Académique Documents
Professionnel Documents
Culture Documents
Search by name
Craig Steven Wright 500+
connections
at Over 400 million professionals are already on
Sydney, Australia Information Technology and Services LinkedIn. Find who you know.
Current Private, DeMorgan Limited, Hotwire Pre- First Name Last Name !
Emptive Intelligence Group
Previous CSCSS / Centre for Strategic Cyberspace Example: Jeff Weiner
+ Security Science, Charles Sturt
University, iVolution Security
People Also Viewed
Education University of London
Recommendations 10 people have recommended Craig Luke Harvey-Palmer
Steven Chief Executive Officer - Alive
Websites Blog
Newspaper
Interview
Neil Currie
Chairman and CEO QFire Software
Jonathan Rubinsztein
Join LinkedIn and access Craig Steven’s full CEO at UXC Red Rock Consulting
Nick Beaugeard
Published by Craig Steven CEO and Founder at HubOne, Chair,
ANZ Community at CompTIA
See more
Sidney Minassian
Founder & CEO of Contexti | Big
Data Analytics
Tony Pittorino
CEO at isgroup.technology
Warwick Kirby
ACCELERATING THE Chief Executive Officer, Executive
SOUTHERN HEMISPHERE Director
May 8, 2015
► Centre of Excellence Leader delivering to government and corporate clients pathways to IPv6
and secure cloud based solutions.
► Led the migration of a new core banking platform based on .Net and cloud technologies
delivering a forward client centered banking platform.
Distinguished by designing the security architecture and environment for Lasseter’s On-Line Casino
allowing approval by the NT Government for the first online gaming license globally.
Developed board level security policies and procedural practices within Mahindra and Mahindra,
India’s largest vehicle manufacturer. The Mahindra group employee over 50,000 people in total and
has numerous business interests from Car to Tractor manufacture, through to IT outsourcing.
Experience
Chief Scientist
Private
July 2015 – Present (6 months)
Writing papers,
Research,
Managing change.
DeMorgan is a pre-IPO Australian listed company focused on alternative currency, next generation
banking and reputational and educational products with a focus on security and creating a simple
user experience.
Our group of companies has received a series of Advance Findings from AusIndustry around the
two HPC systems we run and the AI and machine learning activities we conduct. In total, we have
received Core Technology and Advance Finding certificates for 110 million in research activities.
In the six years since the first company in the group started, we have completed several Bitcoin
based research projects that have lasted over and are now ready to start commercialising.
Responsible for direction and business development as well as development of programs and
services.
We are a group of highly technical individuals that make up a growing team. This position is based
in our Sydney office, with travel to Brisbane and California.
The world grows through change and knowledge. To thrive, people need to develop wisdom in a
social web. To enable this, we must look ahead, understand the trends and forces that will shape
society and business in the future and move swiftly to prepare people for what's to come. We will
help the world to get ready for tomorrow today. That's what our 2020 Vision is all about. It creates a
long-term destination for our business and provides us with a "Roadmap" for winning together with
our community and the society we will help to foster through trust and assurance.
Our Mission
Our Roadmap starts with our mission, which is enduring. It declares our purpose as a company and
serves as the standard against which we weigh our actions and decisions.
• To make the world wiser and better...
• To inspire enduring optimism and trust...
• To create value and make a difference.
Trustee
The Uniting Church (NSW) Trust Association Limited
December 2007 – Present (8 years 1 month)
I am working on the legal section of the CISSP/ISSMP handbook for ISC2 and a book on MMC
(Syngress) - Mobile Malicious Code. At the moment.
Responsible for direction and business development within the Asia Pacific region as well as
development of programs and services.
The Centre for Strategic Cyberspace + Security Science (CSCSS) is a multilateral, international not-
for-profit organization that conducts independent cyber-centric research, development, analysis, and
training in the areas of cyberspace, defence intelligence, cyber security, and science while
addressing the threats, trends, and opportunities shaping international security policies and national
cyberspace cyber security initiatives.
