Arpit Dahal

ICT Systems Administrator | Cloud Security, Compliance & MSP Governance

Arpit Dahal

Sole IT practitioner governing cloud-only Microsoft infrastructure across 6 sites. Led ISO 27001 certification, Essential Eight ML1 enforcement, DISP compliance, and MSP onboarding for a national infrastructure company servicing NextDC, Microsoft, and Amazon data centres.

6Sites Supported

Sole IT practitioner across cloud-only Microsoft infrastructure nationwide.

ISO 27001 + E8 ML1Compliance Frameworks

ISO 27001 certified with Essential Eight Maturity Level 1 achieved.

8Controls Enforced

AppLocker fleet-wide, ML1 application control complete.

99.9%System Uptime

Maintaining high availability across enterprise infrastructure.

Selected Projects

01
GRC / Security

Essential Eight ML1: AppLocker Enforcement

Context

As sole IT practitioner, Alliance SI needed to achieve Essential Eight Maturity Level 1 application control fleet-wide with no downtime budget and full audit readiness.

Role & Action

Designed a 45-rule AppLocker EXE policy and built Intune Proactive Remediation scripts to deploy and maintain it. Ran a phased pilot through audit mode to fleet-wide enforcement, managing an exception register throughout.

Outcome

Achieved fleet-wide ML1 application control with zero production downtime, audit-ready and enforced across the full endpoint estate.

Essential EightAppLockerIntuneProactive RemediationACSC
02
GRC / Security

MSP Onboarding & Governance

Context

Alliance SI engaged a managed services provider, requiring technical onboarding, access governance, and alignment to DISP and Essential Eight obligations.

Role & Action

Led technical onboarding of the incoming MSP: provisioned Entra B2B access, Azure RBAC, Meraki, and 8x8 for MSP engineers. Authored the RACI matrix and ML1 sprint plan. Coordinating the 8x8-to-Teams Operator Connect telephony migration.

Outcome

MSP operational and aligned to DISP and Essential Eight obligations, with clear governance boundaries and a structured compliance sprint in place.

MSP GovernanceEntra B2BAzure RBACOperator ConnectDISP
03
GRC / Security

ISO 27001 Certification & DISP Compliance

Context

Alliance SI pursued ISO 27001 certification and Defence Industry Security Program (DISP) compliance to service major data centre clients including NextDC, Microsoft, and Amazon.

Role & Action

Led the full technical execution of ISO 27001 controls: Entra Conditional Access policies, Defender for Endpoint deployment, Microsoft Sentinel SIEM configuration, PAM implementation, and systematic audit evidence collection. Aligned operational practices with DISP requirements across identity, endpoints, and network layers.

Outcome

Achieved full company ISO 27001 certification in record time while meeting strict DISP compliance requirements, enabling Alliance SI to win Defence contracts.

ISO 27001DISPConditional AccessDefender for EndpointMicrosoft SentinelPAM
04
Automation

Visitor Management System at Alliance SI

Context

Alliance SI required a compliant visitor management solution for Defence contract sites, replacing manual logbooks with an auditable digital workflow.

Role & Action

Architected a custom VMS using Power Automate and PowerApps with SharePoint backend. Automated check-in/out workflows, policy acknowledgment, and compliance reporting for 500+ annual visitors.

Outcome

Eliminated manual logbooks entirely, ensuring strict Defence contract compliance with full audit trails and automated notifications.

Power AutomatePowerAppsSharePointDefence Compliance
05
Infrastructure

Corporate Office Network Build

Context

Alliance SI's new corporate office required a complete network infrastructure build from scratch with day-one connectivity for all staff.

Role & Action

Engineered the entire network setup end-to-end: ISP negotiation, Meraki firewall configuration, VLAN segmentation, and Wi-Fi optimization across the office floor.

Outcome

Delivered full day-one connectivity for all staff with a secure, segmented network architecture meeting enterprise and Defence standards.

Meraki/CiscoVLANsFirewallWi-FiNetwork Security
06
Cloud / MDM

SCCM to Intune Migration at NRMA

Context

NRMA's 2,000+ staff hybrid environment needed modernisation from legacy SCCM to cloud-native Intune for endpoint management.

Role & Action

Led the migration of 500+ endpoints from SCCM to Microsoft Intune. Designed compliance policies and configuration profiles. Acted as macOS infrastructure SME ensuring seamless Apple device integration.

Outcome

Reduced device provisioning time by 40% and established a modern, cloud-native endpoint management platform across the organisation.

IntuneSCCMMDM/MAMmacOSCompliance Policies
07
Mobile Dev

Trading Journal App: Android & Web (Published)

Context

Developed a Forex trading journal application to help active traders track performance, analyse patterns, and improve discipline, spanning mobile, web, and AI-assisted automation.

Role & Action

Built the full application lifecycle from concept to Google Play Store release and web version launch. Integrated TradingView Advanced Charts, Firebase backend, and a RevenueCat Pro subscription tier. Built an n8n automation pipeline with Claude Vision for screenshot import and trade logging.

