Dai Tran, PhD
Continuous Innovative and Resourceful Security Enabler
Last updated: April 2024 - Updated section(s): INDUSTRY EXPERIENCE AND FURTHER TRAINING
TABLE OF CONTENTS
- TABLE OF CONTENTS
- EXECUTIVE SUMMARY
- CORE TECHNICAL COMPETENCIES
- RECOGNISED ACHIEVEMENTS
- INDUSTRY EXPERIENCE
- Staff Security Engineer - Security Automation
- Senior Engineer - Security Automation
- Senior Cyber Security Automation Engineer
- Technology Owner - Firewall Automation
- Network Security Engineer
- IT Network Support Analyst
- Network Engineer
- Network \& Systems Administrator, Contractor
- Cisco Network Engineer, Contractor
- System Administrator
- ACADEMIC EXPERIENCE
- EDUCATION HISTORY
- FURTHER TRAINING AND INDUSTRY CERTIFICATES
- PUBLICATIONS
EXECUTIVE SUMMARY
Highly talented, motivated and research oriented Computing and Communications PhD graduate with extensive cross-domain engineering experience comprising of over 11 years work experience in multiple domains of Edge Security (WAAP/DDoS), Network Security, Cyber Security , DevOps, and automation solution development with a proven track record of success delivering complicated security architecture, design, development, and implementation.
Instrumental in driving improvements in processes, operational efficiency/agility and system stability in complex large-scale mission-critical environments across diverse industries including Financial, IT, Travel, Food and Beverage, and Education services. Skilled in multi-vendor firewall migration and administration, Cyber/Cloud Security automation, security technology REST APIs, Infrastructure as Code (Terraform/Terratest), Python secure software development, Linux, Bash scripting, Ansible/Tower, Security as Code, Docker, CI/CD and DevSecOps tools/methodologies.
Recognized for professionalism, positive mental attitude, commitment to excellence, and natural ability for critical thinking and complex problems solving. Excellent interpersonal and mentoring skills, self-motivated, and able to communicate and collaborate effectively with co-workers at all levels.
CORE TECHNICAL COMPETENCIES
☑️ End-to-end cross-domain complex large-scale mission-critical project/product delivery related skills
☑️ Analytical, research, development and troubleshooting skills
☑️ Architecting and Developing on AWS and Azure
☑️ Integrated security enablement and CI/CD pipeline solution architecture, design, and implementation
☑️ IaC/Terraform, Docker and DevSecOps tooling
☑️ Software development/scripting tools like Python, Go, Bash, Ansible, Git, Jinja2, JSON, YAML, REST APIs
☑️ Linux and Windows administration
☑️ Microsoft Azure security
☑️ Next-generation and traditional firewalls, secure web gateways, edge security platforms
☑️ Switching and routing
☑️ IPAM, DHCP, DNS and IPSEC & VPNs
RECOGNISED ACHIEVEMENTS
🥇 2022 | Annual performance achievement of Above Expectations and top (75% of maximum) bonus award
🥇 2021 | Recognition of Commitment for the delivery of the CI/CD pipeline that automates firewall policy breach reporting for Network Security control team
🥇 2019 | Add Value Award for the perseverance and innovation in firewall automation and delivery of its benefits to business units
🥇 2019 | STAR: Special Thanks And Recognition Award for the last minute support for the Air Canada cutover and ensure Amadeus had a happy customer
🥇 2016 | STAR: Special Thanks And Recognition Award for the exceptional contributions to the firewall migration project
🥇 2008 | Full UTS Faculty of Engineering Postgraduate Research Scholarship for the Doctoral Program
🥇 2007 | Kyung Hee University President’s Special Prize for the Excellent Foreign Student
🥇 2005 | Full Kyung Hee University and Networking Lab. Scholarships for the Master course in Kyung Hee University
INDUSTRY EXPERIENCE
Staff Security Engineer - Security Automation
April 2023 - Present | Commonwealth Bank of Australia - 30,001+ Employees
Responsibilities
- Utilize strong understanding of core business and technical strategies to deliver best business outcomes through technical implementation.
- Develop the technical strategy, overseeing medium to complex engineering initiatives.
- Create designs and solutions that can be leveraged by the broader team to implement product or technology strategies.
- Proactively identify risks to achieving timely delivery, effectively communicating and adjusting plans to achieve goals.
- Mentor and up-skill other engineering teams across different squads.
- Define project stretch goals and success measures, holding the squad accountable.
- Communicate the security engineering vision in a way that inspires across the Group.
- Independently complete design and threat modelling.
- Drive the development of strategic programs of work, including proof of concept developments.
- Contribute to internal online discussions around security engineering, delivery and technology (for example blog posts and knowledge based articles).