CSCSS, as a strategic leader in cyberspace, works jointly with key partners to address, develop,
and define cyber technologies, cyber defence force capabilities, information dominance, and
concept operations. We deliver practical recommendations and innovative solutions and strategies
to advance a secure cyberspace domain.
Subject Coordinator/Lecturer
Charles Sturt University
January 2010 – June 2015 (5 years 6 months)
I promote the IT Masters degree in digital forensics that I helped to create.This is a industry aligned
coursework masters degree.
On top of this I am in the final stages of completing and having a subject approved in Windows
Mobile and Cloud Coding. This is an innovative course in programming for the Windows Tablet and
Phone marketplace using cloud based technologies.
As Vice President, Forensics Services, Dr. Craig Wright is responsible for setting iVOLUTION
Security’s strategic direction in the forensics field and is responsible for overseeing the
development, testing and deployment of all forensics services and products.
Technical Director
GIAC
2007 – 2015 (8 years)
I have taught:
SEC 504 http://www.sans.org/course/hacker-techniques-exploits-incident-handling
Responsible for strategic direction and business development within the Asia Pacific region.
Establishment of executive level relationships with the National Security Agency (NSA), Department
of Homeland Security (DHS), North American Space Administration and DSD and regional
government bodies. Formation of a multinational cconsortium providing information systems
assurance and information security engineering and architecture services to promote the secure
design and development of information services, technologies, communications, products, and
systems. We deliver tactical IA solutions and frameworks. Executive management of the CSRD
Group leveraging strategic partnerships with the public-private sector, academia, and international
agencies to enable an innovative-collaborative approach to R&D.
CEO
GreyFog
November 2009 – January 2012 (2 years 3 months)
Greyfog developed security software and solutions to the digital media industry. We worked with
Watt Watchers and developed a small footprint security device for the transmission of digital media.
This company was sold for the licensing rights of the business after the successful deployment of a
national VPN and firewall infrastructure managing an international cinema chain was deployed.
Leading a software team in modeling of risk using hazard survival models. Creating a package of
.Net libraries for audit clients, Digital Forensics and design of statistical tests for accounting and
financial systems.
Responsible lead on a packer analysis project designed to improve the efficiency of malware
detection in the CA Vet Anti-Virus platform. Creation of DATs (Digital Analysis Technology) for a
Marine Sales Company in NSW. Static Code analysis for a major multinational gaming company.
Director
Information Defense Pty Ltd
January 2009 – June 2011 (2 years 6 months)
- Code security maintenance and project management on Database (SQL, SAS) and Web projects
for a major online sport's betting and casino operation.
Information Defense provides the knowledge and skills to ensure that your data remains safe,
secure and accurate. Like most companies of our class, we provide services to defend against
cyber crime and online fraud. Unlike most (if not all) we also have the skills to ensure that your data
is accurate. Combining the highest level of digital forensic, information security and statistical skills
in a single entity allows us to offer you the solution that you need to ensure that your data is safe.
Security risk assessments, (Based on HIPPA, AS/NZS 4360 and various sections of the financial
services legislation),
Project managed the implementation of a secure remote access and token authentication system.
Implemented and lead a project to design and deploy ISO 17799 aligned policy and procedures
within numerous companies both in Australia and Internationally through a consultative process.
Has produced academically published papers on IT, Mathematics, HR and Business Strategy
I specialise in:
• Associative Rules Mining
• Memory Forensics
• Embedded device Forensics
• Network Forensics
• Cryptanalysis
• System incident recovery (“deep diving”)
• Steganography
Founded one of the first providers of IT security services specializing in managed security and
secure systems design to the top 150 companies in Australia with a focus on the financial services,
banking and technology markets.
Executive management of IT consultants, administrative and helpdesk staff with between 20-26
direct reports in 15 global locations.
