Security, AI and Cloud Engineer with deep infrastructure and field engineering grounding
  • Cloud security across AWS and Oracle Cloud Infrastructure, with applied case study evidence
  • Active offensive security practice through home lab and TryHackMe under the handle Triage
  • AI security aligned to OWASP LLM Top 10 and MITRE ATLAS, with structured study and applied notes
  • Strong written communication for stakeholders, auditors and technical teams
7+ years Brisbane AU AWS SAA 3× OCI AISA MAISA AI Security NIST / MITRE Essential Eight
02 / SKILLS

Capability map, by domain.

Practical capability across security operations, offensive security, cloud, AI security, identity, endpoint, network and automation.

Security Operations and Detection

Splunk Enterprise, SIEM operations, log analysis and ingestion, Windows host and network monitoring, alert triage, anomaly detection, incident response lifecycle, evidence preservation, chain of custody, SOC, CSIRT and SOAR concepts.

Offensive Security and Red Team

Kali Linux, Metasploit, Meterpreter, msfvenom, Impacket, Rubeus, mimikatz, evil-winrm, chisel, hashcat, Nmap, Rustscan, Wireshark, Burp Suite, Nikto, ffuf. Active Directory tradecraft including Kerberoast, Golden Ticket and DCSync.

Cloud and Cloud Security

AWS VPC, EC2, RDS Multi-AZ, ALB, Auto Scaling, Route 53, WAF, Shield, CloudTrail, GuardDuty, Security Hub, Inspector, Macie, Config, IAM Identity Center, Cognito, Secrets Manager, KMS, Systems Manager. OCI, Azure, Microsoft 365, Intune, Entra ID.

AI Security and Governance

Prompt injection and defence, jailbreaking, LLM security, AI threat modelling, AI supply chain security, RAG security, data poisoning, sensitive information disclosure, AI forensics, secure AI system design.

Identity, Endpoint and Network

IAM, RBAC, MFA, conditional access, Active Directory security, vulnerability management, NGFW, IDS and IPS, EDR and XDR concepts, segmentation and VLAN design, PKI, TLS, VPN, Cisco, Aruba, Cel-Fi, Starlink, Motorola TETRA.

Frameworks and Standards

NIST CSF, NIST SP 800-61, MITRE ATT&CK, MITRE ATLAS, Essential Eight, CIS Controls, OWASP Top 10, OWASP LLM Top 10, ISO 27001, PCI DSS, ISM, PSPF, Privacy Act 1988, APPs, Notifiable Data Breaches, GDPR, CDR, SOCI Act 2018.

Scripting and Automation

Python, PowerShell, shell scripting, defensive coding, CSV processing, cross-platform Windows and Linux automation, system audit tooling, ServiceNow, Maximo, Power BI, technical documentation in Obsidian.

Certifications

AWS Solutions Architect Associate. OCI 2025 Architect Associate. OCI 2025 Foundations Associate. OCI 2025 Generative AI Professional. Certificate IV in Cyber Security. ISC2 CC and CompTIA Security Plus scheduled.

03 / INCIDENT RESPONSE

Enterprise IRP design, sanitised.

Enterprise Incident Response Program design portfolio piece, structured around NIST SP 800-61 and sanitised from a planning engagement.

Document28 page IRP portfolio
FrameworkNIST SP 800-61, MITRE ATT&CK
ModeGovernance, operations and response planning
Prepare Response planning, roles, communications, evidence handling and escalation paths
Detect SIEM monitoring, log ingestion, triage, severity classification and anomaly review
Contain Isolation, account control, segmentation, validation, hardening and restoration planning
Learn Lessons learned, reporting, playbook updates and continuous improvement

What it covers

  • Project Charter with scope, objectives, methodology, milestones, deliverables and budget
  • Project Team Briefing covering composition, roles, responsibilities and red, blue and purple team activities
  • Communications Plan covering stakeholder cadence, channels and escalation
  • Incident Response Plan covering detect, analyse, contain, eradicate, recover and learn
  • Performance metrics, post-incident review structure and documentation handoff

What it proves

  • Cybersecurity planning and IRP development at program level
  • Ability to turn frameworks into usable operating procedures
  • Stakeholder communication clear enough for executives, auditors and technical staff
  • Calm structure under pressure, written down before the incident
Download IRP PDF Open in browser
04 / CLOUD SECURITY

AWS uplift case study, blast radius respected.

