Craig Steven Wright

Current

• Chief Software Officer, Director at Integyrs Pty Ltd
• Director at Information Defense Pty Ltd
• VP, Asia Pac at Whitehats Conference

• Technical Director at GIAC
• Trustee at The Uniting Church (NSW) Trust Association Limited
• Mentor and Stay Sharp Instructor at SANS Institute
• Author and Technical Editor at Various Publishers

see less...

4 more...

Past

• Associate Director (Risk Services) at BDO
• Chief Research Officer (1-100 Employees, R and D Company) at Ridges Estate
• Managing Director at DeMorgan

• Information Security at Australian Stock Exchange
• Corporate Accounts Manager at OzEmail
• Network Manager at Corporate Express (WPA)
• All sorts at WPA
• Executive Chef at C&C Catering

see less...

5 more...

Education

• Charles Sturt University
• Charles Sturt University
• Charles Sturt University

• Northumbria University
• Charles Sturt University
• University of Newcastle
• Sans Institute
• Charles Sturt University
• Charles Sturt University
• Guess (I am an ex-chatholic who is now involved in the UC)
• Fuel Sciences
• Nuclear Physics
• University of Queensland
• Padua College
• IT - Summary of qualifications and achievements
• SANS Institute

see less...

13 more...

Recommended

9 people have recommended Craig Steven

Connections

408 connections

Industry

Information Technology and Services

Websites

• My Blog
• Newspaper
• Interview

Craig Steven Wright’s Summary

I am a bit of an academic junkie and go from degree to degree as a sort of hobby, so this all adds to the level of being over-qualified for most things.

I completed the GSE-Malware exam last year to add to the GSE-Compliance credential I completed earlier. Next the GSE for the hat-trick. This will be in Sept 2009.

Craig is one of the most highly qualified digital forensic practitioners globally. With over 10 years of direct digital forensic experience and more than 20 years in IT Security generally, Craig has not only worked to develop many of the techniques in common practice, but is also working to expand the field of knowledge. On top of this, he has completed his LLM (with Commendation).

In addition to his consulting engagements Craig has also authored several books and articles on digital forensics. He is a co-author of “The Official CHFI Study Guide” and is a co-author of the CISSP-ISSMP Handbook to be released in Sept 2008 by ISC2.

Please have a look at the attached links for further information:
http://www.cio.com.au/index.php/id;1211013697
http://www.infoage.idg.com.au/index.php?id=1151410747
http://www.storefrontbacktalk.com/story/080505securityaudits.php

Also following this email are examples of papers and books I have authored including:
The Official CHFI Study Guide (Exam 312-49) (Paperback)
http://www.amazon.com/Official-CHFI-Study-Guide-312-49/dp/1597491977

And I have also published in a copy of the IRMA Risk journal of the British Computer Society.

I have completed work under the attorney general’s CNVA (Critical Network Vulnerability Assessment) Programme and am contracted to several chapters of a book being released next year on “Critical Infrastructure Protection”.

I am a SANS Instructor with the Stay Sharp Programme and a SANS Mentor:

I currently hold the most SANS/GIAC accreditations globally and am the first person to achieve the GSE specialising in Compliance.

Craig Steven Wright’s Specialties:

IT Security and Risk
Digital Forensics
Security systems design
IT Audit
Systems implementation
Staff training and Mentoring
Cross functional Team Development
Policy and Procedural development,
Business Process Analysis

Risk Analysis
SAS
Financial Systems
Data Mining
Quantitative risk analysis and actuarial design
Marketing survey analysis
Analysis of Account for Fraud Detection
Continuous Audit
Anti-Money Laundering/Counter Terrorism Funding
BASEL II Risk Reviews

Craig Steven Wright’s Experience

• Chief Software Officer, Director

  Integyrs Pty Ltd

  (Computer Software industry)

  March 2009 — Present (9 months)

  Algorithmic and Secure Software design and code analysis

• Director

  Information Defense Pty Ltd

  (Information Technology and Services industry)

  January 2009 — Present (11 months)

  Digital Forensics, Information and Data Protection Services.
  
  Information Defense provides the knowledge and skills to ensure that your data remains safe, secure and accurate. Like most companies of our class, we provide services to defend against cyber crime and online fraud. Unlike most (if not all) we also have the skills to ensure that your data is accurate. Combining the highest level of digital forensic, information security and statistical skills in a single entity allows us to offer you the solution that you need to ensure that your data is safe.

