Printing tool Download PDF

Summary

I am a part-time Ph.D. Researcher in Cryptography at the University of New England, actively involved in cryptography and cryptology.  a Member of the International Association for Cryptologic Research (IACR), AsiaCrypt, IEEE and Australian Information Security Association (AISA) while conducting research on white-box cryptography and mathematical modeling. Experienced Cybersecurity Consultant with a demonstrated history of working in the financial services industry with various vendors. Skilled in Cryptography, Cybersecurity and Payment platforms with a strong focus on data security and key management.

An active member of the International Organization for Standardization (ISO), serving on the technical committees for Financial Services, security, and cryptography (TC68/SC2/WG11&13). Also serving on Standards Australia, Technical committee IT-005, Financial Transaction Systems maintaining the AS2805 suite of Standards. I am an active member of the Payment Card Industry Security Standards Council (PCI-SSC) Technical Advisory Board / Committee, participating in their Pin Assessment Working Group (PAWG), Software Security Standards Working Group (S3) and Mobile Working Group (MWG).

Having a passion for learning, I am constantly exploring new technologies and reading the most recent research papers. My passion for research is clearly demonstrated in my personal blog. This is also clear from my willingness to help others in the security field. I have been well versed in the cryptography and policy field of Australia and hope to continue my momentum to make a substantial impact on the improvement of payments and security systems. I intend to do this by demonstrating business knowledge and a pragmatic approach to resolving organizational issues.

My personal projects include Research with the University of New England, where I evaluate mathematical models or tamper-proof and authenticated encryption schemes.  Other projects include contributing to technical blogs and publishing papers on cryptography as well as a vast collection of code on GitHub.

Education

PhD - Doctor of Philosophy

University of New England, Armidale, Australia

Universal Composable: White-box Cryptography

Part-Time Research Candidate 

Work History

2018Present

Manager - Information Security and Compliance

Australian Payments Network (APCA)

Industry Compliance

Proactively manage and run compliance programs for the annual acquirer and issuer audits for card payment systems, ensuring integrity across submissions, and non-compliance exemptions.

Assess and manage the assessment of payment devices in their security capability and vulnerabilities, and approve devices and payment software which can be used in Australia.

Assess HSM evaluation reports and function sets for use in Australia ensuring vendors meet Australian and international cryptography standards.

Advise members (Banks, Acquirers, and Vendors) on security, compliance, and industry developments.

Promote innovative solutions to enter the Australian Payments market.

Information Security

Define and manage industry Security and Standards Roadmaps ensuring industry security posture.

Manage industry projects to migrate cryptography mechanisms ensuring industry-wide and international interoperability.

Participate in industry groups, such as FIDO, Digital Identity,  International Standards, ensuring frameworks and security are aligned with global best practices for authentication, cryptography, and privacy.

Advise industry security committees on security best practices and current vulnerabilities. Continually review industry security guidance and rules, aligning rules to industry best practices.

Present at Universities and Conferences on security-related topics, like AWS hacking, security awareness, and digital identity.

Working Groups, Committees and Memberships

Sit on Industry, National and International committees, defining security standards and evaluation requirements to secure payments and data. These committees include:

  • Payment Card Industry Security Standards Council (PCI-SSC) Technical Advisory Board
  • Payment Card Industry (PCI) PIN Transaction Security Working Group 
  • Payment Card Industry (PCI)-Software Security Standards Working Group 
  • Payment Card Industry (PCI) Mobile Working Group (SPoC & CPoC)
  • EMV co - Tokenisation
  • AS2805 - Standards Australia - IT-005 Financial Transaction Systems
  • Blockchain - Standards Australia - IT-005-4  Authentication and Security
  • ISO/TC 68/SC 2/WG 13 Security in retail banking, Member
  • ISO/TC 68/SC 2/WG 11 Encryption algorithms used in banking, Member applications
  • AusPayNet HSM/SCM Working Group Drafting Lead
  • AusPayNet Management member: Technical Sub-Security Committee
  • AusPayNet Management member: Technical Security Committee
  • Standards Australia. IT-005, AS2805 Standards Drafting Lead
20172018

