Hi, I'm Laurent
Cyber Security Professional (purple team)
ex Global Operations Manager Cloud Tech Support for Google
About me
Through formal training at the Institute of Data (via UTS) and hands-on projects, I've recently pivoted into cybersecurity, where I'm passionate about applying my newly acquired technical skills to tackle today's evolving cyber challenges. I've built a strong foundation across Networking, Linux, Threat Detection & Analysis, Cryptography, Vulnerability & Risk Management, Systems & Cloud Architecture, and key security GRC frameworks like NIST and ISO. You can find more details in my resume section.
​
My journey here builds on 14 years as a Global Operations Manager in Cloud tech support for Google, where I developed solid skills in leadership , communication and collaboration across diverse global teams. Across technical and non-technical stakeholders, I mastered strategic planning and delivering scalable support solutions. I've gained extensive experience in cost management and optimisation, while excelling in incident response and problem-solving through developing comprehensive analysis and planning. This foundation in agile leadership, stakeholder management, and complex problem-solving has driven innovation with real impact. I'd love for you to check out my written references as a testimonial.
​
What really excites me about this new cybersecurity journey is the constant learning and technical growth opportunities. I'm particularly drawn to automation and AI security which led me to develop an automated, AI-driven prompt injection testing tool for LLMs. This tool aids businesses identify vulnerabilities in their LLMs before bad actors do, bring the age old cyber 'cat and mouse' game back in to the hands of the blue team. You can explore more details under the 'Capstone' section.
​
I'm also actively working towards my CompTIA Security+ certification and have my sights set on the AWS Certified CloudOps Engineer - Associate credential. With my unique blend of deep operational leadership experience and fresh cybersecurity expertise, I'm ready to bring both strategic thinking and hands-on technical skills to help your organisation stay ahead of today's most pressing cybersecurity challenges.
Written References
Capstone
Executive summary
​​
We are at a precipice with the introduction of AI offering unprecedented opportunities. Yet, with great power comes great responsibility.
​
The rapid adoption of AI mirrors the internet’s early growth, where innovation outpaced security. With the growing adoption of AI, particularly with chatbots, organisations face new attack vectors and increased risks like novel prompt injection attacks.
These vulnerabilities are amplified for small-to-medium businesses with limited cybersecurity resources, all whilst regulations play catch up. Without proactive measures, the unchecked expansion of AI could fuel cybercrime to unprecedented and devastating levels.
To address this, Prompt Jester was developed as an automated prompt injection testing pipeline for LLMs. It continuously simulates and analyses prompt injection attacks, leveraging tools like n8n for orchestration, Ollama and Gemini for testing and analysis, along with other integrations. In initial trials, 525 prompts were generated and evaluated against the Gemma 2B model, with a 95.2% refusal/evasion rate; however, significant false positives were observed that can be readily addressed through a simple QA process and AI fine-tuning to improve accuracy.
In conclusion, while the project successfully achieved its functional objectives and demonstrates significant promise, additional refinement is required to attain production-level accuracy and position it as a component of a broader LLM security strategy. Nevertheless, each safeguard we build is a step closer to the long path of an AI future we can sufficiently trust.
Projects & Labs
Automated Web search for known LLM vulnerabilities
​
This automated n8n workflow aggregates cybersecurity intelligence from multiple sources to identify LLM-specific vulnerabilities. It operates through multiple trigger methods: testing , scheduled, standalone and integration with main Prompt Jester workflows. Data Sources: NVD API, HackerOne bug bounty reports, ArXiv security research, GitHub security advisories, O'Reilly security feeds, and Cisa's reading feed.
Process Flow: Each source is queried for LLM-related vulnerabilities, data is processed and standardised, then merged into a centralised dataset for deduplication and prioritisation.
Output: Generates comprehensive reports via Google Sheets integration and sends notifications through multiple channels (email, Google Chat, messaging platforms).
Key Learnings: proactive threat intelligence gathering across diverse vulnerability databases. Importance of automating security monitoring for emerging AI/ML attack vectors. Illustrates effective data aggregation techniques for cybersecurity decision-making. Useful for multi-source validation when tracking the rapidly evolving LLM security landscape.
Case Study:EQUIFAX
​
This case study of the EQUIFAX data breach attempts to outline the root cause of the incident, lessons for organisations, and recommendations. Two reports; The GAO report to Congress summarises the events regarding the breach and the steps taken by Equifax, and actions by federal agencies to respond to the breach; and the Committee on Oversight and Government Reform EQUIFAX breach report details the root causes, severe technical vulnerabilities, systemic failures, complacencies, massive accountability oversight, and poor mediation actions. Crucially, they provide recommendations covering technical aspects, organisational practices, communication and regulation.
Other articles and sources highlight the breach’s consequences and impact to Equifax, the industry and public at large, including massive economic costs, legal impacts, congressional scrutiny, governmental reforms and geo-political repercussions. Full report.
Cybersecurity Home Lab Architect - in progress
​
This home lab project builds a multi-layered virtual network using pfSense as a firewall to create isolated network zones (LAN, DMZ, and ATTACK networks) that house different virtual machines - Windows 11 in the trusted LAN, Ubuntu Server in the public-facing DMZ, and Kali Linux in the isolated ATTACK zone. Setting up firewall rules to control traffic between these zones, deploy a Wazuh SIEM server to collect and analyze security logs from all machines, and test the setup by running network scans to trigger security alerts. The project culminates in documenting everything in a GitHub repository with network diagrams and a detailed README, creating a portfolio piece that demonstrates practical skills in network segmentation, firewall management, security monitoring, and incident detection - all essential competencies for cybersecurity roles.
Case Study:NotPetya
​
The 2017 NotPetya cyberattack was a nation-state operation by Russia’s GRU/Sandworm group. It disguised itself as ransomware but was actually a destructive wiperware with no decryption option. The attack began via a supply chain compromise of Ukraine’s M.E.Doc tax software.It spread rapidly using EternalBlue, Mimikatz, PsExec, and WMI for lateral movement. NotPetya encrypted files and the Master Boot Record/Master File Table, crippling systems. Global damages reached an estimated $10 billion, hitting firms like Maersk, Merck, and FedEx. Ukraine’s infrastructure was strategically targeted during a national holiday. Lessons learned include attribution methods for nation-state threats. It highlighted supply chain vulnerabilities and third-party software risks. Key takeaway: third-party protection measures, distinguish real ransomware from destructive wipers. Defense strategies include timely patching, network segmentation, and monitoring of admin tools. Strong incident response and business continuity planning are critical for resilience.