• VP, Asia Pac

  Whitehats Conference

  (Events Services industry)

  April 2008 — Present (1 year 8 months)

  Whitehats Conference brings together innovative, ground-breaking information security technologies, and also provides access to leaders, experts, and luminaries in the IT security field. Whitehats Conference delivers knowledge, critical insight, and awareness into current and emerging whitehat technologies, organizations, and trends, and explores their potential impact on business environments.

• Technical Director

  GIAC

  (Education Management industry)

  2007 — Present (2 years )

  I am a SANS Technical Director
  I am on the GIAC Ethics Board

• Trustee

  The Uniting Church (NSW) Trust Association Limited

  (Banking industry)

  December 2007 — Present (2 years )

  United Financial Services Trustee
  Financial services are provided by The Uniting Church (NSW) Trust Association Limited ACN 000 022 480, ABN 89 725 654 978, AFSL 292186 and by The Uniting Church in Australia Property Trust (NSW)

• Mentor and Stay Sharp Instructor

  SANS Institute

  (Information Technology and Services industry)

  2007 — Present (2 years )

• Author and Technical Editor

  Various Publishers

  (Publishing industry)

  December 1999 — Present (10 years )

  I am working on the legal section of the CISSP/ISSMP handbook for ISC2 and a book on MMC (Syngress) - Mobile Malicious Code. At the moment.
  
  My latest book to be released is:
  "The IT Regulatory and Standards Compliance Handbook:
  How to Survive Information Systems Audit and Assessments"
  
  Publisher: Syngress (June 21, 2008)
  Language: English
  ISBN-10: 1597492663
  ISBN-13: 978-1597492669
  http://www.amazon.com/Regulatory-Standards-Compliance-Handbook-Information/dp/1597492663

• Associate Director (Risk Services)

  BDO

  (Public Company; Accounting industry)

  October 2004 — January 2009 (4 years 4 months)

  Security risk assessments, (Based on HIPPA, AS/NZS 4360 and various sections of the financial services legislation),
  
  Project managed the implementation of a secure remote access and token authentication system.
  
  Implemented and lead a project to design and deploy ISO 17799 aligned policy and procedures within numerous companies both in Australia and Internationally through a consultative process.
  
  Developed ISO17799 and AS/NZS 4360 audit and review frameworks
  
  Has produced academically published papers on IT, Mathematics, HR and Business Strategy
  
  I Manage the following Business lines:
  Data Analysis Team
  Data Mining Team
  IT Forensic Team
  IT Audit Team
  IT Security Team
  
  I specialise in:
  • Associative Rules Mining
  • Memory Forensics
  • Embedded device Forensics
  • Network Forensics
  • Cryptanalysis
  • System incident recovery (“deep diving”)
  • Steganography

• Chief Research Officer (1-100 Employees, R and D Company)

  Ridges Estate

  (Privately Held; 1-10 employees; Internet industry)

  February 2001 — September 2004 (3 years 8 months)

  Implemented an AusIndustry approved Research Program involving the integration of technical solutions to the information security and agribusiness arenas.
  
  Creation of Firewall and Authentication Procedure documents for News Ltd
  Mentoring at News Ltd in Security Technologies
  Risk Assessments for News Ltd based on AS4360
  Audit activity for News Ltd of the Internet systems and Firewalls
  Staff training of the SecurID Authorisation systems
  Network Security audit of the RIC Systems Internet Gateways
  DNS and Mail Systems Security for RIC
  
  Virus containment activities for RIC
  Policy creation for Vodafone Ltd
  Risk Assessments for Vodafone
  Training and documentation of Security Audit and review procedures for Vodafone
  Wireless research
  
  Craig lead a research team that conducted technology research into -
  
  Wireless systems research
  IT Security Systems
  Encryption Techniology
  Agricultural Automation and monitoring systems
  Farm Management Software
  Malware Systems

• Managing Director

  DeMorgan

  (Computer & Network Security industry)

  November 1997 — August 2003 (5 years 10 months)

  MD, CTO, CIO and founder.

• Information Security

  Australian Stock Exchange

  (Public Company; 201-500 employees; Financial Services industry)

  April 1997 — May 1998 (1 year 2 months)

  Security, Firewalls and IDS.

