Arthur Van Der Merwe
Never Stop Learning
- Sydney, Australia
I am a part-time Ph.D. Researcher in Cryptography at the University of New England, actively involved in cryptography and cryptology. a Member of the International Association for Cryptologic Research (IACR), AsiaCrypt, IEEE and Australian Information Security Association (AISA) while conducting research on white-box cryptography and mathematical modeling. Experienced Cybersecurity Consultant with a demonstrated history of working in the financial services industry with various vendors. Skilled in Cryptography, Cybersecurity and Payment platforms with a strong focus on data security and key management.
An active member of the International Organization for Standardization (ISO), serving on the technical committees for Financial Services, security, and cryptography (TC68/SC2/WG11&13). Also serving on Standards Australia, Technical committee IT-005, Financial Transaction Systems maintaining the AS2805 suite of Standards. I am an active member of the Payment Card Industry Security Standards Council (PCI-SSC) Technical Advisory Board / Committee, participating in their Pin Assessment Working Group (PAWG), Software Security Standards Working Group (S3) and Mobile Working Group (MWG).
Having a passion for learning, I am constantly exploring new technologies and reading the most recent research papers. My passion for research is clearly demonstrated in my personal blog. This is also clear from my willingness to help others in the security field. I have been well versed in the cryptography and policy field of Australia and hope to continue my momentum to make a substantial impact on the improvement of payments and security systems. I intend to do this by demonstrating business knowledge and a pragmatic approach to resolving organizational issues.
My personal projects include Research with the University of New England, where I evaluate mathematical models or tamper-proof and authenticated encryption schemes. Other projects include contributing to technical blogs and publishing papers on cryptography as well as a vast collection of code on GitHub.
Universal Composable: White-box Cryptography
Part-Time Research Candidate
Proactively manage and run compliance programs for the annual acquirer and issuer audits for card payment systems, ensuring integrity across submissions, and non-compliance exemptions.
Assess and manage the assessment of payment devices in their security capability and vulnerabilities, and approve devices and payment software which can be used in Australia.
Assess HSM evaluation reports and function sets for use in Australia ensuring vendors meet Australian and international cryptography standards.
Advise members (Banks, Acquirers, and Vendors) on security, compliance, and industry developments.
Promote innovative solutions to enter the Australian Payments market.
Define and manage industry Security and Standards Roadmaps ensuring industry security posture.
Manage industry projects to migrate cryptography mechanisms ensuring industry-wide and international interoperability.
Participate in industry groups, such as FIDO, Digital Identity, International Standards, ensuring frameworks and security are aligned with global best practices for authentication, cryptography, and privacy.
Advise industry security committees on security best practices and current vulnerabilities. Continually review industry security guidance and rules, aligning rules to industry best practices.
Present at Universities and Conferences on security-related topics, like AWS hacking, security awareness, and digital identity.
Working Groups, Committees and Memberships
Sit on Industry, National and International committees, defining security standards and evaluation requirements to secure payments and data. These committees include:
Several of my notable achievements are listed below:
Consulting for S1 Postillion
Consulting for Vodafone
Programming Languages: C#, Java, C, C++, Python
Web Frameworks: MVC, ASP.net, Web API, SignalR, Quartz,
Front End Frameworks: Bootstrap, NodeJs, Angular
Server Frameworks: Kafka, RabbitMQ, ActiveMQ, ZeroMQ, SQL, MySQL, Oracle
Networking: Fortinet, Cisco, F5, Dell, BGP
Encryption Hardware: Thales Payshield 9000, Thales nShield, Safenet Luna, Safenet PHEFT