About Me

I am David Cao, an IT graduate based in Tasmania. I am building my path in cybersecurity, mostly around security operations, GRC, risk documentation, and the practical work of keeping systems understandable before they become expensive mysteries.

In security operations, I care about clarity. Alerts, logs, vulnerabilities, tickets, and controls only become useful when someone can work out what happened, what matters, and what should happen next. A noisy dashboard is not intelligence. It is just a Christmas tree with anxiety.

On the GRC side, I treat risk and compliance as working systems, not paperwork theatre. Policies, controls, exceptions, evidence, and audit notes should help people make better decisions. If a document only exists to survive an audit and dies immediately after, something has gone wrong.

My working style is direct and evidence-based. I like breaking large problems into smaller pieces, checking the assumptions, writing down the reasoning, and building workflows that someone else could follow without needing a ritual. I use AI heavily, but not as a magic box. More like a second monitor with opinions: fast, useful, occasionally wrong, and always needing review.

Outside security, I like product design, interface systems, automation, and small tools that solve real problems. I also like pixel interfaces, old handheld console aesthetics, fishing, hardware tinkering, and projects that mix data, judgement, and a bit of controlled disorder.