Available for Opportunities

Shubham (Sam) Singla
SOC Team Leader · Cybersecurity Professional

SOC Team Leader at NAB in Melbourne — leading triage of 150+ security calls and alerts daily and improving incident response times by 20%. I also build security tooling and full-stack web apps.

150+security calls triaged daily20%faster incident response timesTeam LeaderNAB SOC, Melbourne
View ProjectsContact MeResume

Professional Experience

A timeline of my journey in Cybersecurity and IT Operations.

SOC Team Leader

NAB SOC
Oct 2025 - CurrentDocklands, VIC
  • Led SOC operations during high-volume periods, managing 150+ security calls and alerts daily.
  • Directed incident triage, escalation, and final resolution, ensuring SLA and client compliance.
  • Set priorities, allocated workloads, and guided the team to maintain operational efficiency.
  • Acted as the final authority on incident severity, response actions, and closure decisions.
  • Coordinated with stakeholders and clients to communicate incidents, remediation, and outcomes.

Cyber Security Analyst

Web Alive
June 2025 - Oct 2025South Yarra, VIC
  • Performed web app security testing on Web Commander, Events Booking, Exsited ERP, and Reed Events using Burp Suite Pro and manual testing (SQL, XSS).
  • Conducted data access control checks across role-based views in Events Booking.
  • Used Kali tools for directory, brute-forcing, and HTTP header analysis.
  • Ran Nessus scans to identify vulnerabilities across WebAlive's network.
  • Performed server setup with XCP-ng, Proxmox and VM creation on Rocky Linux 9.
  • Performed API testing using Postman and performed manual testing.

Security Operations Centre Operator

NAB SOC
Feb 2024 - Oct 2025Docklands, VIC
  • Managed over 150 calls daily, ensuring timely and effective response to security incidents.
  • Actioned tickets based on client needs, improving response times by 20%.
  • Provided technical support for security systems, enhanced functionality, and reliability.
  • Delivered excellent customer service, addressing client inquiries and concerns.
  • Implemented and monitored security protocols, resulting in a safer environment.

Featured Projects

A snapshot of recent work — security tools, marketplaces, and automation. Click a card to see the full development timeline.

View all projects

Scam Checker

Security

Privacy-first security tool that helps users spot online scams. It analyses text, emails, links, images, and files entirely client-side — no uploads, no tracking — and returns a weighted risk score with a breakdown of every flagged signal.

Next.jsTypeScriptTailwind CSSClient-side NLP+1
View Timeline
Visit Website

Time Locked PDF

Security

Time-restricted document access for exam papers and scheduled releases. Server-side time validation, signed URLs, and an embedded viewer that resists clock manipulation, replay attacks, and unauthorised downloads.

HTML/JSVercel FunctionsSigned URLsPDF.js
View Timeline
Visit Website

Crypto Trade Agent

AI

An AI-driven crypto signal terminal that auto-validates setups against live Binance market data and runs them through a server-side risk engine for paper trading. Built around a one-minute Vercel Cron heartbeat with anti-spam guardrails so noise never reaches the trade log.

Next.jsTypeScriptSupabaseBinance API+2
View Timeline
Visit Website

Groundlayer IT

Web App

Corporate web presence for an Australian IT solutions provider. Mobile-first marketing site with a hardened lead-capture flow, structured data, and 95+ Lighthouse scores across every page.

Next.jsReactTailwind CSSSendGrid+1
View Timeline
Visit Website

Auto Blog Scripts

Automation

Python automation that takes the friction out of running a blog: Markdown-to-HTML pipelines, image optimisation, scheduled publishing, and SEO metadata generation — all configurable through a single env file.

PythonPillowMarkdownAutomation+1
View Timeline

Autopost

Automation

Cross-platform social media automation. Schedules and ships content to Reddit, X, and LinkedIn with platform-aware formatting, OAuth-managed credentials, and a rate-limit-aware queue that keeps accounts in good standing.

PythonOAuth2REST APIsScheduling
View Timeline

From the Blog

Daily cybersecurity writing — incident analysis, vulnerability disclosures, and defensive playbooks.

All posts
When Your Hypervisor Takes a Nap: VMware ESXi's Sleepy Guest RCE (CVE-2024-22271)
Vulnerability
Jun 29, 202615 min read

When Your Hypervisor Takes a Nap: VMware ESXi's Sleepy Guest RCE (CVE-2024-22271)

This week, we're diving deep into a terrifying VMware ESXi vulnerability that lets a malicious guest VM escape and execute code on the host.

When Your Container Sandbox Becomes a Slip 'n Slide: Breaking Out with runC
Vulnerability
Jun 23, 202615 min read

When Your Container Sandbox Becomes a Slip 'n Slide: Breaking Out with runC

A critical runC vulnerability allows attackers to escape containers, turning a sandboxed environment into an attacker's playground.

CVE-2024-33250: The Latest Intel Graphics Driver Vulnerability
Vulnerability
Jun 11, 202610 min read

CVE-2024-33250: The Latest Intel Graphics Driver Vulnerability

Intel's latest graphics driver flaw

Core Skills

Tools and technologies I use to secure and build systems.

Cybersecurity Operations

Incident ResponseThreat DetectionRisk AssessmentComplianceMobile Testing

Technical Skills

Penetration TestingVulnerability AssessmentWeb App Security (Burp Suite)Linux AdministrationAPI Testing

Development & Tools

Scripting & AutomationVersion Control (Git)Network ConfigurationSDLC Awareness