Shino
Shamit

SOC Analyst · Detection Engineering · Penetration Testing

IT & Cybersecurity graduate. Specialises in adversary behaviour analysis, KQL-based detection engineering, and cloud-native SIEM operations on Microsoft Sentinel. Now crossing into offensive security — studying penetration testing methodologies to understand both sides of the kill chain. Alerts get triaged. Attack paths get mapped. Findings don't get buried — like Georgekutty, the evidence always surfaces eventually. Here, it becomes a detection rule.

Open to roles — Anywhere in Australia Master of Cybersecurity — RMIT Microsoft Sentinel · KQL Pentesting · TryHackMe MITRE ATT&CK AISA Member

View projects Download resume Get in touch

01 About

Master of Cybersecurity (RMIT) · Bachelor of Computer Science. Operates across both sides of the kill chain — defensive detection engineering by day, offensive methodology by study. You can't write rules that catch attackers without thinking like one first.

Church keyboard player. Analysts and musicians share the same core skill: pattern recognition — knowing the moment something is off-key, off-tempo, out of place. That instinct doesn't stay at the piano.

AISA member. AusCyberCon 2025 Session Host. Malayalam cinema enthusiast — Drishyam taught that the logs always tell the truth. Georgekutty buried the evidence. The SIEM would have caught it on day one.

// currently

Studying pentesting methodologies via TryHackMe — Cyber Kill Chain, PTES, OSSTMM, OWASP WSTG
Preparing for CompTIA CySA+ certification
Building detection rules mapped to MITRE ATT&CK technique coverage
Actively seeking SOC, detection, or junior pentesting roles across Australia

// daily stack

Microsoft Sentinel KQL Azure TryHackMe Burp Suite Wireshark PowerShell MITRE ATT&CK Navigator

// Brighton Beach, Melbourne ·

Open to SOC Analyst, Pentester, IT Support, Junior Detection, Threat Hunting

Location Australia-wide · Remote or On-site

Email shinoshamitau@outlook.com

GitHub shinoshamit25-afk

LinkedIn shino-shamit

Cert CompTIA CySA+ — in progress

⬡

AusCyberCon 2025

Session Host · Canberra & Melbourne

⬡

AISA Member

Australian Information Security Association

⬡

CySA+ In Progress

CompTIA — Currently Preparing

02 Skills

Security Operations

Alert triage & escalation
Incident investigation
Threat hunting workflows
MITRE ATT&CK mapping
KQL detection queries
Vulnerability assessment
STRIDE threat modelling
NIST Cybersecurity Framework
Network traffic analysis

Cloud & Tools

Microsoft Sentinel (SIEM)
Microsoft Azure
Log Analytics Workspace
Windows Event Logs
Wireshark / PCAP
Burp Suite
Nmap
Metasploit
Linux & Windows Admin

IT & Scripting

Windows 10/11 & macOS
Microsoft 365
PowerShell
KQL & SQL
REST APIs & OAuth2
n8n automation
TCP/IP, DNS, DHCP
Identity & access management
Incident documentation

03 Projects

/01

Microsoft Sentinel SOC Monitoring Lab

Deployed a cloud-native SOC environment on Microsoft Azure with Microsoft Sentinel as the SIEM. Ingested Windows Event Logs, monitored authentication telemetry, and investigated anomalous login behaviour. Treated each alert like a live incident — triage, root cause, timeline, containment recommendation.

KQL queries authored to surface brute-force patterns and lateral movement indicators · Dashboards built for real-time attack pattern visibility and threat intel overlay

Azure Sentinel KQL Windows Event Logs Log Analytics

/02

Critical Infrastructure Monitoring Lab

Simulated adversarial activity targeting critical infrastructure systems — brute-force authentication attempts, suspicious PowerShell execution, and lateral movement patterns. Configured Windows Server log pipelines and authored detection logic from scratch to catch each simulated technique.

