Dai Tran

Dai Tran, PhD

Continuous Innovative and Resourceful Security Enabler

Email Me
Visit My Linkedin
Check Out My GitHub Profile


Last updated: December 2025 - Updated section(s): CORE COMPETENCIES

TABLE OF CONTENTS

EXECUTIVE SUMMARY

PhD-qualified Security Development Engineer with 17+ years delivering security automation and architecture solutions across financial services (Commonwealth Bank), global travel technology (Amadeus), and enterprise sectors. Currently serving as Staff Security Engineer at Commonwealth Bank, leading technical strategy for edge security self-service platforms, DevSecOps automation, and security orchestration initiatives.

Architect of enterprise-scale security automation frameworks including multi-vendor firewall orchestration, Terraform-based IaC platforms, and CI/CD pipelines delivering measurable operational efficiency in mission-critical financial environments. Recognized with Above Expectations performance rating and multiple industry awards for innovation in security automation.

Technical Expertise: Python/Go secure development • AI/GenAI engineering (LLM, RAG, Agentic AI) • Infrastructure as Code (Terraform/Terratest) • Multi-vendor firewall automation (Palo Alto, Cisco, Akamai) • AWS/Azure security architecture • Temporal workflow orchestration • REST API/Microservices development • DevSecOps practices • AI security controls • Ansible/AWX • Docker • CI/CD pipelines

Certifications: AWS Certified Developer Associate • Microsoft Azure Security Engineer Associate • AZ-400 DevOps • PCNSE • CCNP • CEH

CORE COMPETENCIES

AI/GenAI Security Engineering & Innovation - LLM application development, RAG architecture, agentic AI systems, AI security controls (LLM Guard), prompt engineering, and AWS Bedrock/Azure OpenAI implementation backed by hands-on PoC delivery and specialized training
Cloud Security Architecture & Engineering - AWS and Azure security design, implementation, and automation validated by AWS Certified Developer Associate, Azure Security Engineer Associate certifications, and enterprise-scale deployments across financial services
Security Automation & Orchestration at Scale - Enterprise security automation frameworks, Temporal workflow orchestration, multi-vendor firewall automation (Palo Alto, Cisco, Akamai), and security tool integration delivering measurable operational efficiency in mission-critical environments
DevSecOps & CI/CD Pipeline Engineering - Secure software development lifecycle, automated security controls, GitHub Enterprise, GitHub Actions, TeamCity, Docker, HashiCorp Vault, and AppSec champion practices with AZ-400 DevOps certification
Infrastructure as Code & Cloud Automation - Terraform/Terratest expertise, CloudFormation, multi-cloud IaC frameworks, self-service platform development, and automated infrastructure provisioning with Akamai DevOps Professional certification
Enterprise Security Leadership & Strategy - Technical strategy development, cross-domain security architecture, federated security solutions, stakeholder management, and mentoring engineering teams across large-scale organizations
Advanced Network Security & Firewall Technologies - Next-generation firewalls (Palo Alto PCNSE certified), traditional firewalls, secure web gateways, edge security platforms (Akamai, Cloudflare), and 10+ years hands-on multi-vendor firewall management
Secure Software Development & Ethical Hacking - Python and Go programming, REST API development, microservices architecture, offensive security mindset (CEH certified), vulnerability assessment, and production-grade security tool development
Container Orchestration & Kubernetes - Kubernetes application development, container security, Helm packaging, and cloud-native security patterns supported by ongoing CKAD certification preparation
Security Research & Innovation - PhD-level analytical and research capabilities, algorithm development, security protocol design, academic publication record, and translation of research into practical enterprise solutions
Cross-Platform Systems Administration - Linux and Windows server administration, cloud infrastructure management, networking protocols (CCNP certified), IPAM/DHCP/DNS, and VPN technologies
Continuous Learning & Technology Adoption - Demonstrated commitment through 25+ certifications, 50+ professional training courses, and rapid acquisition of emerging technologies (GenAI, Temporal, Kubernetes) aligned with industry evolution

RECOGNISED ACHIEVEMENTS

🥇 2022 | Annual performance achievement of Above Expectations and top (75% of maximum) bonus award
🥇 2021 | Recognition of Commitment for the delivery of the CI/CD pipeline that automates firewall policy breach reporting for Network Security control team
🥇 2019 | Add Value Award for the perseverance and innovation in firewall automation and delivery of its benefits to business units
🥇 2019 | STAR: Special Thanks And Recognition Award for the last minute support for the Air Canada cutover and ensuring Amadeus had a happy customer
🥇 2016 | STAR: Special Thanks And Recognition Award for the exceptional contributions to the firewall migration project
🥇 2008 | Full UTS Faculty of Engineering Postgraduate Research Scholarship for the Doctoral Program
🥇 2007 | Kyung Hee University President’s Special Prize for the Excellent Foreign Student
🥇 2005 | Full Kyung Hee University and Networking Lab. Scholarships for the Master course in Kyung Hee University