AWS cloud security upgrade and migration plan for the Rossco's Coffee fictional case study. Architecture treated as a security control, with blast radius and resilience designed deliberately.

Document36 page case study
ProviderAWS, multi-AZ resilience
StrategyBlue / green deployment
WAF + Shield Edge protection, HTTPS, OWASP rules
Active
Multi-AZ ALB Auto Scaling, RDS Multi-AZ
Resilient
IAM + KMS Identity Center, Secrets Manager
Hardened
CloudTrail + GuardDuty Logging, monitoring, threat detection
Observable

Security controls covered

CASBWAF ADCDLP NACDNSSEC DDoS protectionKMS Data classificationNetwork segmentation IAM and RBACLogging and SIEM

Plan structure

  • Cloud environment upgrade plan with services, access control and security controls
  • Testing and migration plan covering vulnerability, penetration, performance, usability and DR
  • Blue and green deployment strategy with migration comparison and decision
  • Monitoring and maintenance plan, log scrubbing strategy and lifecycle management
  • Cloud incident response plan with predictable incidents and disaster recovery solutions
Download Case Study PDF Open in browser
05 / RESUME

Recruiter-friendly summary.

Seven plus years of infrastructure and field engineering across Australia's mining and energy sectors, now focused on security, cloud and AI.

NameMarkus Walker
LocationBrisbane, Queensland
Email[email protected]

Experience

Independent Cyber Security Practitioner — Aug 2025 to Present

Dedicated upskilling and portfolio period focused on cyber security, cloud security, offensive security and AI security. Completed Certificate IV in Cyber Security and four cloud certifications. Built active offensive security practice through home lab and TryHackMe. Published the Red Team Capstone Crawl-Through writeup. ISC2 CC and CompTIA Security Plus exams scheduled.

IT Field Engineer, Tata Consultancy Services — May 2019 to Aug 2025

Embedded contractor supporting Shell QGC and QCLNG upstream and midstream operations across remote Queensland energy and gas infrastructure. Field engineering across twenty plus remote sites under a FIFO model. Network transformation including over three hundred Cisco to Aruba access point replacements. Connectivity uplift across over six hundred field vehicles. Endpoint lifecycle across six annual refresh cycles. Entra ID identity and access management across a dispersed workforce.

Certifications

  • AWS Certified Solutions Architect Associate
  • Oracle Cloud Infrastructure 2025 Architect Associate
  • Oracle Cloud Infrastructure 2025 Foundations Associate
  • Oracle Cloud Infrastructure 2025 Generative AI Professional
  • Certificate IV in Cyber Security
  • ISC2 Certified in Cybersecurity and CompTIA Security Plus scheduled
Download Resume PDF View on LinkedIn ↗
06 / WRITEUPS

Hands on, written down.

Active practice through home lab and TryHackMe under the handle Triage. Evidence of structured, methodical offensive security work.

TRYHACKME · ACTIVE DIRECTORY · PUBLISHED

Red Team Capstone Crawl-Through

Full Active Directory red team capstone walkthrough. Kerberos abuse, credential harvesting, tunnelling, pivoting and GPU-accelerated cracking. Published to GitHub Pages portfolio site.

Open full writeup ↗

PIPELINE · IN PREPARATION

Active Directory Tradecraft Series

Kerberoast, AS-REP roasting, Golden Ticket, Silver Ticket and DCSync covered through structured lab notes.

Coming soon

PIPELINE · IN PREPARATION

AI Security Notes — OWASP LLM Top 10 and MITRE ATLAS

Applied notes on prompt injection, jailbreaking, RAG security, data poisoning and AI threat modelling.

Coming soon

Growing continuously. Check back for new writeups, lab walkthroughs and tooling notes.

Open GitHub ↗ TryHackMe ↗
07 / CONTACT

Open the channel.

Open to cybersecurity, cloud security and AI security roles across Brisbane, remote Australia and selected national opportunities.

EMAIL

[email protected]

Open mail client ↗

LINKEDIN

markus-walker-au

Open profile ↗

LOCATION

Brisbane, Queensland

Australia

AVAILABILITY

Open to roles

Brisbane & remote

Document downloads

RESUME Markus_Walker_Resume.pdf IR PROGRAM Markus_Walker_IRP_Portfolio.pdf CLOUD CASE STUDY Markus_Walker_Cloud_Case_Study.pdf