Senior cyber security practitioner with 15 years across operational security, threat intelligence, and AI governance. Currently leading AI governance and live security assessment for an AWS Bedrock implementation, alongside foundational programme ownership across ISO 27001, PCI-DSS, and Essential Eight. Corey brings an operational standard shaped by five years inside the CIA and applies it to accountable, business-aligned security outcomes.
Work Experience
Advent One · Melbourne, Australia
Leads AI governance, live security assessment, ISO 27001, PCI-DSS, Essential Eight uplift, privileged access management, vulnerability management, and executive risk reporting.
Key Contributions
- Led development of the AI governance programme for a live AWS Bedrock implementation, including responsible use policy, build guardrails, and security assessment methodology during active development.
- Built and maintained the ISO 27001 ISMS across five consecutive years of surveillance audits with zero major non-conformities.
- Identified credential theft attempts above industry average through email gateway telemetry, then designed and rolled out passwordless authentication across 80 employees in two months with zero productivity incidents.
- Grew the security function from a single-person role into a team aligned to business scale and more regulated, assurance-driven environments.
- Owned privileged access management strategy, vulnerability management, third-party and supplier risk processes, security policy development, and monthly executive and board-level risk reporting.
- Led Essential Eight uplift with engineering and operational teams to ensure controls were effective in practice.
Morgan Security Advisory · Sydney, NSW, Australia
Founder and principal consultant of an independent boutique consultancy delivering offensive security services to financial services, critical infrastructure, and government clients across Australia and the Asia-Pacific region.
Key Responsibilities
- Lead complex red team operations and adversary simulation exercises for ASX 100 financial institutions
- Deliver cloud security architecture reviews across AWS, Azure, and GCP environments
- Provide virtual CISO (vCISO) services to mid-market organisations building security programmes
- Author detailed technical and executive-level assessment reports and remediation roadmaps
- Mentor junior consultants and contribute to internal methodology development
Foregenix · Melbourne, Australia (Remote)
Sole APAC threat intelligence resource within a global function, providing regional coverage in coordination with UK analysts and forensics specialists.
Key Contributions
- Provided 24/7 APAC threat intelligence coverage in coordination with the UK team and forensics specialists.
- Tracked threat actor activity, vulnerability trends, and attack techniques targeting client environments.
- Specialised in e-commerce compromise and payment card-targeted malware campaigns.
- Produced actionable threat reporting, indicators of compromise, and strategic briefings that informed live incident response and translated raw telemetry into risk-graded decisions for client executive teams.
Verifone Australia · Melbourne, Australia
Provided internal security guidance to Verifone Cloud Services for APAC payment gateways and managed the regional PCI-DSS compliance programme.
Key Contributions
- Provided internal security guidance to the Verifone Cloud Services division operating APAC payment gateways.
- Managed the PCI-DSS compliance programme across the APAC region for one of the world's largest payment infrastructure businesses.
- Configured and operated security tooling for threat detection and remediation across internal and external attack surfaces.
Foregenix · Melbourne, Australia
Delivered PCI-DSS consultation across APAC enterprise clients with a focus on embedding compliance into business-as-usual operations.
Key Contributions
- Delivered PCI-DSS consultation across APAC enterprise clients.
- Helped organisations embed compliance as business as usual rather than treating it as an annual scramble.
CyberCX · Sydney, NSW, Australia
Senior member of the offensive security team at one of Australia's largest independent cybersecurity firms. Conducted web application, network, and mobile assessments for clients in banking, healthcare, and government sectors.
Key Achievements
- Led over 60 client engagements annually including CREST-accredited penetration tests
- Identified critical zero-day vulnerabilities in two widely deployed enterprise applications; coordinated responsible disclosure
- Developed automated tooling to improve assessment throughput by 30%, later open-sourced as recon-pipeline
- Delivered security awareness training workshops to over 400 staff across multiple organisations
Trustwave · Melbourne, Australia
Qualified Security Assessor delivering PCI-DSS assessments and ISO 27001 implementations across the APAC region.
Key Contributions
- Delivered PCI-DSS assessments and ISO 27001 implementations across the APAC region.
- Conducted risk assessments and designed mitigation strategies for clients across multiple industries.
- Authored policy and procedure documentation to support security and compliance programmes.
Australian Cyber Security Centre (ACSC) · Canberra, ACT, Australia
Threat intelligence and vulnerability analysis role within the Australian Government's lead cyber security agency. Focused on analysing threat actor TTPs and producing actionable intelligence for critical infrastructure operators.
Key Contributions
- Produced classified and unclassified threat intelligence reports distributed to Australian government agencies and critical infrastructure operators
- Contributed to national vulnerability advisories covering widely deployed software across the federal government estate
- Led incident response for multiple significant cyber security incidents affecting Commonwealth agencies
Thomas Duryea Consulting · Richmond, Victoria
Designed and implemented the organisation's first ISO 27001 ISMS for the cloud services environment.
Key Contributions
- Built foundational security policies, risk processes, and operational controls from scratch.
- Led the business through first ISO 27001 certification for the cloud services environment.
Central Intelligence Agency · Washington D.C. / Middle East
Supported CIA mission objectives across operational deployments, primarily across the Middle East, while progressing through technical infrastructure and project roles.
Key Contributions
- Completed five years of operational deployments in support of CIA mission objectives, primarily across the Middle East.
- Progressed through Help Desk Analyst, Project Manager, and Senior Systems Administrator responsibilities.
- Owned Windows Server, Active Directory, VMware, Cisco network, and access control infrastructure across deployed environments.
- Operated under a standard of integrity, accountability, and ownership that shaped later security roles.