Initialising Security Operations Interface

Establishing telemetry

MARKUS WALKER

Security · AI · Cloud · Brisbane

--:--

Security · AI · Cloud Engineering Portfolio

Security, AI
and Cloud Engineering

Brisbane-based Security, AI and Cloud Engineer with 7+ years of infrastructure and field engineering across Australia's mining and energy sectors.

AWS SAA · 3× OCI · AISA MAISA · Brisbane AU

01 / ABOUT

Security, AI and Cloud Engineer.

Brisbane-based Security, AI and Cloud Engineer with 7+ years of infrastructure and field engineering across Australia's mining and energy sectors.

Most recently embedded as a Tata Consultancy Services Dedicated Service Engineer supporting Shell QGC and QCLNG upstream and midstream operations across remote Queensland energy and gas environments. Hands-on across network, endpoint, connectivity and field operations at twenty plus FIFO remote sites.

Current focus is evidence-backed across security operations, offensive security labs, cloud architecture, incident response planning, web application testing and AI security research.

Positioning

  • Security, AI and Cloud Engineer with deep infrastructure and field engineering grounding
  • Cloud security across AWS and Oracle Cloud Infrastructure, with applied case study evidence
  • Active offensive security practice through home lab and TryHackMe under the handle Triage
  • AI security aligned to OWASP LLM Top 10 and MITRE ATLAS, with structured study and applied notes
  • Strong written communication for stakeholders, auditors and technical teams
7+ years Brisbane AU AWS SAA 3× OCI AISA MAISA AI Security NIST / MITRE Essential Eight
02 / SKILLS

Capability map, by domain.

Practical capability across security operations, offensive security, cloud, AI security, identity, endpoint, network and automation.

Security Operations and Detection

Splunk Enterprise, SIEM operations, log analysis and ingestion, Windows host and network monitoring, alert triage, anomaly detection, incident response lifecycle, evidence preservation, chain of custody, SOC, CSIRT and SOAR concepts.

Offensive Security and Red Team

Kali Linux, Metasploit, Meterpreter, msfvenom, Impacket, Rubeus, mimikatz, evil-winrm, chisel, hashcat, Nmap, Rustscan, Wireshark, Burp Suite, Nikto, ffuf. Active Directory tradecraft including Kerberoast, Golden Ticket and DCSync.

Cloud and Cloud Security

AWS VPC, EC2, RDS Multi-AZ, ALB, Auto Scaling, Route 53, WAF, Shield, CloudTrail, GuardDuty, Security Hub, Inspector, Macie, Config, IAM Identity Center, Cognito, Secrets Manager, KMS, Systems Manager. OCI, Azure, Microsoft 365, Intune, Entra ID.

AI Security and Governance

Prompt injection and defence, jailbreaking, LLM security, AI threat modelling, AI supply chain security, RAG security, data poisoning, sensitive information disclosure, AI forensics, secure AI system design.

Identity, Endpoint and Network

IAM, RBAC, MFA, conditional access, Active Directory security, vulnerability management, NGFW, IDS and IPS, EDR and XDR concepts, segmentation and VLAN design, PKI, TLS, VPN, Cisco, Aruba, Cel-Fi, Starlink, Motorola TETRA.

Frameworks and Standards

NIST CSF, NIST SP 800-61, MITRE ATT&CK, MITRE ATLAS, Essential Eight, CIS Controls, OWASP Top 10, OWASP LLM Top 10, ISO 27001, PCI DSS, ISM, PSPF, Privacy Act 1988, APPs, Notifiable Data Breaches, GDPR, CDR, SOCI Act 2018.

Scripting and Automation

Python, PowerShell, shell scripting, defensive coding, CSV processing, cross-platform Windows and Linux automation, system audit tooling, ServiceNow, Maximo, Power BI, technical documentation in Obsidian.

Certifications

AWS Solutions Architect Associate. OCI 2025 Architect Associate. OCI 2025 Foundations Associate. OCI 2025 Generative AI Professional. Certificate IV in Cyber Security. ISC2 CC and CompTIA Security Plus scheduled.

03 / INCIDENT RESPONSE

Enterprise IRP design, sanitised.

Enterprise Incident Response Program design portfolio piece, structured around NIST SP 800-61 and sanitised from a planning engagement.

Document28 page IRP portfolio
FrameworkNIST SP 800-61, MITRE ATT&CK
ModeGovernance, operations and response planning
Prepare Response planning, roles, communications, evidence handling and escalation paths
Detect SIEM monitoring, log ingestion, triage, severity classification and anomaly review
Contain Isolation, account control, segmentation, validation, hardening and restoration planning
Learn Lessons learned, reporting, playbook updates and continuous improvement

What it covers

  • Project Charter with scope, objectives, methodology, milestones, deliverables and budget
  • Project Team Briefing covering composition, roles, responsibilities and red, blue and purple team activities
  • Communications Plan covering stakeholder cadence, channels and escalation
  • Incident Response Plan covering detect, analyse, contain, eradicate, recover and learn
  • Performance metrics, post-incident review structure and documentation handoff

What it proves

  • Cybersecurity planning and IRP development at program level
  • Ability to turn frameworks into usable operating procedures
  • Stakeholder communication clear enough for executives, auditors and technical staff
  • Calm structure under pressure, written down before the incident
Download IRP PDF Open in browser
04 / CLOUD SECURITY

AWS uplift case study, blast radius respected.

AWS cloud security upgrade and migration plan for the Rossco's Coffee fictional case study. Architecture treated as a security control, with blast radius and resilience designed deliberately.

