Andrew Tunnecliffe

Managing Consultant - North Australia, Tesserent (formerly Rivium), Canberra

(2016 - Current)

Performing highly technical security and integrity consulting, and managing a team who do the same.

• Grew with small, elite, private 6-staff company through growth and acquisition to now 500+ headcount listed on the ASX.
• Architected, implemented and configured many large-scale SIEM deployments during many multi-year consulting roles.
• Built a system to monitor behaviour of students during exams and successfully detect cheating without invading their privacy.
• Built large-scale HR integrity investigation assistant framework to algorithmically detect anomalous user behaviour on a network and step a human agent through investigation and remediation.
• Built an automation suite for Splunk to enable high quality monitoring for a volatile and secure set of projects. Including One-click multi-site indexer cluster deployment, integration with an existing search head cluster with full RBAC, including full usage logging and reporting for billing back to the project's business owner; all the way down to ISM/PSPF-compliant data archival at the project's spindown.
• Delivered extremely thorough Application Performance Metrics to the function level so end users can identify which section of code on which application in which environment on which server is causing performance problems in a live production environment. This was a particularly outstanding result for our client and we have since extended this monitoring into a new fully CI/CD containerised environment.

Cyber Security Analyst, Federal Government Department, Canberra

(2014 - 2016)

Straight out of university, pulled into hacking.

• Set up a system for detecting financial fraud of a federal government grants system.
• At first assisted with, then ultimately performed many system penetration tests, then writing tools to both help perform, and detect them.
• Set up a fully automated Malware Analysis station. When a "suspicious" email hits our mail filters it is forwarded, scanned, and then reported on automatically. Doing this work I also got my hands dirty dealing with very bespoke requests in a massive bureaucracy, such as getting an air-gapped internet connection wired to the basement to perform the analysis safely and the general trust to allow this mail filter behaviour.
• Automated/scripted masses of BaU work for the sec ops team, saving around 1-2FTE/week.
• Pentests also resulted in me helping fix a lot of bugs in internal frameworks, mostly a lot of SQL injection mitigation. Importantly, this also involved demonstrating to developers what I could do with injection which helped them understand the importance of fixing it.

Older Experience

On-site Technician and Consultant, Geeks2U, Melbourne & Canberra

(2014 - 2017)

Basically call-out computer fixer guy. Was a lot of fun.

• Successfully recovered data lost in an electrical storm for large engineering firm
• Learned and performed (simple) component-level motherboard repair on consoles and laptops
• Constantly explaining complex issues and resolutions in simple terms
• I did this part-time while working (full-time) for the government to keep up-to-date with the malware normal people get hit with (and money).

Tech Expert, Telstra, Melbourne

(2012 - 2014)

Working in a Telstra store as the tech guy.

• First bit of experience working for a huge company.
• Hacked 'demo' firmware on last-gen floor-model mobile phones to convert them into loan-devices for people getting their phones replaced under warranty.

Repair Technician, Self-employed, Melbourne

(2010 - 2012)

Self-employed iPhone repairs during my teen years, made good money.

• Didn't want to work at Maccas so I started repairing phones.
• Advertised through Gumtree, earned enough to buy a car which at 17 was my goal.
• Sold company, assets, and client list to Easy-Bargain Co (the company that supplied me with my parts).