Programs and Initiatives
Program/Initiative | Role |
---|---|
Edge security self-service platform | Technical/solution lead |
Federated security architecture | Group security champion |
Firewall policy change review and management automation | Technical/solution lead |
Security as an API | Technical/solution lead |
Terraform based self-service Akamai automation | De facto project manager & technical/solution lead |
DevSecOps | Group Cybersecurity AppSec champion |
Senior Engineer - Security Automation
September 2022 - Present | Commonwealth Bank of Australia - 30,001+ Employees
Responsibilities
- Undertake the same responsibilities as my previous Senior Cyber Security Automation Engineer role
- Work as a Solution and Developer Lead as well as a de facto Project Manager for the Akamai Automation Initiative, architecting, designing, implementing, and delivering the Terraform-based Akamai Automation Framework and the self-service Automation function, benefiting business units across the bank
- Organize and run the Group Security CIO Engineering Talks Forum to foster knowledge sharing, collaboration, crowd-reviewing, effective subject-matter expert (SME) identification and resource allocation, improvements in working methods, and the establishment of new processes within the Security Engineering teams
Senior Cyber Security Automation Engineer
May 2022 - September 2022 | Commonwealth Bank of Australia - 30,001+ Employees
Responsibilities
- Architect, design and implement DevSecOps framework and practices for the bank’s brand new Cyber Security Automation team using GitHub Enterprise, TeamCity, Docker, Checkmarx, Jfrog Artifactory, Jfrog Xray, HashiCorp Vault, Bash scripting
- Design, build, and maintain shared Python library and its DevOps pipeline producing PyPi package called PyCyber for Cyber Security Automation team’s automation solution development
- Undertake CBA AppSec champion role responsible for performing secure code review and approval, attending and giving talks to monthly AppSec champion meetups
- Actively drive initiatives that identify opportunities to optimize, automate or rationalize activities across Cyber Security controls
- Drive efficiencies and productivity gains through implementation of automation functions/solutions across Cyber Security group to uplift Cyber posture. These include privileged service account creation automation, Splunk onboarding automation, and Akamai automation.
- Influence and drive practice of Automation standardization across Cyber Security group
- Conduct resume screening and technical interviews as part of hiring processes to ensure only qualified candidates are selected
- Act as a technical lead, manage and lead a small team of Cyber Security automation engineers
- Train security architects, cyber security engineers and control teams on automation solutions/functions and DevSecOps practices
Achievements
- Achieved the Above Expectations annual performance review and awarded top (75% of maximum) bonus
- Saved around 4200 hours annually for both Splunk team and stakeholders through the delivery of the Splunk Log4J Onboarding Acceleration Automation project well before a given deadline
- Achieved the recognition of Commitment for the delivery of the CI/CD pipeline that automates firewall policy breach reporting function for Network Security control team
Technology Owner - Firewall Automation
February 2018 – May 2021 | Amadeus IT Group - 10,001+ Employees
Responsibilities
- Architect and lead PAN firewall/Azure loadbalancer as Code design and development for on-prem and Azure environments including Terrafrom firewall/load balancer deployment and Palo Alto firewall configuration automation using Amadeus traffic flow blueprint, Terraform Azurerm and PAN-OS providers, and Infrastructure as Code Jenkins CI/CD pipeline
- Architect, design and develop software development based firewall automation framework leveraging multi-vendor firewall REST APIs
- Architect, design, develop, maintain Python based multi-vendor firewall automation solutions for business use cases including automated end-to-end firewall path identification, SOC IP blocking, firewall change deployments, firewall permission checks, VPN cleanup, firewall definition cleanup
- Integrate Python based multi-vendor firewall automation solutions with Ansible and Ansible AWX/Tower to produce user-friendly/guiding/self-service web GUI portals for firewall automation consumers and facilitate end-to-end automation initiatives via AWX API calls
- Leverage firewall automation solutions to drive improvements in processes, operational efficiency/agility and system stability in mission-critical environment
- Conduct resume screening and technical interviews as part of hiring processes to ensure only qualified candidates are selected
- Mentor team members on Network Security and automation
- Applied knowledge/skills/tools: PAN & Cisco firewalling & REST API, Python, Object oriented software design and development, Linux/Windows administration, Git, Bitbucket, Jira, Ansible/AWX, Jenkins, Docker, CI/CD workflow, Visual Studio Code, Insomnia, OpenAPI, Azure network/security, Terraform, Golang, Terratest