Network Manager
Corporate Express (WPA)
1992 – 1996 (4 years)
All sorts
WPA
1992 – 1995 (3 years)
Fixing stuff
Executive Chef
C&C Catering
March 1991 – November 1994 (3 years 9 months)
I was trained in French Provincial styles and Hute cuisine. I was a Sous chef for a time with a
speciality as a saucier, and brassier. I did specialty game meals for the most part.
My training was with continential kitchens and then others in the 80's.
Languages
French English
Limited working proficiency Native or bilingual proficiency
Skills
Publications
This book provides comprehensive methodology, enabling the staff charged with an IT security audit
to create a sound framework, allowing them to meet the challenges of compliance in a way that
aligns with both business and technical needs. This "roadmap" provides a way of interpreting
complex, often confusing, compliance requirements within the larger scope of an organization's
overall needs.
Key Features:
* The ulitmate guide to making an effective security policy and controls that enable monitoring and
testing against them
* The most comprehensive IT compliance template available, giving detailed information on testing
all your IT security, policy and governance requirements
* A guide to meeting the minimum standard, whether you are planning to meet ISO 27001, PCI-
DSS, HIPPA, FISCAM, COBIT or any other IT compliance requirement
* Both technical staff responsible for securing and auditing information systems and auditors who
desire to demonstrate their technical expertise will gain the knowledge, skills and abilities to apply
basic risk analysis techniques and to conduct a technical audit of essential information systems from
this book
* This technically based, practical guide to information systems audit and assessment will show how
the process can be used to meet myriad compliance issues
Authors: Craig Steven Wright
The Official CHFI Study Guide (Exam 312-49) For Computer Hacking
Forensics Investigators "
Elsevier
August 2007
Audience:
Police and law enforcement personnel, military personnel, security professionals, systems
administrators, legal professionals, banking, insurance, IT managers or people studying for the
CHFI certification.
Authors: Craig Steven Wright
The Official (ISC)2® Guide to the ISSMP® CBK® provides an overview of management topics
related to information security. This iteration provides for a more expanded enterprise model of
security and management, one that delves into project management, risk management, and
continuity planning. Preparing the professional for certification, as well as for job readiness, this
resource promotes an understanding of what are now five ISSEP domains. These include
Enterprise Security Management Practices, Enterprise-Wide System Development Security, Law,
Investigations, Forensics and Ethics, Overseeing Compliance of Operations Security, and Business
Continuity and Disaster Recovery Planning.
Authors: Craig Steven Wright
In all of this, we have a society that is reliant on systems and data. Here, we see a new need to be
even more vigilant than we have been in the past. When food systems are based on SCADA style
controls, there is far less room for allowing rouge access to the databases and systems that run the
controls that enable this future? Security has always been important, but as a future career, it is one
that is not going to disappear. We may see automated systems replace even skilled jobs (such as a
pilot), but it will be a long time before we start to have secure systems that do not involve people.
Authors: Craig Steven Wright
We are starting to move to IPv6 and the cloud. Right now, the uptake is minimal at best with very
few early adopters for all of the hype. The climate is changing. Soon, IP addresses will be on
everything and even the concept of non-disclosure agreements and contracts designed to protect
intellectual property will require that we consider the nature of the cloud and the Internet as a
platform for contractual negotiation.
Authors: Craig Steven Wright
SCAPY is a series of python based scripts that are designed for network level packet manipulation.
With it, we can sniff network traffic, interactively manipulate it, and fuzz services. More, SCAPY
decodes the packets that it receives without interpreting them. The article is going into some of the
fundamentals that you will need in order to understand the shellcode and exploit creation process,
how to use Python as a launch platform for your shellcode and what the various system
components are.