Outcome

Published on Google Play Store with a live web version, subscription monetisation via RevenueCat, and AI-powered screenshot import, demonstrating full-stack development and AI integration capability.

Android StudioFirebaseTradingViewRevenueCatn8nClaude Vision
08
Lab / R&D

Enterprise Home-lab Environment

Context

Self-directed initiative to master Windows enterprise patterns and security testing outside production constraints.

Role & Action

Engineered a virtualised enterprise environment using Windows Server 2019/2022 as Domain Controller. Built a complete AD forest with RBAC, 15+ custom GPOs, DNS/DHCP/File Services, Pi-hole DNS filtering, IIS hosting, and PowerShell automation sandbox.

Outcome

Deepened practical understanding of identity lifecycle, Group Policy inheritance, and network security, directly applying concepts to production troubleshooting.

Active DirectoryWindows ServerGPODNS/DHCPPowerShell
09
Security Ops

Network Defense & Remediation Cycle

Context

Simulation of a corporate network breach to understand the attacker lifecycle and validate defense efficacy.

Role & Action

Conducted controlled pentests (Kali, Nmap, Metasploit) against a lab AD environment. Identified vulnerabilities, then switched to Blue Team to implement detection rules and harden gaps.

Outcome

Closed the attack-defense loop. Developed a threat-actor perspective that informs more effective system hardening and alert prioritisation.

Kali LinuxVulnerability ManagementMetasploitHardening
010
Research

CVE-2025-32462 Vulnerability Analysis

Context

Technical deep-dive into a local privilege escalation vulnerability in sudo to understand exploit mechanics and patching.

Role & Action

Replicated the vulnerability in a controlled environment. Documented the escalation path and tested vendor mitigation strategies.

Outcome

Produced technical documentation demonstrating the importance of timely patching and least privilege, suitable for peer review.

Vulnerability ResearchPrivilege EscalationLinux SecurityPatch Management

Technical Capabilities

A balanced mix of infrastructure stability, cloud modernization, and security operations.

Cloud & Identity

  • Microsoft Azure
  • Entra ID (Azure AD)
  • Microsoft Intune (MDM/MAM)
  • Microsoft 365 (Exchange, SharePoint, Teams)
  • Operator Connect (Teams)
  • Zero Trust Architecture

Security & Compliance

  • Essential Eight (ACSC)
  • ISO 27001 Compliance
  • DISP (Defence Industry)
  • Microsoft Sentinel
  • Defender for Endpoint
  • AppLocker / WDAC
  • Incident Response & Escalation

Infrastructure & Networking

  • Firewalls (Meraki/Cisco)
  • DNS, DHCP, VPN, VLANs
  • Windows Server 2019/2022
  • Active Directory & Group Policy
  • Linux (Kali, Ubuntu)

Automation & Development

  • Power Automate & PowerApps
  • n8n Workflow Automation
  • PowerShell & Bash Scripting
  • Java, JavaScript/TypeScript
  • Next.js, HTML/CSS
  • Android Studio & Firebase

Platforms & Tools

  • N-central RMM
  • ServiceNow, Jira, Atera
  • Smartsheets, Simpro
  • GitHub, Cloudflare
  • Virtualisation (VMware/Hyper-V)
  • Nmap, Metasploit, Wireshark

About Me

I am the ICT Systems Administrator at Alliance SI, a national network infrastructure company servicing major data centre clients including NextDC, Microsoft, and Amazon. As the sole IT practitioner, I govern end-to-end cloud-only Microsoft infrastructure across 6 sites, spanning identity, endpoints, security, and compliance.

My recent work goes well beyond day-to-day administration. I enforced Essential Eight ML1 application control fleet-wide via AppLocker and Intune, led technical onboarding of our managed services provider (RACI, Entra B2B, Azure RBAC, Operator Connect migration), and delivered ISO 27001 certification with DISP alignment using Conditional Access, Defender for Endpoint, Sentinel SIEM, and PAM. I also build Power Platform automations and n8n/AI-assisted workflows to eliminate manual overhead.

I am targeting the IT Manager track. My Essential Eight, DISP, and MSP governance work positions me to lead security and infrastructure teams, not just operate them. Previously at NRMA, I led the migration of 500+ endpoints from SCCM to Intune across a 2,000+ staff hybrid environment and served as the macOS infrastructure SME.

Experience

ICT Systems Administrator at Alliance SI

May 2025 - Present · Artarmon, NSW

Service Desk Analyst at NRMA

Dec 2022 - May 2025 · Sydney Olympic Park, NSW

Technical Support Specialist at Renew IT

Dec 2021 - Dec 2022 · Parramatta, NSW

Education & Certifications

Certified in Cybersecurity (CC)

ISC2 · 2025

Bachelor of Information Technology

Major in Networking · 2019

RoleICT Systems Administrator
CompanyAlliance SI
LocationAllawah, NSW, Australia
FocusCloud Security, Compliance & MSP Governance
CertificationISC2 CC · ISO 27001 · E8 ML1

Ready to Connect?

I am open to IT Manager, Cloud Security, and Defence-sector infrastructure roles. My Essential Eight, DISP, and MSP governance work positions me to lead security and infrastructure teams.