Network Security Engineer
February 2015 – January 2018 | Amadeus IT Pacific - 10,001+ Employees
Responsibilities
- Undertake a key role in the Cisco/Blue Coat to Palo Alto migration project
- Conduct research on Palo Alto advanced features: Threat Prevention, User-ID, App-ID, Content-ID, SSL decryption, WildFire, URL Filtering, design and implement these on managed firewalls
- Provide full lifecycle management of network security devices from design, engineering, implementation to maintenance
- Be part of global network security team to administer, troubleshoot and provide last level follow-the-sun support for AMADEUS complex global network of more than 152 Palo Alto, Cisco firewall and Blue Coat proxy clusters via Panorama, Cisco Security Manager, Blue Coat Director, and SIEM tools Qradar and Splunk
- Develop and maintain diagrams and knowledge base articles of global managed firewall and proxy systems
- Support the development & definition of AMADEUS security standards, policies & procedures and implement these through technical means
- Provide security consulting and implementation of security concepts and audits for internal and external customers
- Work closely with vendors’ TAC and professional services to resolve complex issues, fine-tune systems, and explore new features to meet emerging business challenges
- Applied knowledge/skills/tools: PAN firewalls and Panorama, Cisco firewalls and CSM, Qradar, Splunk, Symantec Blue Coat proxies and Management Center
IT Network Support Analyst
May 2013 - February 2015 | LION Pty Ltd - 5001-10,000 Employees
Responsibilities
- Conduct research and proof-of-concept projects on various network/security technologies such as Palo Alto and Cisco
- Design, implement and administer Palo Alto firewalls via Panorama at enterprise Internet edges in Australia and New Zealand
- Plan, configure, manage and troubleshoot enterprise Cisco Unified Wireless Network of more than 600 lightweight APs and controllers across AUNZ via Prime Infrastructure
- Migrate Cisco autonomous wireless networks to lightweight wireless networks at multiple Lion dairy and drinks sites
- Configure, administer and troubleshoot more than 1000 Cisco switches and routers at more than 120 Lion sites
- Conduct LAN improvement projects at multiple Lion sites to improve network performance and manageability
- Configure and manage Cisco SSL & site to site VPNs, DMVPN, ASA firewalls, and Riverbed Stealheads
- Work with Telco for WAN link provision, monitor enterprise WAN links and configure & deploy DMVPN 3G/4G routers to ensure business continuity
- Provide technical consulting, level 3 escalation and on-call support via Cherwell ticketing system, phone calls and emails
- Create and maintain documentation of networks and systems
Achievements
- Successful migration from Forefront TMG to Palo Alto
- Effective prevention of Cryptolocker via Palo Alto URL filtering
Network Engineer
February 2012 – May 2013 | NETWORX AUSTRALIA - 10,001+ Employees
Responsibilities
- Design and implement Silver Peak WAN optimization, Palo Alto firewall, SonicWALL firewall & VPN, VMware, Cisco switches & routers, and Cisco & Enterasys wireless solutions
- Configure and administer Palo Alto & SonicWALL firewalls, SonicWALL, Ironport & Websense email security appliances, Aventail E-Class SRA appliances, DELL switches, Blue Coat ProxySG & PacketShaper, F5 LTM, BlueCat DHCP & DNS, Enterasys wireless and network access control appliances, VMware virtual infrastructure, and SolarWinds NPM & NTA
- Configure and administer Windows Server 2008 & SQL Server environments including MS Exchange and Active Directory, Group Policies, PKI, Failover Clustering, Network Policy Server
- Implement StorageCraft and SonicWALL data backup and disaster recovery solutions
- Perform Data Center operation tasks, create and maintain documentation of networks and systems
- Provide technical consulting and pre- & post-sales support via ticketing system, remote desktop sessions, telephone and emails
- Conduct research on new technologies & products and their applications
- Work with technology vendors and partners on product enablement
Network & Systems Administrator, Contractor
March 2011 – April 2012 | Ma & Company Solicitors, Sydney
Responsibilities
- Document existing LAN, workstations & server topology
- Set up & relocate LAN, WIFI, ADSL/Cable modems/routers
- Upgrade & update desktop PC hardware, MS Office, MS Windows and patches
- Deploy security measures against viruses, spyware, and intrusion to all workstations
- Create clean backup images of operating systems
- Perform daily IT/Network admin & troubleshooting
- Liaise closely with PC retailers, legal software company, web hosting company, ISP to solve problems
Achievements
- Selected by management as sole technical consultant for company
Cisco Network Engineer, Contractor
October 2011 | HotelsCombined™, Sydney
Responsibilities
- Design and build a new network of Cisco switches and router for HotelsCombined HQ office problems
Achievements
- Solved intractable technical problems before stipulated deadline
- Awarded bonus of 25% of total payment for supplied service