INDUSTRY EXPERIENCE

Staff Security Engineer - Security Automation

April 2023 - Present | Commonwealth Bank of Australia - 30,001+ Employees

Responsibilities

  • Drive business outcomes by aligning technical implementations with core business and technical strategies.
  • Develop technical strategy while overseeing medium to complex engineering initiatives.
  • Design solutions that enable broader teams to implement product and technology strategies.
  • Identify delivery risks proactively, communicate effectively, and adjust plans to achieve goals.
  • Mentor and up-skill other engineering teams across different squads.
  • Define project stretch goals and success measures, holding the squad accountable.
  • Architect and develop AI-powered security automation PoCs including:
    • GenAI chatbot using AWS Bedrock, RAG architecture, and Streamlit for self-service security configuration management
    • Agentic vulnerability management system using MCP servers, integrating security tools (Snyk, Sysdig, Wiz) with automated Jira/GitHub workflows
    • AI security controls using LLM Guard API for prompt injection and jailbreak protection
  • Communicate security engineering vision to inspire teams across the Group.
  • Complete design and threat modelling independently.
  • Drive the development of strategic programs of work, including proof of concept developments.
  • Contribute to internal online discussions around security engineering, delivery and technology (for example blog posts and knowledge based articles).

Strategic Programs & Leadership Roles

Program/InitiativeRoleImpact/Scope
AI/GenAI-powered security automation PoCsArchitect & DeveloperRAG chatbot, agentic vulnerability management, AI security controls
DevSecOps automated security checksTechnical/Solution Co-leadEnterprise-wide automated security control compliance gates in CI/CD enabling secure-by-default development
Group security orchestration platformTechnical/Solution Co-leadCentralized Temporal platform orchestrating security tool integrations and workflows
Edge security self-service platformTechnical/Solution LeadMulti-tenant self-service WAAP/DDoS platform (Akamai, Cloudflare) serving enterprise-wide business units via Terraform
Federated security architectureGroup Security ChampionCross-domain security solution assessments and risk mitigation
Corporate edge firewall policy governance automationTechnical/Solution LeadAutomated Palo Alto request validation, change plan generation, and compliance documentation
Security as an APITechnical/Solution Co-leadGroup-wide REST API framework enabling programmatic security tool integration and automation
DevSecOpsGroup Cybersecurity AppSec ChampionSecure code review, AppSec standards, monthly champion meetups

Senior Engineer - Security Automation

September 2022 - April 2023 | Commonwealth Bank of Australia - 30,001+ Employees

Responsibilities

  • Continued security automation responsibilities from Senior Cyber Security Automation Engineer role while expanding scope to include:
    • Solution and Developer Lead and de facto Project Manager for the Akamai Automation Initiative, architecting, designing, implementing, and delivering the Terraform-based Akamai Automation Framework and self-service automation function benefiting business units across the bank
    • Organized and facilitated the Group Security CIO Engineering Talks Forum to foster knowledge sharing, collaboration, crowd-reviewing, effective SME identification and resource allocation, and establishment of improved processes within Security Engineering teams

Senior Cyber Security Automation Engineer

May 2022 - September 2022 | Commonwealth Bank of Australia - 30,001+ Employees

Responsibilities

  • Architect, design, and implement DevSecOps framework and practices for the bank’s Cyber Security Automation team using GitHub Enterprise, TeamCity, Docker, Checkmarx, Jfrog Artifactory, Jfrog Xray, HashiCorp Vault, and Bash scripting
  • Design, build, and maintain shared Python library with DevOps pipeline producing PyPi package (PyCyber) for Cyber Security Automation team’s solution development
  • Serve as CBA AppSec champion, performing secure code reviews and approvals while delivering talks at monthly AppSec champion meetups
  • Drive initiatives that optimize, automate, and rationalize activities across Cyber Security controls
  • Drive efficiencies and productivity gains through implementation of automation functions/solutions across Cyber Security group to uplift Cyber posture. These include privileged service account creation automation, Splunk onboarding automation, and Akamai automation.
  • Influence and drive practice of Automation standardization across Cyber Security group
  • Conduct technical interviews and candidate assessments, contributing to team growth and maintaining high engineering standards
  • Act as a technical lead, manage and lead a small team of Cyber Security automation engineers
  • Train security architects, cyber security engineers and control teams on automation solutions/functions and DevSecOps practices

