Professional Experience
Cyber Incident Responder, CSIRT
Mar 2025 – PresentSalesforce — Melbourne, Australia
🌐 Remote- Investigate complex endpoint and cloud security incidents across Windows, macOS, Linux, AWS, Azure, and GCP environments within Salesforce's enterprise CSIRT function
- Perform deep endpoint investigations involving suspicious execution, persistence analysis, credential misuse, malware activity, and identity-related compromise across enterprise environments
- Conduct threat hunting across endpoint and cloud telemetry to identify attacker behaviour, visibility gaps, and suspicious execution patterns bypassing existing detections
- Support containment and remediation efforts during high-priority incidents while improving investigative workflows and telemetry visibility
- Support development and tuning of security alerts, detection workflows, and telemetry correlation logic to improve incident response effectiveness
- Contribute to internal CSIRT projects and workflow improvements to increase investigative efficiency and response capability
Associate Cyber Incident Response Specialist
Feb 2023 – Feb 2025EnergyAustralia — Melbourne, Australia
🔀 Hybrid- Conducted hypothesis-driven threat hunting across endpoint and network telemetry to identify suspicious execution patterns, persistence mechanisms, and attacker behaviour
- Supported incident response investigations involving phishing, malware, endpoint compromise, and operational technology (OT) environments
- Worked as a technical SME for multiple security platforms supporting incident response workflows, telemetry analysis, and investigative efficiency improvements
- Participated in purple team activities focused on validating detection coverage and improving endpoint visibility across enterprise environments
- Provided 24×7 cyber incident response support within a specialised CSIRT environment
SOC Analyst
Jun 2022 – Jan 2023KDDI Summit Global Myanmar — Yangon, Myanmar
🏢 Onsite- Led SOC monitoring and incident response activities across enterprise environments
- Conducted web application penetration testing, vulnerability assessments, and proactive threat hunting activities
- Improved security awareness initiatives through phishing simulations and internal training development
- Supported cyber risk assessments and security-focused systems design reviews
Cyber Security Analyst
May 2019 – Aug 2019Kernellix — Yangon, Myanmar (Internship)
🌐 Remote- Performed web application penetration testing and vulnerability assessments
- Developed automation scripts using Python and Bash to support security testing and reporting workflows
- Assisted with technical reporting and remediation recommendations for identified vulnerabilities
Achievements
GIAC Security Professional (GSP) — Analyst #506
2026
Achieved GIAC Security Professional (GSP) certification, becoming the 506th analyst globally to earn this distinguished certification. GSP represents the pinnacle of GIAC certifications, requiring holders to have earned at least 3 GIAC Practitioner Certifications and 2 GIAC Applied Knowledge Certifications (5 total GIAC certifications), demonstrating comprehensive expertise across multiple cybersecurity domains.
SANS Offensive Operations Coin Winner (SEC504 Course)
2026
Awarded for winning the final capstone challenge of SEC504: Hacker Tools, Techniques, and Incident Handling on the last day of class. The challenge tests comprehensive understanding of offensive security techniques and incident response.
SANS Lethal Forensicator Coin Winner (FOR508 Course)
2024
Awarded for winning the final capstone challenge of FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics on the last day of class. Demonstrates advanced skills in memory forensics, threat hunting, and incident investigation.
BTL2 Silver Challenge Coin
2024
Awarded by Security Blue Team for passing the Blue Team Level 2 certification exam. BTL2 focuses on advanced threat hunting, log analysis, and incident response across enterprise environments.
Research & Community Projects
MITRE ATT&CK Contributor
Contributed T1546.018 — Event Triggered Execution: Python Startup Hooks to the MITRE ATT&CK framework, documenting a persistence technique used by threat actors.
View Technique →Insider Threat Matrix Contributor
Contributed AR5 (Uninstalling Software) and DT095 detection techniques to the Insider Threat Matrix, helping organizations detect insider risk behaviors.
View Contribution →Malware Analysis Research
Published static & dynamic malware analysis research on Mustang Panda TONESHELL malware, documenting TTPs, C2 infrastructure, and detection opportunities.
Read Analysis →BTLO Global #1
Ranked #1 globally on Blue Team Labs Online (BTLO) CTF platform across all defenders. Authored walkthroughs for CTF challenges and investigations.
View Profile →TryHackMe Top 1%
Ranked in the top 1% of users globally on TryHackMe. Authored walkthroughs for CTF challenges covering DFIR, threat hunting, and security analysis.
View Profile →Lab Environment Research
Built malware analysis and DFIR lab environments to analyse persistence mechanisms, attacker behaviour, and anti-analysis techniques. Continuous experimentation across endpoint telemetry, memory forensics, cloud investigations, and detection engineering workflows.
GIAC Advisory Board
Awarded by GIAC for achieving an outstanding score (90%) on the GCFA exam, demonstrating expert-level knowledge in forensic analysis and incident response.
2024Technical DFIR Projects
Built forensics and incident response tools including AWS Log Analyzer, CrowdStrike Log Analyzer, Command Line Analyzer, and Enterprise Grade Browser Forensics Suite to accelerate investigation workflows.
Write-ups & Presentations
Exam reviews, conference presentations, and CTF write-ups published on PHK Knowledge Sharing.
View All Write-ups →BSides Myanmar 2025 Speaker
Presented "The Art of Windows Memory Forensics" at BSides Myanmar 2025, covering memory acquisition, analysis techniques, and malware detection in volatile memory.
2025Certifications
GIAC / SANS
8 certifications
- GSPGIAC Security Professional #506
- GCFAGIAC Certified Forensic Analyst
- GCFEGIAC Certified Forensic Examiner
- GCIHGIAC Certified Incident Handler
- GIMEGIAC iOS & macOS Examiner
- GX-FAGIAC Experienced Forensic Analyst
- GX-FEGIAC Experienced Forensic Examiner
- GX-IHGIAC Experienced Incident Handler
TryHackMe
2 certifications
- SAL1Security Analyst Level 1
- SAL2Security Analyst Level 2
CyberDefenders
1 certification
- CCDL1Certified CyberDefender Level 1
Security Blue Team
1 certification
- BTL2Blue Team Level 2
INE / eLearnSecurity
1 certification
- eCTHPCertified Threat Hunting Professional
EC-Council
1 certification
- C|HFIComputer Hacking Forensic Investigator
ISC²
1 certification
- CCCertified in Cybersecurity
Education & Courses
Degrees
Master of Information Technology / Master of Business Administration
James Cook University, Australia
Bachelor of Science (Computing)
Edinburgh Napier University, UK
HND in Computing & Systems Development
Info Myanmar University, Myanmar
Courses
FOR508 — Advanced Incident Response, Threat Hunting & Digital Forensics
SANS Institute
FOR518 — Mac and iOS Forensic Analysis and Incident Response
SANS Institute
SEC504 — Hacker Tools, Techniques & Incident Handling
SANS Institute
Investigation Theory
Applied Network Defense — Chris Sanders
Hunting Adversary Infrastructure
IntelOps
Skills & Tooling
SIEM
EDR / XDR
Digital Forensics
Cloud IR
Threat Intelligence
Other
Development
Get in Touch
Open to collaboration, speaking opportunities, and interesting security problems.