Document36 page case study
ProviderAWS, multi-AZ resilience
StrategyBlue / green deployment
WAF + Shield Edge protection, HTTPS, OWASP rules
Active
Multi-AZ ALB Auto Scaling, RDS Multi-AZ
Resilient
IAM + KMS Identity Center, Secrets Manager
Hardened
CloudTrail + GuardDuty Logging, monitoring, threat detection
Observable

Security controls covered

CASBWAF ADCDLP NACDNSSEC DDoS protectionKMS Data classificationNetwork segmentation IAM and RBACLogging and SIEM

Plan structure

  • Cloud environment upgrade plan with services, access control and security controls
  • Testing and migration plan covering vulnerability, penetration, performance, usability and DR
  • Blue and green deployment strategy with migration comparison and decision
  • Monitoring and maintenance plan, log scrubbing strategy and lifecycle management
  • Cloud incident response plan with predictable incidents and disaster recovery solutions
Download Case Study PDF Open in browser
05 / MCP GOVERNANCE · WORKING PoC

AI and MCP Access Governance Platform.

AI and MCP Access Governance Platform

A working governance proof of concept that solves a real emerging problem: organisations have no repeatable intake, classification, review and audit process for AI agent integrations and MCP-connected tools.

Stackn8n · Asana · Notion · GitHub
Controls8 governance control objectives
StatusWorking PoC

Governance control loop

  • Request → Validate → Classify → Route → Human review → Evidence
  • Governance-first control for AI tools, MCP servers, workflow integrations and API connections
  • Human-reviewed approval for all medium and high-risk AI operations
  • Identity, least privilege, time-bound access, audit evidence and continuous review
  • Every terminal decision produces a structured JSON evidence record

n8n workflow — live evidence

MCP Governance n8n workflow — full governance control loop from intake through evidence record

Live n8n workflow export · intake → validate → classify → route → review → evidence

What it proves

  • Security engineering applied to an emerging AI governance problem
  • Deterministic rule-based security linter with 42 passing tests
  • Governance translated to testable, auditable, working code
  • Evidence-oriented design with audit chain across every decision path
  • Framework alignment: ISO 27001 · ISO 42001 · OWASP LLM Top 10 · MAESTRO

Portfolio-safe proof of concept. Fictional vendors, mock intake data and demo values throughout. Not a production deployment, certification or attestation.

Download Portfolio PDF View on GitHub ↗

n8n Workflow Import

Download the workflow JSON and import directly into n8n to run the full governance control loop.

Download workflow JSON ↓
06 / RESUME

Recruiter-friendly summary.

Seven plus years of infrastructure and field engineering across Australia's mining and energy sectors, now focused on security, cloud and AI.

NameMarkus Walker
LocationBrisbane, Queensland
Email[email protected]

Experience

Independent Cyber Security Practitioner — Aug 2025 to Present

Dedicated upskilling and portfolio period focused on cyber security, cloud security, offensive security and AI security. Completed Certificate IV in Cyber Security and four cloud certifications. Built active offensive security practice through home lab and TryHackMe. Published the Red Team Capstone Crawl-Through writeup. ISC2 CC and CompTIA Security Plus exams scheduled.

IT Field Engineer, Tata Consultancy Services — May 2019 to Aug 2025

Embedded contractor supporting Shell QGC and QCLNG upstream and midstream operations across remote Queensland energy and gas infrastructure. Field engineering across twenty plus remote sites under a FIFO model. Network transformation including over three hundred Cisco to Aruba access point replacements. Connectivity uplift across over six hundred field vehicles. Endpoint lifecycle across six annual refresh cycles. Entra ID identity and access management across a dispersed workforce.

Certifications

  • AWS Certified Solutions Architect Associate
  • Oracle Cloud Infrastructure 2025 Architect Associate
  • Oracle Cloud Infrastructure 2025 Foundations Associate
  • Oracle Cloud Infrastructure 2025 Generative AI Professional
  • Certificate IV in Cyber Security
  • ISC2 Certified in Cybersecurity and CompTIA Security Plus scheduled
Download Resume PDF View on LinkedIn ↗
07 / WRITEUPS

Hands on, written down.

Active practice through home lab and TryHackMe under the handle Triage. Evidence of structured, methodical offensive security work.

TRYHACKME · ACTIVE DIRECTORY · PUBLISHED

Red Team Capstone Crawl-Through

Full Active Directory red team capstone walkthrough. Kerberos abuse, credential harvesting, tunnelling, pivoting and GPU-accelerated cracking. Published to GitHub Pages portfolio site.

Open full writeup ↗

PIPELINE · IN PREPARATION

Active Directory Tradecraft Series

Kerberoast, AS-REP roasting, Golden Ticket, Silver Ticket and DCSync covered through structured lab notes.

Coming soon

PIPELINE · IN PREPARATION

AI Security Notes — OWASP LLM Top 10 and MITRE ATLAS

Applied notes on prompt injection, jailbreaking, RAG security, data poisoning and AI threat modelling.

Coming soon

Growing continuously. Check back for new writeups, lab walkthroughs and tooling notes.

Open GitHub ↗ TryHackMe ↗
08 / CONTACT

Open the channel.

Open to cybersecurity, cloud security and AI security roles across Brisbane, remote Australia and selected national opportunities.

EMAIL

[email protected]

Open mail client ↗

LINKEDIN

markus-walker-au

Open profile ↗

LOCATION

Brisbane, Queensland

Australia

AVAILABILITY

Open to roles

Brisbane & remote

Document downloads

RESUME Markus_Walker_Resume.pdf IR PROGRAM Markus_Walker_IRP_Portfolio.pdf CLOUD CASE STUDY Markus_Walker_Cloud_Case_Study.pdf MCP GOVERNANCE Markus_Walker_MCP_Governance_Platform_v2.pdf