Portfolio

Skills

Web Application Testing Network Penetration Testing iOS Mobile Testing Android Testing AWS Security Review Azure Security Review Vulnerability Scanning Vulnerability Management Security Source Code Review Active Directory Python Bash

Talks & Publications

• JWT WTF? A Look Into Common JWT Vulnerabilities OWASP NZ Day 2025
• Thinking Like An Attacker: Quick Wins For Securing Your Application OWASP AppSec Days India 2024
• Fantastic GraphQL Bugs and Where to Find Them OWASP NZ Day 2022
• Getting Started in Security Waikato Cyber Security Challenge 2022
• CVE-2024-52286 Stirling-PDF Self-XSS — Researcher

Certifications

• Certified AppSec Pentester (CAPen)
• Certified Cloud Security Practitioner — AWS (CCSP-AWS)
• OSCP — Penetration Testing with Kali Linux (Offensive Security)Pending Exam
• Red Team Ops (Zero Point Security)Pending Exam

Experience

Senior Application Security Engineer — Plexure, NZ

Mar 2026 — Present

Leading application security across Plexure's SaaS platform, embedding secure development practices throughout the SDLC and acting as a trusted advisor to engineering, architecture, and leadership teams.

• Own the end-to-end application vulnerability management lifecycle, from discovery and triage through remediation and validation.
• Conduct penetration testing and security assessments across web applications and APIs.
• Shape secure API and application design patterns that influence architecture decisions across a large consumer-facing platform.
• Lead selection, configuration, and CI/CD integration of SAST, DAST, and SCA tooling.
• Develop and maintain threat models and secure design patterns that reflect real-world risks.
• Embed DevSecOps practices across teams, balancing strong security outcomes with delivery speed.
• Run security maturity assessments to identify systemic weaknesses and prioritise high-impact improvements.
• Define security standards, guardrails, and compliance-aligned expectations for development teams.
• Support incident response with a focus on root cause analysis and long-term risk reduction.

Lead Security Consultant — Bastion Security, NZ

Jun 2025 — Present

Delivering high quality penetration tests while assisting with pre-sales activities including scoping and statements of work.

Information Security Consultant — Kiwibank, NZ

Jul 2024 — Jun 2025

Embedded security within new and existing projects at every stage of development. Collaborated with cross-functional teams and external vendors to ensure security requirements were communicated clearly and risks managed effectively.

Senior Security Consultant & Team Lead — CyberCX, NZ

Oct 2022 — Jul 2024

Delivered penetration tests across web, mobile, network, and cloud. Led a team of junior consultants.

• Mentored junior staff and conducted performance reviews.
• Collaborated with leadership to improve business processes.
• Conducted hiring interviews.

Security Consultant — CyberCX NZ (formerly Insomnia Security)

Mar 2021 — Oct 2022

Delivered penetration tests across web, mobile, network, and cloud. Involved in scoping, kickoff calls, and client debriefs.

• Helped create and manage the first CyberCX NZ Associate Program.
• Presented keynote at NZ Cyber Security Challenge 2022.
• Conducted hiring interviews.

Security Consultant — Insomnia Security

Mar 2019 — Mar 2021

Conducted penetration tests against APIs, web and mobile applications, and internal/external networks.

Project Delivery Coordinator — Insomnia Security

Mar 2021 — Aug 2022

• Coordinated project delivery between clients and technical teams.
• Translated technical requirements for diverse stakeholders.
• Tracked scope and timeline to keep projects on track.