Principal Information Security, Consultant - Cryptography

Westpac Group
  • Compliance
    • APCA Compliance for Payments HSMs across the Westpac
  • Core Technologies
    • Python / C# / Web API
    • Gemalto Key Secure
    • Gemalto ProtectV Manager
    • Gemalto Protect File
    • Gemalto Protect App
    • Thales nShield HSM
    • Gemalto Luna HSM
    • Gemalto PHEFT Payments HSM
  • Lead BAU operation for Hybrid Cloud Encryption
    • Develop client on-boarding procedures
    • Maintain transparent encryption procedures for 3000 + servers
    • 24/7 support roster and on-call operations
    • Support lead for escalation of platform issues and resolutions.
  • Build and maintain HSM infrastructure
    • Thales nShield (x8), Safenet PHEFT (x16), Safenet Luna (x8) build and maintenance.
    • Key operations and procedures for Public Key Infrastructure and Payments (Base 24) platforms
    • VISA Pin Audit policies and procedures.
  • Key Management Infrastructure
    • Gemalto KeySecure platform build and support
    • Develop client on-boarding procedures for key management
    • Folder and file-based encryption procedures
    •   Optimizing operations with Python and Perl scripting.

2012 2017

Senior Manager - Information Security, IT & Software Development

Cashpoint Payment Solutions & SwitchLink Financial Processing
  • Core Technologies
    • C#, Python
    • PKI Infrastructure
    • ASP.Net, Winforms
    • MVC4 , MVC5, Asp.net Core
    • Web API, Secure Sockets
    • Entity Framework
    • AngularJS, JavaScript, HTML5, CSS3
    • Source Control, Git
    • SQL Server, MySQL, Oracle
    • Azure and AWS
    • Continuous Integration (CI) with TFS
    • Test-Driven Development (TDD)
    • Thales Payshield 9000 HSM
  • Build and Manage custom-built Payments Platforms
  •  
    • Promote and drive a strong risk culture that ensures that risk/reward considerations are integral to business decisions making and support the delivery of business objectives
    • Review new business opportunities ensuring that key operational risks are identified and managed
    • Develop and maintain a roadmap of product development
    • Lead continuous improvement initiatives
    • Maintain and Research current payments trends ( i.e.tokenization)
    • Maintain PA DSS policies within the Payment Processing Platforms.
    • Implement and Manage Regulatory policies and mandated by VISA and MasterCard.
    • Develop business cases for the inclusion of features within switching platforms.
    • Maintain ATM and EFTPOS network processing and monitoring systems.
  • Manage and Maintain Customer Management Systems
    • Elicit requirements from business to maintain product plan and future roadmap.
    • Maintain prioritization of features and lead requirements gathering.
    • Lead workshops for business and process improvement initiatives.
    • Document Requirements using formal methods
  • Manage and Maintain IT Infrastructure
    • Develop  and implement processes and procedures for Managing the Infrastructure
      • PCI DSS Policies and Procedures
      • Operational Policies and Procedures
      • VISA / Mastercard Pin Compliance policies
      • Maintain a strong culture to automate compliance and regulatory requirements.
  • Manage Software Development Team
    • Maintain backlog of development items and reprioritize as required.
    • Develop statistics on the maintainability of systems.
    • Produce metrics of development team performance and progression of projects.
    • Drive technical training within the unit.
    • Evaluate new technologies and market research. 
    • Implement and maintain Change Management Processes and Procedures.
  • Manage and Maintain Cryptographic Infrastructure
    • HSM Management and development of policies and procedures
      • Key custodian & generation & maintenance policies and procedures.
    • Manage PKI Infrastructure
    • Manage Cloud and remote encryption capability.
    • Manage device security

Several of my notable achievements are listed below:

