Melbourne, Victoria, Australia
I'm a Cloud Platform Engineer with 4+ years of hands-on experience designing, automating, and securing AWS infrastructure at scale. I've worked across consulting and financial services — and whether I'm building internal tooling, hardening a deployment pipeline, or redesigning an image build process, I bring the same mindset: make it secure, make it repeatable, make it last. What drives me is curiosity. I'm constantly spinning up home labs on AWS and Raspberry Pi — not because I have to, but because I genuinely enjoy understanding how things work at a deeper level. Lately that curiosity has pulled me toward cloud security and networking, both on AWS and at home. My technical foundation spans infrastructure-as-code (Terraform, CloudFormation), CI/CD pipelines, containerisation, and secure architecture patterns. I enjoy designing systems that are built right from the start — not just functional, but secure, observable, and cost-efficient. I've led projects that have saved over AUD $100k in cloud storage costs, redesigned multi-account AWS structures that were previously maxing out SCP limits, and built logging pipelines that give security teams real visibility across the estate. I take documentation seriously — not as an afterthought, but as part of the work — and I've been involved in mentoring associate and mid level roles. Long term I'm working toward a Principal Architect role, and I'm putting in the work now to get there. If you're into cloud infrastructure, security, or home-lab experiments, let's connect.
Insignia is one of Australia's largest financial services groups, and the cloud platform team is responsible for the AWS & GCP estate that underpins it. My role sits at the intersection of platform engineering, security, and automation. AWS Organisation & Infrastructure • Led a full redesign of the AWS Organisation OU structure — migrated years of ClickOps configuration into Terraform, automated deployments via GitHub Actions, and restructured the OU hierarchy to unlock more granular SCP policies. The previous design had nearly exhausted the SCP character limit; the new one freed up significant headroom while giving workload teams more precise guardrails. • Manage and maintain CloudFormation StackSets and SAM-based deployments across the multi-account estate, covering workload onboarding, account baselines, and platform tooling. • Released Graviton-based Golden AMIs to workload teams, collaborating with the image build pipeline to ensure Graviton compatibility was tested and documented before rollout. Security & Compliance • Built and implemented a centralised logging pipeline that ships VPC Flow Logs, Control Tower CloudTrail, WAF, and ALB logs into Insignia's SIEM (Sekuro) — and extended the same pattern to GCP log ingestion. Architecture: host → CloudWatch → Kinesis Firehose → S3 → SIEM. • Worked with the cyber engineering team to bake CrowdStrike Falcon sensor into the Golden AMI build process, ensuring every new instance deployed to the estate comes pre-equipped with EDR from first boot. • Built SQS monitoring and alerting for the SIEM pipeline to detect queue failures and notify the team before log gaps occur. • Leading a tooling consolidation review — Insignia uses Wiz for cloud security posture, but several overlapping AWS-native tools are still running. I'm mapping the coverage gaps and overlaps to identify what can be safely removed to reduce cloud spend.