• Corporate Accounts Manager

  OzEmail

  (Information Technology and Services industry)

  1996 — 1997 (1 year )

• Network Manager

  Corporate Express (WPA)

  (Information Technology and Services industry)

  1992 — 1996 (4 years )

• All sorts

  WPA

  (Information Technology and Services industry)

  1992 — 1995 (3 years )

• Executive Chef

  C&C Catering

  (Food & Beverages industry)

  March 1991 — November 1994 (3 years 9 months)

  Specialty catering. Game, central European cuisine, 1 off banquets.
  
  I was trained in French Provincial styles and Hute cuisine. I was a Sous chef for a time with a speciality as a saucier, and brassier. I did specialty game meals for the most part.
  
  My training was with continential kitchens and then others in the 80's.

Craig Steven Wright’s Education

• Charles Sturt University

  PhD , Computer Science , 2009 — 2012 (expected)

  Incorporates:
  • Economic theory,
  • Quantitative financial modelling,
  • Algorithmic game theory and
  • Statistical hazard/survival models.
  The models will account for Heteroscadastic confounding variables and include appropriate transforms such that variance heterogeneity is assured in non-normal distributions. Process modelling for integrated Poisson continuous-time process for risk through hazard will be developed using a combination of:
  • Business financial data (company accountancy and other records),
  • Legal databases for tortuous and regulatory costs and
  • Insurance datasets.
  This data will be coupled with hazard models created using Honeynets (e.g. Project Honeynet), reporting sites such as the storm centre. The combination of this information will provide the framework for the first truly quantitative security risk framework.

  Activities and Societies:

  The Quantification of Information Systems Risk
  
  The goal of this research project is to create a series of quantitatively models for information security. Mathematical modelling techniques that can be used to model and predict information security risk will be developed using a combination of techniques.

• Charles Sturt University

  MSD , Masters in Systems Development , 2009 — 2010 (expected)

  See
  http://www.itmasters.edu.au/WhichQualification/MasterofSystemsDevelopment/MicrosoftMCSDNet35Stream.aspx

  Activities and Societies:

  Java, C#, C, C++

• Charles Sturt University

  Psychology , Psychology , 2007 — 2010 (expected)

  Activities and Societies:

  Associate Student at present. Have completed.
  Foundations of Psychology

• Northumbria University

  LLM , Law (International Commercial Law) , 2006 — 2008

  LLM (eCommerce Law)International Commercial Law
  * Competition Law
  * International Trade Finance Law
  * International Finance Law
  * Banking Law
  * Law of International Trade
  * Competition Law
  * Contract Law (advanced)
  * Tort and Negligence Online

  Activities and Societies:

  LLM (eCommerce Law)International Commercial Law

• Charles Sturt University

  Master of Information Systems Security (MInfoSysSec) , IT Security , 2005 — 2008

  Design Secure Distributed Networks
  IT Risk Management
  Network Security Fundamentals
  Theory of Computation
  IT Management Issues
  Network and Security Admin
  Information Security
  Principles of Database Development
  Object Modelling
  SysDev Project Management

  Activities and Societies:

  Advanced skills in the design, implementation and management of secure networks
  Higher order network design
  An informed and reflexive perspective on IT Security issues
  Problem-solving and troubleshooting and documenting complex problems
  The ability to analyse complex client business security requirements and select appropriate solutions
  Skills in the development of leading edge security solutions that meets customer business objectives for functionality and performance

• University of Newcastle

  Master of Statistics (MSTAT) , Quantitative Statistics , 2005 — 2008

  Longitudinal Data Analysis
  Statistical Inference
  Data Mining
  Business Research Methods
  Regression and Forecasting
  Decision Analysis
  Statistical Computing
  Heteroscedastic Modelling
  Financial time series
  Bayesian Analysis
  Generalised Linear Models

  Activities and Societies:

  This programme involves undertaking skills training programmes, and learning through originality in solving problems offering the ability to plan and implement tasks at a professional level.
  
  Topics include: regression and ANOVA, mathematical statistics, research methods, statistical inference, generalised linear models, time series and stochastic processes, statistical computing, total quality management, Bayesian methods, data mining, surveys and experiments, multivariate statistics.

