Hi, my name is Jude, I’m a Cyber Intelligence professional working in CTI, Threat Detection, and Incident Response. I have specialist experience working as an Incident Responder working on incidents involving high-skill adversaries, and acting as an investigator on Dark Web and foreign language forums.
This blog is a place for me to upload some of my work as a cyber security content writer, investigative work, and random projects and bits I do over the course of my career.
Experience
Senior Analyst, DFIR/CTI – Tarian Cyber [Apr 2024 – Present]
Moved back to Brisbane, AU and back into a traditional cyber/MDR focused role. Since starting here I primarily focus on DFIR, CTI, and SOC/MDR engineering work, following on from some of the consulting work and design I did for this organisation as an external consultant.
Threat Intelligence Analyst – Rapid7 [Aug 2023 – Apr 2024]
Working in London still, now on the intelligence team at Rapid7. In this role I did OSINT and HUMINT work on cybercrime forums and dark/clear net sources to provide actionable intelligence to clients. This generally ranged from clear attack indication to catching phishing pages/kits and malware before they start targeting organisations.
Security Researcher – Freelance [Apr 2022 – Present]
I started doing cyber content writing and research pieces on my own for SpiderFoot (now Intel 471), and later began doing threat detection and security consulting for Tarian Cyber. I’m still doing the latter now, but the SpiderFoot/Intel 471 work ended around Dec 2022. I now write content on my own, and have done some other work through a company in Brisbane, HackerContent (Haksec).
DFIR/SOC Senior Analyst – RIOT Solutions (part of Orro Group) [Mar 2023 – Aug 2023]
I moved to London in March 2023, shortly after the company was acquired and this opportunity became available. I moved into purely Sentinel engineering work and built automation and SOAR stuff to reduce alert load on the analysts, as well as some more DFIR work and digital risk/cyber intel work.
SOC Analyst – RIOT Solutions [Oct 2021 – Mar 2023]
Seeking a proper cyber environment, I took a Security/SOC Analyst role at RIOT, an MSSP. This role involved Splunk and Sentinel SIEM operations from triage, analysis, to rule tuning and engineering (the Sentinel team was small so I did a bit of everything). I worked on specialist engagements including Dark Web monitoring and threat intelligence early on, and got into DFIR work as well.
Security Engineer – Smile IT [Jul 2021 – Oct 2021]
Around the time I graduated I got a title change, and worked full time on the cyber front. In this role I built a SIEM using elastic and provided risk assessment and controls audits, as well as oversee endpoint installations and began to bring in logs for monitoring for our larger clients. As my first proper ‘cyber’ role, I was well in the deep end.
Support Engineer – Smile IT [Aug 2019 – Jul 2021]
I started this job while studying full time in IT (balancing both was hell). Mainly consisted of Level 1-3 helpdesk support issues as an MSP engineer, and quickly developed into a number of roles as the company was quite small. Worked on IoT projects, enterprise networking installs, and towards the end, a lot of cyber work and risk assessments.
Education
GIAC Certified Forensic Analyst (GCFA/FOR508) – 2022
Amazing course, great practical test. My best test experience so far (not a fan of pure multiple choice or memory-based stuff). Proved helpful in my DFIR work. I thankfully did not pay for it.
Bachelor’s Degree – Information Technology (QUT in Brisbane, Australia) – 2021
Standard degree experience, learned a lot of useful things, and some not so useful things. Did minors in networks and security which helped me a lot later down the line.
Microsoft Certified Security Analyst (SC-200) – 2021
Another painful Microsoft training experience, but this course included some very valuable teachings on Sentinel and Defender.
Microsoft Certified Security Administrator (MS-500) – 2020
Painful to do but I learned useful things about the Microsoft stack. Also my first introduction to Sentinel which ended up being the SIEM I spent the most time with.
Language Skills
English – Native Speaker / C2
French – Passive Comprehension / A2-B1
Russian – Limited (Full Cyrillic Comprehension) / A1-A2