Download PDF

Summary

"People don't buy what you do, they buy why you do it" - S.S

I take pride in learning from every experience, as even negative experiences harbor hidden lessons. Renowned for my technical acumen, I also possess the ability to adopt a strategic perspective on technologies, risks, and governance, and articulate these to C-level executives.

Driven by a passion for learning, I am continually seeking innovative approaches and considering their potential to disrupt the established order. This zeal for exploration is reflected in my blog and my contributions to UNE. With a robust foundation in security and technology, my efforts have significantly enhanced security, business, and technological frameworks, steering the industry towards safeguarding all Australians. My career is marked by a demonstrated understanding of business and a practical method for addressing industry, regulatory, and security challenges.

Currently, in my spare time I serve on various standards bodies, working with industry in standardising security at the foundational level, including

Australian Standards: 

  • IT-005 - Payment Financial Transaction Systems - Standards Australia,
  • IT-004 - Blockchain and distributed ledger - Standards Australia, 
  • IT-005-4 - Authentication and Security - Standards Australia, 
  • AS2805 Financial Standards Drafting Lead,
  • IT-043 - Artificial Intelligence - Standards Australia, 
  • IT-012 - Information Systems, Security and Identification Technology. Additionally, (ISO/IEC 27001)

ISO Standards: 

  • ISO/TC 68/SC 2/WG 13 Security in retail banking,
  • ISO/TC 68/SC 2/WG 11 Encryption algorithms used in banking,

Having extensive experience in technical cyber, theoretical cryptography, governance and risk management, people management, influencing and leadership.

Education

2025

PhD - Doctor of Philosophy

University of New England, Armidale, Australia

Symmetric Cryptography

Work History

2022Current

Senior Specialist - Cyber

Australian Securities and Intvestment Commission (ASIC)
  • Support projects and team planning activities, including cross ASIC reporting
  • Respond to incidents affecting ASIC's regulated population.
  • Support a team of regulatory and technology professionals
  • Liaise and engage with relevant ASIC teams to drive ASIC's Supervisory Cyber Strategy, including supervisory and enforcement actions
  • Identify and drive actions to improve cyber and operational resilience across ASIC/s regulated population
  • Act as a key ASIC contact and ensure APRA, CFR agency coordination and collaboration on cyber and operational resilience for co-regulated entities and delivery of agreed programs of work
  • Liaise and ensure coordination with other COFR members and Home Affairs
  • Provide strategic leadership support across ASIC on cyber and operational resilience related issues including policy and communications strategy for ASIC's broad regulated cohort
  • Define the work program, consistent with ASIC's strategic priorities for Markets and where appropriate cross agency initiatives
20182022

Security and Industry Compliance Manager - Security, Assessments, Standards and Compliance

Australian Payments Network (APCA)

I have extensive experience in Payment Acceptance Governance. I led the work aligning payment acceptance devices to the PCI SSC Standards. Additionally, I designed and implemented risk models to evaluate non-standard payment technology and the associated compliance risk assessment models.

I also actively participated in the design of secure APIs for Consumer Data Right (CDR) - Open Banking with Treasury and Data61. Furthermore, I designed and facilitated accreditation frameworks for digital identity for Trust ID - Digital Identity. I also created and implemented enforcement models for compliance regimes though industry sanctions tribunals.

Stakeholder Management is also an area of my expertise, where I manage various (third-party and internal) stakeholders, from technical experts to C-level executives. Moreover, I actively advise industry committees on emerging issues in payments and security for industry advisory committees, technical management and the board.

I have extensive experience managing and running compliance programs for the acquirer and issuer audits for card payment systems. I also assess payment devices' security capability and vulnerabilities ensuring vendors meet Australian and international cryptography standards though rigorous testing regimes, informed by industry frameworks.

I advised ADIs, technology providers and third parties on security, operational risks, compliance, and emerging industry developments. I also advise innovative (secure) solutions to enter the Australian payments market.

As part of my role, I defined and managed the industry security strategy and standards roadmaps, ensuring industry security posture. I am also an author and advisor for industry security standards development.

I participated in industry groups, such as FIDO, Digital Identity, and International Standards, ensuring frameworks and security are aligned with global best practices for authentication, cryptography, and privacy.

Additionally, I advise industry security committees on security best practices and current vulnerabilities. I also continually review industry security guidance and rules, aligning rules with industry best practices.

I sat on Industry, National, and international committees, defining security standards and evaluation requirements for secure systems.

 Industry PCI and EMV committees include PCI Security Standards Council (PCI-SSC)

  • PCI-SSC Technical Advisory Board, 
  • Payment Card Industry (PCI) PIN Transaction Security Working Group, PCI Software Security Standards Working Group
  • Payment Card Industry (PCI) Mobile Working EMV co - Tokenisation.
20172018

Principal Information Security, Consultant - Cryptography

Westpac Group
20012012

Various Software & Network Engineering and Cyber Security Roles