  • Starting with a clean slate of no existing software, Architected a new codebase implemented with .NET and C#
  • Championed technical innovation in the User Interface Design to facilitate production test and compliment new measurement techniques
  • Led team to develop a new product platform and family of multi-channel world-class transaction processing and monitoring systems.
  • Introduced Agile into a willing environment
  • Stabilized custom integration process by creating a QA department and testing procedures.
  • Created and documented multiple API's to ease the integration process for clients.
  • Spear-Headed the implementation of the company's first-ever disaster recovery system to ensure minimal productivity loss.
  • Developed and implemented new customized product to process   transactions for large deployers.
  • Managed portfolio of programs/projects.
  • Maintained ISO and VAR relationships as well as vendor selection.
  • Performed audits at Data Center
  • Redesigned and architected several existing components in the system
  • Lead the design and architecture activities for all new development work
  • Defined and enforced development, build and release processes
  • Evaluated server software and helped in the decision making process for retooling the application to consolidate technologies
20122012

Software Manager

Digital Visual Technologies - Direct Axis

Core Technologies

  • C# , Python, Mendix
  • ASP.Net 
  • MVC4 
  • Web API
  • Entity Framework
  • AngularJS, JavaScript, HTML5, CSS3
  • Source Control, Git
  • SQL Server, MySQL, Oracle
  • Azure and AWS
  • Continuous Integration (CI) with TFS
  • Test Driven Development (TDD)
  • Continued PCI Compliance Reporting
  • Model business processes using contemporary tools and methods
  • Evaluate risk and decision modelling platforms
  • Review developer code, and produce metrics for maintainability.
  • Develop and Maintain business processes for development team.
20062012

Senior Financial Systems Manager

Spark ATM Systems
  • Core Technologies
    • C# , Python, Delphi
    • AngularJS, JavaScript, HTML5, CSS3
    • Source Control, Git
    • SQL Server, MySQL, Oracle
    • Azure and AWS
    • Continuous Integration (CI) with TFS
    • Test Driven Development (TDD)
  • Architect and Develop Payments Processing Platforms
  • Implement EMV processing with Postbridge
  • Maintain and develop policies and procedures 
  • Maintain and Develop PCI and PA DSS Policies and procedures
  • Maintain a culture to ensure continued compliance.
20062008

Solutions Architect - Application Solutions

DImension Data - Africa & Asia
  • Core Technologies
    • C# ,VB.net 
    • ASP.Net 
    • MVC, Webforms, Winforms
    • Web Services
    • Entity Framework
    • AngularJS, JavaScript, HTML5, CSS3
    • Source Control, Git
    • SQL Server, MySQL, Oracle
    • Azure and AWS
    • Continuous Integration (CI) with TFS
    • Test Driven Development (TDD)

Consulting for S1 Postillion

  •  Postbridge and Real Time Framework enhancements
  • Source and Sink Node Templating
  • ISO adapter  enhancements for spdh and AS messaging

Consulting for Vodafone

  • Dynamic call routing systems with Genesys and Avaya
  • Implemented and Distributed telephony routing systems.

Other Activities:

  • Developer Architecture and OO Training
  • Billing systems consulting
  • Development Management
20012005

Software Developer

Ferreira Technologies

Technologies I am Comfortable with

Programming Languages:  C#, Java, C, C++, Python

Web Frameworks:  MVC, ASP.net, Web API, SignalR, Quartz,

Front End Frameworks:  Bootstrap, NodeJs, Angular

Server Frameworks: Kafka, RabbitMQ, ActiveMQ, ZeroMQ, SQL, MySQL, Oracle

Networking: Fortinet, Cisco, F5, Dell, BGP

Encryption Hardware: Thales Payshield 9000, Thales nShield, Safenet Luna, Safenet PHEFT 

Hobbies

  • Research: Homomorphic, Bilinear Maps and Lattice-based cryptography schemes
  • Research: Secure Multi-Party Protocols
  • Research: Oded Goldreich Secure Multiparty Computations for E-Voting
  • Outdoor:  Fishing
  • Outdoor: Astrology