Arthur Van Der Merwe

Universal Composable: White-box Cryptography

Part-Time Research Candidate 

• Computer Science
• Secure Programming
• Distributed Processing Systems
• Cryptography

• Computer Science
• AS2805 Payments processing systems
• Cryptography

• Network Security
• Cryptography
• Mobile Security
• Secure Programming
• Emerging Threats & Defences

Industry Compliance

Proactively manage and run compliance programs for the annual acquirer and issuer audits for card payment systems, ensuring integrity across submissions, and non-compliance exemptions.

Assess and manage the assessment of payment devices in their security capability and vulnerabilities, and approve devices and payment software which can be used in Australia.

Assess HSM evaluation reports and function sets for use in Australia ensuring vendors meet Australian and international cryptography standards.

Advise members (Banks, Acquirers, and Vendors) on security, compliance, and industry developments.

Promote innovative solutions to enter the Australian Payments market.

Information Security

Define and manage industry Security and Standards Roadmaps ensuring industry security posture.

Manage industry projects to migrate cryptography mechanisms ensuring industry-wide and international interoperability.

Participate in industry groups, such as FIDO, Digital Identity,  International Standards, ensuring frameworks and security are aligned with global best practices for authentication, cryptography, and privacy.

Advise industry security committees on security best practices and current vulnerabilities. Continually review industry security guidance and rules, aligning rules to industry best practices.

Present at Universities and Conferences on security-related topics, like AWS hacking, security awareness, and digital identity.

Working Groups, Committees and Memberships

Sit on Industry, National and International committees, defining security standards and evaluation requirements to secure payments and data. These committees include:

• Payment Card Industry Security Standards Council (PCI-SSC) Technical Advisory Board
• Payment Card Industry (PCI) PIN Transaction Security Working Group 
• Payment Card Industry (PCI)-Software Security Standards Working Group 
• Payment Card Industry (PCI) Mobile Working Group (SPoC & CPoC)
• EMV co - Tokenisation
• AS2805 - Standards Australia - IT-005 Financial Transaction Systems
• Blockchain - Standards Australia - IT-005-4  Authentication and Security
• ISO/TC 68/SC 2/WG 13 Security in retail banking, Member
• ISO/TC 68/SC 2/WG 11 Encryption algorithms used in banking, Member applications
• AusPayNet HSM/SCM Working Group Drafting Lead
• AusPayNet Management member: Technical Sub-Security Committee
• AusPayNet Management member: Technical Security Committee
• Standards Australia. IT-005, AS2805 Standards Drafting Lead

• Compliance
  • APCA Compliance for Payments HSMs across the Westpac
• Core Technologies
  • Python / C# / Web API
  • Gemalto Key Secure
  • Gemalto ProtectV Manager
  • Gemalto Protect File
  • Gemalto Protect App
  • Thales nShield HSM
  • Gemalto Luna HSM
  • Gemalto PHEFT Payments HSM
• Lead BAU operation for Hybrid Cloud Encryption
  • Develop client on-boarding procedures
  • Maintain transparent encryption procedures for 3000 + servers
  • 24/7 support roster and on-call operations
  • Support lead for escalation of platform issues and resolutions.
• Build and maintain HSM infrastructure
  • Thales nShield (x8), Safenet PHEFT (x16), Safenet Luna (x8) build and maintenance.
  • Key operations and procedures for Public Key Infrastructure and Payments (Base 24) platforms
  • VISA Pin Audit policies and procedures.
• Key Management Infrastructure
  
  • Gemalto KeySecure platform build and support
  • Develop client on-boarding procedures for key management
  • Folder and file-based encryption procedures
  •   Optimizing operations with Python and Perl scripting.