System Administrator
Aprl 2011 – June 2011 | Master Builders Association of NSW, Sydney
Responsibilities
- Connect and enable data replication between two independently developed database applications: EMT (Enquiry Mate Trainers) and iMIS
- Operate, administer, and customized EMT functionalities
- Leverage T-SQL to extract data from EMT to Excel spreadsheets
- Develop Visual Basic Application for spreadsheets to generate administrative reports to Training Managers
- Conduct training for staffs in EMT and developed VB applications
- Perform casual IT/Network troubleshooting
Achievements
- Solved intractable technical problems before stipulated deadline
- Improved training management efficiency through introducing new VB applications
ACADEMIC EXPERIENCE
Researcher
2008 –2011 | Centre for Real-Time Information Networks, University of Technology, Sydney
Responsibilities
- Conducted research on security in wireless sensor networks and mobile ad-hoc networks
- Developed and evaluated proposed algorithms through simulations and implementation using Matlab and nesC programming languages
- Assisted in organization of weekly technical seminars
- Presented at international academic conferences
Achievements
- Obtained UTS Vice-Chancellor’s & Faculty of Engineering & IT’s conference funds
- Published total of 9 papers in renowned international conferences and journals
EDUCATION HISTORY
PhD in Computing and Communications Engineering
2008 – 2011 | University of Technology, Sydney, Australia
Thesis: Controlled Link Establishment Attacks on Distributed Sensor Networks and Countermeasures
Master of Computer Engineering (Network Security Focus)
2005 – 2007 | Kyung Hee University, Suwon, South Korea
Thesis: Security Algorithms for Wireless Sensor Networks
Engineer in Information and Communications Technology
2000 – 2005 | Hanoi University of Science and Technology, Hanoi, Vietnam
Thesis: Kerberos-based authentication for FTP applications
FURTHER TRAINING AND INDUSTRY CERTIFICATES
- April 2024 | Architecting on AWS
- March 2024 | Applied Skills Earned Develop generative AI solutions with Azure OpenAI Service
- February 2024 | Udemy AWS Amazon Bedrock & Generative AI - Beginner to Advanced
- September 2023 | AWS Certified Developer – Associate
- June 2023 | Developing on AWS
- April 2023 | Introduction to HashiCorp Consul (Service Mesh) Hands-on Workshop
- December 2022 | AZ-400 Microsoft Certification Exam Pass
- November 2022 | AZ-400 Designing and Implementing Microsoft DevOps Solutions Course
- October 2022 | Udemy AWS Certified Security Specialty 2022 (WIP)
- October 2022 | Udemy Ultimate AWS Certified Developer Associate 2022 - NEW!
- September 2022 | Agile Programming Techniques Training
- September 2022 | GitHub for Developers Training
- August 2022 | Containers and Kubernetes with Red Hat OpenShift Platform Training
- August 2022 | (ISC)2 Certified Information Systems Security Professional (CISSP) Official Study Guide, 9th Edition Self Study (WIP)
- August 2022 | Agile Quick Start Program Training
- July 2022 | Bash Mastery: The Complete Guide to Bash Shell Scripting
- May 2022 | HashiCorp Advanced Data Protection with Vault Workshop
- May 2022 | Trend Micro Cloud Conformity Training
- April 2022 | Akamai DevOps Professional
- February 2022 | Microsoft OpenHack: Security, Compliance, and Identity
- November 2021 | SC-300 Microsoft Identity and Access Administrator Course
- November 2021 | SC-900 Microsoft Security, Compliance, and Identity Fundamentals Course
- October 2021 | AWS Security Fundamentals (Second Edition) with Certificate of Completion
- March 2021 | Microsoft Certified Azure Security Engineer Associate
- March 2021 | Linux Academy’s AZ-500: Microsoft Azure Security Technologies Course
- February 2021 | Microsoft Certified Azure Fundamentals
- February 2021 | Certified SAFe® 5 Practitioner
- December 2020 | AWS Cloud Practitioner Essentials
- July 2020 | Linux Academy’s AWS Essentials Course
- July 2020 | Linux Academy’s LPI Linux Essentials Course
- July 2020 | Certified Ethical Hacker (CEH) Certification
- April 2020 | Certified Ethical Hacker (CEH) - Linux Academy’s Prep Course
- June 2019 | Advanced Python Training
- March 2018 | DevOps for Ops
- March 2017 | Python for Ops Training
- March 2016 | Python Basics Training
- April 2015 | Palo Alto Certified Network Security Engineer (PCNSE), License 6 - 881655
- March 2015 | Palo Alto Advanced Firewall Troubleshooting PA311 Course
- June 2013 | Cisco Certified Network Professional (CCNP)
- February 2013 | Certified SonicWALL Security Administrator (CSSA)
- May 2012 | Silver Peak Certified Technical Professional Certification
- May 2012 | Blue Coat Certified Partner Systems Engineer – Visibility Training
- April 2012 | Blue Coat Partner Systems Engineer – Security Certification
- March 2012 | StorageCraft Technical Training
- March 2012 | Lumension Certified Professional Certification
- February 2012 | Cisco SMB Specialization for Engineers Certification
- August 2011 | Cisco Certified Network Associate Certification (CCNA)
- June 2005 | Cisco Certified Network Associate Certification (CCNA)
PUBLICATIONS
See publications.