Achievements

  • Achieved the Above Expectations annual performance review and awarded top (75% of maximum) bonus
  • Saved around 4200 hours annually for both Splunk team and stakeholders through the delivery of the Splunk Log4J Onboarding Acceleration Automation project well before a given deadline
  • Achieved the recognition of Commitment for the delivery of the CI/CD pipeline that automates firewall policy breach reporting function for Network Security control team

Technology Owner - Firewall Automation

February 2018 – May 2021 | Amadeus IT Group - 10,001+ Employees

Responsibilities

  • Architect and lead PAN firewall/Azure loadbalancer as Code design and development for on-prem and Azure environments including Terraform firewall/load balancer deployment and Palo Alto firewall configuration automation using Amadeus traffic flow blueprint, Terraform Azurerm and PAN-OS providers, and Infrastructure as Code Jenkins CI/CD pipeline
  • Architect, design and develop software development based firewall automation framework leveraging multi-vendor firewall REST APIs
  • Architect, design, develop, maintain Python based multi-vendor firewall automation solutions for business use cases including automated end-to-end firewall path identification, SOC IP blocking, firewall change deployments, firewall permission checks, VPN cleanup, firewall definition cleanup
  • Integrate Python based multi-vendor firewall automation solutions with Ansible and Ansible AWX/Tower to produce user-friendly/guiding/self-service web GUI portals for firewall automation consumers and facilitate end-to-end automation initiatives via AWX API calls
  • Leverage firewall automation solutions to drive improvements in processes, operational efficiency/agility and system stability in mission-critical environment
  • Serve as technical interviewer and hiring decision-maker for security engineering positions
  • Mentor team members on Network Security and automation
  • Applied knowledge/skills/tools: PAN & Cisco firewalling & REST API, Python, Object oriented software design and development, Linux/Windows administration, Git, Bitbucket, Jira, Ansible/AWX, Jenkins, Docker, CI/CD workflow, Visual Studio Code, Insomnia, OpenAPI, Azure network/security, Terraform, Golang, Terratest

Network Security Engineer

February 2015 – January 2018 | Amadeus IT Pacific - 10,001+ Employees

Responsibilities

  • Lead technical implementation of the Cisco/Blue Coat to Palo Alto migration project
  • Research, design, and implement Palo Alto advanced features including Threat Prevention, User-ID, App-ID, Content-ID, SSL decryption, WildFire, and URL Filtering on managed firewalls
  • Manage full lifecycle of network security devices from design and engineering through implementation and maintenance
  • Administer and provide Tier 3 follow-the-sun support for complex global network security infrastructure spanning 152+ Palo Alto, Cisco firewall, and Blue Coat proxy clusters using Panorama, Cisco Security Manager, and SIEM platforms (QRadar, Splunk)
  • Author technical documentation including network diagrams and knowledge base articles for global firewall and proxy infrastructure
  • Support development and definition of AMADEUS security standards, policies, and procedures, implementing them through technical means
  • Deliver security consulting and implement security concepts and audits for internal and external customers
  • Collaborate with vendors’ TAC and professional services to resolve complex issues, fine-tune systems, and explore new features to meet emerging business challenges
  • Applied knowledge/skills/tools: PAN firewalls and Panorama, Cisco firewalls and CSM, Qradar, Splunk, Symantec Blue Coat proxies and Management Center

IT Network Support Analyst

May 2013 - February 2015 | LION Pty Ltd - 5001-10,000 Employees

Responsibilities

  • Research and execute proof-of-concept projects on various network/security technologies such as Palo Alto and Cisco
  • Design, implement and administer Palo Alto firewalls via Panorama at enterprise Internet edges in Australia and New Zealand
  • Plan, configure, manage and troubleshoot enterprise Cisco Unified Wireless Network of more than 600 lightweight APs and controllers across AUNZ via Prime Infrastructure
  • Migrate Cisco autonomous wireless networks to lightweight wireless networks at multiple Lion dairy and drinks sites
  • Configure, administer and troubleshoot more than 1000 Cisco switches and routers at more than 120 Lion sites
  • Execute LAN improvement projects at multiple Lion sites to improve network performance and manageability
  • Configure and manage Cisco SSL & site to site VPNs, DMVPN, ASA firewalls, and Riverbed Stealheads
  • Collaborate with Telco for WAN link provision, monitor enterprise WAN links, and configure & deploy DMVPN 3G/4G routers to ensure business continuity
  • Deliver technical consulting, level 3 escalation, and on-call support via Cherwell ticketing system, phone calls, and emails
  • Create comprehensive documentation including network topology diagrams and system configurations for 120+ Lion sites