KQL rules for T1110 brute-force and T1059.001 PowerShell abuse · Full ATT&CK technique mapping across simulated attack chain

KQL Windows Server MITRE ATT&CK Threat Hunting

/03

Cybersecurity Job Intelligence System

Engineered an automated intelligence pipeline using n8n workflow orchestration. Integrates Google APIs and SerpAPI via OAuth2 and REST to continuously harvest and normalise cybersecurity job listings across Australia. Rule-based filters strip clearance-gated and citizenship-restricted roles before surfacing ranked results to a live dashboard.

OAuth2 + REST API integration · Automated normalisation, deduplication, and relevance-scoring pipeline

n8n REST APIs OAuth2 Automation SerpAPI

/04

Web & Network Security Labs

Executed SQLi, XSS, and broken access control attacks in controlled lab environments using Burp Suite and SQLmap. Captured and dissected PCAP files with Wireshark — isolating C2 beaconing patterns, exfiltration attempts, and anomalous protocol behaviour. Every finding written up in structured report format.

Report format: CVE class → exploitation path → impact scope → remediation → verification · IOC extraction and traffic pattern analysis from raw packet captures

Burp Suite SQLi / XSS Wireshark OWASP Top 10 IOCs

/05

Penetration Testing Methodologies & Frameworks

Structured deep-dive into industry-recognised penetration testing frameworks via TryHackMe. Covers the full offensive security lifecycle — from pre-engagement ethics and scoping through reconnaissance, exploitation methodology, post-exploitation, and professional reporting. Not just reading theory — mapping each framework to how real engagements are scoped, executed, and closed.

Frameworks studied: Cyber Kill Chain · PTES · OSSTMM · OWASP WSTG · NIST SP 800-115 · ISSAF · MITRE ATT&CK · PCI DSS · CBEST · MASTG

"Knowing the kill chain from both ends changes everything — Premam taught that you have to live through all the phases before the timing is right. Recon, patience, execution."

TryHackMe Cyber Kill Chain MITRE ATT&CK OWASP WSTG PTES NIST SP 800-115 Threat Modelling

// analyst note Every framework studied becomes a detection opportunity. Understanding PTES recon phases means knowing exactly what log sources catch it. Understanding the Kill Chain means writing rules for each stage — not just the payload.

04 Experience

TeckNova IT Solutions

Cybersecurity Intern

Jul 2025 — Oct 2025 · Caulfield, VIC

Executed vulnerability assessments across web applications and API environments using Nmap and Wireshark — identifying misconfigured endpoints, exposed services, and injection-susceptible parameters.
Produced remediation reports structured for dual audiences: technical root-cause analysis for engineers, executive risk summaries for non-technical stakeholders.
Applied STRIDE threat modelling methodology to map attack surfaces and classify threat categories across target systems.
Triaged and prioritised identified vulnerabilities by exploitability and business impact; tracked remediation status through to closure.

Mercy Place Wyndham

Support Staff

May 2024 — Present

Operated within a compliance-heavy healthcare environment governed by strict procedural controls, safety standards, and privacy legislation — directly analogous to regulated security operations.
Maintained rigorous documentation discipline following defined protocols; accuracy under audit conditions was non-negotiable.
Coordinated across multidisciplinary teams in high-pressure, shift-based operations — reliability and communication were load-bearing.
Handled sensitive personally identifiable information under full legal privacy obligations; zero tolerance for data handling failures.

05 Education

Master of Cybersecurity

RMIT University

2024 — 2025

Bachelor of Computer Science

Rajagiri School of Engineering and Technology

2019 — 2023

06 Contact

Actively seeking SOC analyst, detection engineering, IT support, or junior security roles across Australia — remote or on-site. Response time is fast.

Email shinoshamitau@outlook.com ↗ LinkedIn linkedin.com/in/shino-shamit ↗ GitHub github.com/shinoshamit25-afk ↗ Resume View on Google Drive ↗

Open to roles, referrals, or technical conversations about detection engineering, pentesting, threat hunting, or SOC operations. Australia-wide — remote or on-site. Signal is monitored.

// Off the clock: keyboard player at church. A good musician hears when something's off-key before anyone else does. Same instinct, different stack.