Projects
14 projects spanning security operations, cloud infrastructure, and DevOps delivery — built as production-grade work, documented as professional case studies.
Production-style assignments delivered through The CloudAdvisory Oy DevOps Micro-Internship Programme.
DMI Internship
Completed a real-world open-source contribution workflow: forked upstream repository, configured origin and upstream remotes, created feature branches, made atomic commits, synced with upstream, and submitted a clean Pull Request with full audit trail.
DMI Internship
Completed a full Agile delivery sprint with end-to-end traceability: Jira backlog, Fibonacci estimation, 5-day daily shipping cycle, Sprint Burndown, and full audit trail from ticket through Git branch, PR, deployment, and validation on AWS.
DMI Internship
Applied agentic AI workflows using Claude Code and MCP subagents to audit Terraform infrastructure for security issues. Automated checks across S3, CloudFront, HTTPS, TLS, and state management — identified and triaged 8 confirmed security findings.
DMI Internship
Reproduced a production-style 3-tier architecture on Azure — Next.js/Nginx on public VMs, Node.js backend on private VMs managed by PM2, and Azure MySQL Flexible Server with High Availability and a read replica, connected through private networking and NSG rules.
DMI Internship
Deployed a production-grade Book Review application on AWS in a secure 3-tier architecture — Next.js on EC2 behind a public ALB, Node.js API on private EC2 behind an internal ALB, and Amazon RDS MySQL in a private subnet with no direct internet exposure.
DMI Internship
Provisioned complete AWS infrastructure from code using Terraform — VPC, subnets, Internet Gateway, Route Tables, Security Groups, EC2, and RDS. Also deployed a static site on S3 + CloudFront using an AI-assisted agentic Terraform pipeline with automated cache invalidation.
DMI Internship
Designed and deployed a fault-tolerant AWS environment across two Availability Zones with ALB and Auto Scaling. Validated zero-downtime High Availability by terminating EC2 instances mid-traffic and confirming automatic replacement.
Practical security projects completed as part of the MSc Cybersecurity programme, awarded 2025.
MSc Cybersecurity — Robert Gordon University
Conducted a structured adversary simulation on a virtualised target using Kali Linux: reconnaissance, vulnerability discovery, exploitation, and post-exploitation. Mapped all findings to MITRE ATT&CK TTPs and produced a security report with CISO-level executive presentation.
MSc Cybersecurity — Robert Gordon University
Conducted an enterprise information security risk assessment, developed a risk register, and performed a gap analysis against ISO 27001 and NIST CSF. Designed a 1-year security improvement programme to strengthen cyber hygiene and compliance posture.
MSc Cybersecurity — Robert Gordon University
Designed and trained a supervised ML classification model on a real-world dataset for spam and phishing detection. Applied feature engineering, model selection, and evaluation metrics — and analysed the security and ethical implications of AI-based threat detection including false positive rates and deployment risks.
MSc Cybersecurity — Robert Gordon University
Performed a socio-technical security assessment of a real enterprise system — modelling assets, user personas, data flows, and trust boundaries. Conducted structured threat modelling and risk analysis, producing actionable recommendations to reduce human error and strengthen security posture.
MSc Cybersecurity — Robert Gordon University
Performed a full forensic investigation analysing disk images, memory captures, and network traffic to identify evidence of insider misconduct. Reconstructed the attack timeline and produced a professional incident report using Autopsy and Volatility.
MSc Cybersecurity — Robert Gordon University
Deployed and operated Security Onion SIEM to investigate a simulated ransomware intrusion. Performed IDS packet analysis and log forensics, traced the infection vector to a spear-phishing campaign, and produced a professional incident report with remediation recommendations.
MSc Cybersecurity — Robert Gordon University
Conducted a security assessment of a vulnerable web application, exploiting SQL injection, file upload bypass, XSS, and authentication weaknesses using Burp Suite and OWASP methodology. Implemented secure coding fixes and Apache server hardening.