• Core Technologies
  • C#, Python
  • PKI Infrastructure
  • ASP.Net, Winforms
  • MVC4 , MVC5, Asp.net Core
  • Web API, Secure Sockets
  • Entity Framework
  • AngularJS, JavaScript, HTML5, CSS3
  • Source Control, Git
  • SQL Server, MySQL, Oracle
  • Azure and AWS
  • Continuous Integration (CI) with TFS
  • Test-Driven Development (TDD)
  • Thales Payshield 9000 HSM
• Build and Manage custom-built Payments Platforms
•  
  • Promote and drive a strong risk culture that ensures that risk/reward considerations are integral to business decisions making and support the delivery of business objectives
  • Review new business opportunities ensuring that key operational risks are identified and managed
  • Develop and maintain a roadmap of product development
  • Lead continuous improvement initiatives
  • Maintain and Research current payments trends ( i.e.tokenization)
  • Maintain PA DSS policies within the Payment Processing Platforms.
  • Implement and Manage Regulatory policies and mandated by VISA and MasterCard.
  • Develop business cases for the inclusion of features within switching platforms.
  • Maintain ATM and EFTPOS network processing and monitoring systems.
• Manage and Maintain Customer Management Systems
  • Elicit requirements from business to maintain product plan and future roadmap.
  • Maintain prioritization of features and lead requirements gathering.
  • Lead workshops for business and process improvement initiatives.
  • Document Requirements using formal methods
• Manage and Maintain IT Infrastructure
  • Develop  and implement processes and procedures for Managing the Infrastructure
    • PCI DSS Policies and Procedures
    • Operational Policies and Procedures
    • VISA / Mastercard Pin Compliance policies
    • Maintain a strong culture to automate compliance and regulatory requirements.
• Manage Software Development Team
  • Maintain backlog of development items and reprioritize as required.
  • Develop statistics on the maintainability of systems.
  • Produce metrics of development team performance and progression of projects.
  • Drive technical training within the unit.
  • Evaluate new technologies and market research. 
  • Implement and maintain Change Management Processes and Procedures.
• Manage and Maintain Cryptographic Infrastructure
  • HSM Management and development of policies and procedures
    • Key custodian & generation & maintenance policies and procedures.
  • Manage PKI Infrastructure
  • Manage Cloud and remote encryption capability.
  • Manage device security

Several of my notable achievements are listed below:

• Starting with a clean slate of no existing software, Architected a new codebase implemented with .NET and C#
• Championed technical innovation in the User Interface Design to facilitate production test and compliment new measurement techniques
• Led team to develop a new product platform and family of multi-channel world-class transaction processing and monitoring systems.
• Introduced Agile into a willing environment

• Stabilized custom integration process by creating a QA department and testing procedures.
• Created and documented multiple API's to ease the integration process for clients.
• Spear-Headed the implementation of the company's first-ever disaster recovery system to ensure minimal productivity loss.
• Developed and implemented new customized product to process   transactions for large deployers.
• Managed portfolio of programs/projects.
• Maintained ISO and VAR relationships as well as vendor selection.
• Performed audits at Data Center
• Redesigned and architected several existing components in the system
• Lead the design and architecture activities for all new development work
• Defined and enforced development, build and release processes
• Evaluated server software and helped in the decision making process for retooling the application to consolidate technologies

Core Technologies

• C# , Python, Mendix
• ASP.Net 
• MVC4 
• Web API
• Entity Framework
• AngularJS, JavaScript, HTML5, CSS3
• Source Control, Git
• SQL Server, MySQL, Oracle
• Azure and AWS
• Continuous Integration (CI) with TFS
• Test Driven Development (TDD)
• Continued PCI Compliance Reporting

• Model business processes using contemporary tools and methods
• Evaluate risk and decision modelling platforms
• Review developer code, and produce metrics for maintainability.
• Develop and Maintain business processes for development team.

• Core Technologies
  • C# , Python, Delphi
  • AngularJS, JavaScript, HTML5, CSS3
  • Source Control, Git
  • SQL Server, MySQL, Oracle
  • Azure and AWS
  • Continuous Integration (CI) with TFS
  • Test Driven Development (TDD)
• Architect and Develop Payments Processing Platforms
• Implement EMV processing with Postbridge
• Maintain and develop policies and procedures 
• Maintain and Develop PCI and PA DSS Policies and procedures
• Maintain a culture to ensure continued compliance.

• Core Technologies
  • C# ,VB.net 
  • ASP.Net 
  • MVC, Webforms, Winforms
  • Web Services
  • Entity Framework
  • AngularJS, JavaScript, HTML5, CSS3
  • Source Control, Git
  • SQL Server, MySQL, Oracle
  • Azure and AWS
  • Continuous Integration (CI) with TFS
  • Test Driven Development (TDD)

Consulting for S1 Postillion

•  Postbridge and Real Time Framework enhancements
• Source and Sink Node Templating
• ISO adapter  enhancements for spdh and AS messaging

Consulting for Vodafone

• Dynamic call routing systems with Genesys and Avaya
• Implemented and Distributed telephony routing systems.

Other Activities:

• Developer Architecture and OO Training
• Billing systems consulting
• Development Management