Achievements

  • Successful migration from Forefront TMG to Palo Alto
  • Effective prevention of Cryptolocker via Palo Alto URL filtering

Network Engineer

February 2012 – May 2013 | NETWORX AUSTRALIA - 10,001+ Employees

Responsibilities

  • Design and implement Silver Peak WAN optimization, Palo Alto firewall, SonicWALL firewall & VPN, VMware, Cisco switches & routers, and Cisco & Enterasys wireless solutions
  • Configure and administer Palo Alto & SonicWALL firewalls, SonicWALL, Ironport & Websense email security appliances, Aventail E-Class SRA appliances, DELL switches, Blue Coat ProxySG & PacketShaper, F5 LTM, BlueCat DHCP & DNS, Enterasys wireless and network access control appliances, VMware virtual infrastructure, and SolarWinds NPM & NTA
  • Configure and administer Windows Server 2008 & SQL Server environments including MS Exchange and Active Directory, Group Policies, PKI, Failover Clustering, and Network Policy Server
  • Implement StorageCraft and SonicWALL data backup and disaster recovery solutions
  • Perform data center operations and maintain technical documentation for network infrastructure and systems
  • Deliver technical consulting and pre- & post-sales support via ticketing system, remote desktop sessions, telephone, and emails
  • Research new technologies & products and their applications
  • Collaborate with technology vendors and partners on product enablement

Network & Systems Administrator, Contractor

March 2011 – April 2012 | Ma & Company Solicitors, Sydney

Responsibilities

  • Document existing LAN, workstations & server topology
  • Set up & relocate LAN, WIFI, ADSL/Cable modems/routers
  • Upgrade & update desktop PC hardware, MS Office, MS Windows and patches
  • Deploy security measures against viruses, spyware, and intrusion to all workstations
  • Create clean backup images of operating systems
  • Perform daily IT/Network admin & troubleshooting
  • Liaise closely with PC retailers, legal software company, web hosting company, ISP to solve problems

Achievements

  • Selected by management as sole technical consultant for company

Cisco Network Engineer, Contractor

October 2011 | HotelsCombined™, Sydney

Responsibilities

  • Design and build new network of Cisco switches and routers for HotelsCombined HQ office

Achievements

  • Solved intractable technical problems before stipulated deadline
  • Awarded bonus of 25% of total payment for supplied service

System Administrator

April 2011 – June 2011 | Master Builders Association of NSW, Sydney

Responsibilities

  • Connect and enable data replication between two independently developed database applications: EMT (Enquiry Mate Trainers) and iMIS
  • Operate, administer, and customize EMT functionalities
  • Extract data from EMT to Excel spreadsheets using T-SQL
  • Develop Visual Basic Application for spreadsheets to generate administrative reports to Training Managers
  • Conduct training for staff in EMT and developed VB applications
  • Perform casual IT/Network troubleshooting

Achievements

  • Solved intractable technical problems before stipulated deadline
  • Improved training management efficiency through introducing new VB applications

ACADEMIC EXPERIENCE

Researcher

2008 –2011 | Centre for Real-Time Information Networks, University of Technology, Sydney

Responsibilities

  • Conducted research on security in wireless sensor networks and mobile ad-hoc networks
  • Developed and evaluated proposed algorithms through simulations and implementation using Matlab and nesC programming languages
  • Organize weekly technical seminars
  • Presented at international academic conferences

Achievements

  • Obtained UTS Vice-Chancellor’s & Faculty of Engineering & IT’s conference funds
  • Published total of 9 papers in renowned international conferences and journals

EDUCATION HISTORY

PhD in Computing and Communications Engineering

2008 – 2011 | University of Technology, Sydney, Australia
Thesis: Controlled Link Establishment Attacks on Distributed Sensor Networks and Countermeasures

Master of Computer Engineering (Network Security Focus)

2005 – 2007 | Kyung Hee University, Suwon, South Korea
Thesis: Security Algorithms for Wireless Sensor Networks

Engineer in Information and Communications Technology

2000 – 2005 | Hanoi University of Science and Technology, Hanoi, Vietnam
Thesis: Kerberos-based authentication for FTP applications

CERTIFICATIONS & CONTINUOUS TRAINING/LEARNING

CERTIFICATIONS

PROFESSIONAL TRAINING

CONTINUOUS LEARNING

PUBLICATIONS

See publications.