• Sans Institute

  GSE-Compliance, GSE-Malware , GIAC Security Expert (Compliance Stream) , 2007 — 2007

• Charles Sturt University

  Master of Management (MMgt) , Management, Finance , 2004 — 2006

  HRM571 Managing People in the Information Age
  ITC563 IT Management Issues
  MKT571 Marketing for IT Managers
  FIN571 Managerial Finance
  MGT572 Managing Organisational Change
  MGT573 Strategic Practice

  Activities and Societies:

  The aim of this course is to prepare students to succeed in management positions that leverage computing technology to operate and expand business endeavours.
  The needs of existing IT managers, programmers, developers, network engineers, and other IT workers who aspire to move upward into technical management positions will be catered to with the emphasis on exploiting information technologies for productivity and competitiveness.

• Charles Sturt University

  Master of Network and Systems Administration (MNSA) , IT Networking , 2003 — 2004

  Subject: ITC-511 Networking Concepts 1
  Subject: ITC-512 Networking Concepts 2
  Subject: ITC-513 Wireless Networking Concepts
  Subject: ITC-514 Network and Security Administration
  Subject: ITC-593 Network security
  Subject: ITC-506 Topics in IT Ethics
  Subject: ITI-555: Operating System Essentials
  Subject: ITI-556: Supporting a Network Infrastructure (I)
  Subject: ITI-557: Supporting a Network Infrastructure (II)
  Subject: ITI-558: Active Directory Infrastructure
  Subject: ITI-559: Designing Active directories and Network Infrastructure

  Activities and Societies:

  Advanced design, implementation and network management skills
  Higher order system administration skills
  Advanced skills in identifying network security risk profiles, defining security policies and maintaining secure global networks
  Problem-solving methodologies to troubleshoot and document global internetworking problems
  Analyse complex client business and technical requirements
  Development of solutions that meets customer business objectives for functionality, performance, and cost

• Guess (I am an ex-chatholic who is now involved in the UC)

  Doctor of Theology , Comparitive Religous and Classical Studies , 1998 — 2003

  Ask me and I may share. I act as a lay pastor and I do not always desire to argue with people who have no concept of religion. I was a catholic, became an atheist, and moved towards the uniting church as I learnt more in science and mathematics.
  
  If you need to ever need to know of Dionysus, Vesta, Menrva, Ceres (Roman Goddess of the Corn, Earth, Harvest) or other Mythological characters - I am your man. I could even hold a conversation on Eileithyia, the Greek Goddess of Childbirth and her roman rebirth as Lucina.
  
  I bet you did not know that Asklepios Aesculapius is the Greek God of Health and Medicine or that Lucifer is the name of the Roman Light-bearer, the God and Star that brings in the day.

  Activities and Societies:

  A comparitive study of Greko-Roman foundations to the Judeo-Christian origins of the Eve belief and myth structure.
  
  If you are really lucky (or unlucky as the case my be) I may let you read my dissertation:
  "Gnarled roots of a creation theory".

• Fuel Sciences

  Associate of Science (Organic Chemistry) , 1995 — 1997

• Nuclear Physics

  Nuclear Physics , Nuclear magnetic resonance (NMR) , 1993 — 1995

• University of Queensland

  Engineering , Computer Systems Engineering (incomplete - changed to Comp Sci in 4th year - I was young) , 1988 — 1992

• Padua College

  HIgh School , Senior Certificate , 1986 — 1987

• IT - Summary of qualifications and achievements

  A summary of some (some mind you) of my Certifications , Information Technology (Security)

  GSE-Compliance # 0001 [Platinum] GIAC Security Compliance
  GSEC # 10506
  G7799 # 0039
  GCFA # 0265
  GSNA # 0571
  GSAE # 0141
  GLEG # 0006
  GLFR # 0016 GIAC Law of Fraud (GLFR)
  GREM # 0586 GIAC Reverse Engineering Malware (GREM)
  GPCI # 0086 GIAC Payment Card Industry (GPCI)
  GSPA # 0101 GIAC Security Policy and Awareness (GSPA)
  GLDR # 0101 GIAC Leadership (GLDR)
  GWAS # 0535 GIAC Web Application Security (GWAS)
  GIPS # 0036 GIAC Intrusion Prevention (GIPS)
  GCUX # 0587 GIAC Certified UNIX Security Administrator
  
