Skip to content
Stuart in Nintendo World Japan

I love cyber security

Hi, I’m Stuart, and I’ve been working in cybersecurity since 2012 and in technical software testing before that. I live in Melbourne, Australia, with my wife (who also works in security), three children and a black cat named Bella.


What this blog is about

My Story

You can read more about my specific journey and background in my post on how to become a security architect. But the short version is that I was working as an IT contractor for a telecoms company in Melbourne and met my (now) wife, who convinced me to move into security because she thought that testing would become a commoditised service and be outsourced overseas. The rates companies pay for such services will drop (and that’s precisely what happened! She’s smart, my wife). It was a leap of faith at the time, and I transitioned into cyber security.

I didn’t start a blog because, for a very long time, I thought I didn’t have anything to say. But I would attend conferences and sit in presentations that sounded like they had exciting titles, which all promised to impart ‘advanced’ knowledge to the attendees, only to find that the talk barely scratched the subject’s surface. And yes, perhaps it’s a problem with the format – you can only talk about so much for 20-30 minutes – but often, the presenters spoke about quite basic or introductory concepts. And even if I did learn something new – it wasn’t anything I couldn’t have learned in 5 minutes of googling.

So I thought perhaps I actually do have something to say that might be unique or interesting. I don’t want to be a “presenter”, though, or (shudder) an “influencer”. I couldn’t think of anything worse. I heard this quote the other day which I feel captures the essence of this site’s purpose:

“I don’t want to be well known, I’d rather be known well”.

Shaan Puri

I want to be known for doing good work, helping clients by providing real value and contributing to their overall success. I’ve been doing a lot of security work, providing architecture advice around Salesforce security over the last six years and I’ll give you an example of the sort of value I’m talking about. Salesforce offers a free “security health check” for their more prominent clients, which takes the form of an assessment of the security posture for that Salesforce instance (or “org” in Salesforce speak). This is a maturity assessment, but Salesforce will also request access to the org and extract metadata on how the org has been configured and operated.

Now, this is done mainly by a central team in the United States, so they get to see many different Salesforce deployments, and I was surprised to learn that the org that I was responsible for was “one of the most secure, if not the most secure they had ever seen, globally”. That is the sort of work I’d like to be known for. I’d also like to note that it was a collaborative team effort, achieved with the backing, commitment and, most importantly, funding of the business – so I’m certainly not saying it’s all me! However, that sort of excellence in service and focus on bringing a quality outcome is my goal for my clients, and I hope to write about some of those things here.

Outside of work, I have a few other hobbies. The most interesting perhaps is welding and metalwork as I like creating things with my hands and seeing something built from nothing. I often don’t get to see that in my day job as it’s mostly attending meetings, writing emails and design documents. It’s nice to be able to do some work, see immediate progress, and show somebody else the output.