  MCSA # 3062393 Microsoft Certified Systems Administrator
  MCSE # 3062393 Microsoft Certified Systems Engineer
  MCSE # 3062393 Microsoft Certified Systems Engineer (Mail)
  MCSE # 3062393 Microsoft Certified Systems Engineer (Security)
  MCDBA # 3062393 Microsoft Certified Database Administrator
  
  MIEEE # 87028913 Member IEEE
  AFAIM # PM133844 Associate Fellow Aust Inst. Management
  MACS # 3015822 Senior Member Aust Computer Society

  Activities and Societies:

  CISSP # 47302 (ICS)2 Security Professional
  ISSMP # 47302 (ICS)2 Security - Management Professional
  ISSAP # 47302 (ICS)2 Security - Architecture Professional
  
  CISA # 0542911 Certified Information Systems Auditor
  CISM # 0300803 Certified Information Security Manager
  CCE # 480 ISFCE - Certified Computer Examiner
  ISSPCS # 051 International Systems Security Professional Certification Scheme

• SANS Institute

Additional Information

Craig Steven Wright’s Websites:

• My Blog
• Newspaper
• Interview

Craig Steven Wright’s Interests:

Music (Piano) Research Learning

Craig Steven Wright’s Groups:

•    CSORoundtable
•    Certified Information Systems Security Professionals (CISSP)
•    Executive Suite
•    Security Crew
•    Society for Computers and Law
•    CISO: Meaningful Metrics
•    Open Web Application Security Project (OWASP)
•    Information Systems Security Association (ISSA)
•    IT Specialist Group
•    LinkEds & writers
•    ISECOM
•    IT Governance
•    GIAC, Global Information Assurance Certification
•    Information Security Community
•    ISACA
•    Certified Information Systems Auditor
•    Global Corporate Fraud and Compliance Professionals
•    Log Analysis Professionals
•    Speakers and Panelists
•    CPUG: The Check Point User Group
•    National Information Security Group
•    Certified Information Security Managers
•    Professional Audit Information Network (PAIN)
•    IT SECURITY EXPERT
•    Professional Reverse Engineers
•    Computer Security and Forensics
•    GIAC Certified Forensic Analyst
•    Ethical Hacker
•    Information Security Experts
•    ASX Network
•    Payment Card Industry Network
•    Enterprise Security
•    CCE
•    Security Industry Group
•    Information Security Network
•    Electronic Discovery Group
•    Wright's
•    Fraud, Phishing and Financial Misdeeds
•    InLinked Cyber Crimes Group
•    Law and Legal Open Networkers
•    Background Screening and Due Diligence Professionals
•    Evidence Lifecycle Management (ELM)
•    Security Leaders Group
•    Open Compliance & Ethics Group (OCEG) GRC Professionals
•    ISFCE and CCEs in Australia
•    SANS Australia/New Zealand Community
•    Penetration Testing Experts
•    CXO SUMMITS

Craig Steven Wright’s Honors:

Honors / Awards
GSE-Compliance
http://www.giac.org/certifications/gse.php
GCFA CCE
GSE-Compliance # 0001 [Platinum] GIAC Security Compliance (GSE-Compliance)
GSEC 1 # 10506 [SILVER, Gold in progress] GIAC Security Essentials Certification (GSEC)
G7799 2 # 0039 [GOLD] GIAC Certified ISO-17799 Specialist (G7799)
GCFA 3 # 0265 [GOLD] GIAC Certified Forensics Analyst (GCFA)
GSNA 4 # 0571 [GOLD] GIAC Systems and Network Auditor (GSNA)
GSAE 5 # 0141 [Silver] GIAC Security Audit Essentials (GSAE)

Other Info
Craig has very strong skills in TCP/IP, Unix (Solaris, Linux and BSDI), Windows NT/2000/2003, Citrix, Netware, Internet and Intranet Technologies (Web Servers, FTP Servers, Mail Relays, DNS and News Servers) IT Security (Firewalls, Routers, Intrusion Detection systems, User Activity Monitoring systems, Policy and Procedural development, and Incident Response Handling.), and Remote Access Methods (Internet based VPN Solutions).

Craig Steven Wright’s Contact Settings

Interested In:

• career opportunities
• consulting offers
• new ventures
• job inquiries
• expertise requests
• reference requests
• getting back in touch