Authors: Craig Steven Wright
API hooking the malicious code is used to vary the library function calls and returns by replacing the
valid function calls with one of the attackers choosing. The article follows from previous articles as
well as goes into some of the fundamentals that you will need in order to understand the shellcode
creation process, how to use Python as a launch platform for your shellcode and that the various
system components are. This article includes a section on functions and calls, extending DLL
injection and then move to the actual API hooking process (that we will extend) in coming articles.
With these skills you will have the foundations for creating shellcode for exploits and hence an
understanding of the process that penetration testers and hackers use in exploiting systems. You
will see how it is possible to either create your own exploit code from scratch or even to modify
existing exploit code to either add functionality or in order to bypass signature based IDS/IPS filters.
Authors: Craig Steven Wright
This article is a follow-up and second part of a look at format strings in the C and C++ programming
languages; in particular, how these may be abused. The article goes on to discuss crafting attacks
using Python in order to attack through DPA (Direct Parameter Access) such that you can enact a 4-
byte overwrite in the DTORS and GOT (Global Access Table).
Authors: Craig Steven Wright
Beyond Automated Tools and Frameworks: the shellcode injection process "
Hakin9
June 2012
Automated frameworks (including Metasploit) have simplified the testing and exploitation process.
This of course comes with a price. Many penetration testers
have become tool jockeys with little understanding of
just how software functions. This script kiddie approach
to code testing does have its place. It has allowed us to
drastically increase the number of people working on
testing systems for vulnerabilities and in assessing the
risks these pose. At the same time, if these individuals
do not progress further, simply relying on the ability to
leverage the efforts of others, we will hit bottlenecks in
the creation of new tests and processes. This article is
going to follow from previous articles as well as going
into some of the fundamentals that you will need in order
to understand the shellcode creation process, how to use
Python as a launch platform for your shellcode and that
the various system components are.
Authors: Craig Steven Wright
Understanding conditionals in shellcode "
Hakin9
June 2012
Abstract Market models for software vulnerabilities have been disparaged in the past citing how
these do little to lower the risk of insecure software. In this paper we argue that the market models
proposed are flawed and not the concept of a market itself. A well-defined software risk derivative
market would improve the information exchange for both the software user and vendor removing the
often touted imperfect information state that is said to believe the software industry. In this way,
users could have a rational means of accurately judging software risks and costs and as such the
vendor could optimally apply their time between delivering features and averting risk in a manner
demanded by the end user. It is of little value to increase the cost per unit of software by more than
an equal compensating control in an attempt to create secure software. This paper argues that if the
cost of an alternative control that can be added to a system is lower than the cost improving the
security of the software itself, then it is uneconomical to spend more time and hence money
improving the security of the software. It is argued that a software derivative market will provide the
mechanism needed to determine these costs.
Keywords – Security, Derivatives, vulnerability market, software development, game theory
Authors: Craig Steven Wright, Tanveer A Zia
Using a quantitative study of in-house coding practices, we demonstrate the notion that
programming needs to move from "Lines of Code per day" as a productivity measure to a measure
that takes debugging and documentation into account. This could be something such as "Lines of
clean, simple, correct, well-documented code per day", but with bugs propagating into the 6th
iteration of patches, a new paradigm needs to be developed. Finding flaws in software, whether
these have a security related cost or not, is an essential component of software development. When
these bugs result in security vulnerabilities, the importance of testing becomes even more critical.
Many studies have been conducted using the practices of large software vendors as a basis, but
few studies have looked at in-house development practices. This paper uses an empirical study of
in-house software coding practices in Australian companies to both demonstrate that there is an
economic limit to how far testing should proceed as well as noting the deficiencies in the existing
approaches.
Authors: Craig Steven Wright, Tanveer A. Zia
Certifications
GSAE
GIAC, License 141
September 2007 – Present
GNET
GIAC, License 129
June 2008 – Present
Education
University of London
Master of Science (MSc), Finance (Quantitative Finance)
2015 – 2017
Econometrics
SANS Institute
Master of Science (M.Sc.), Information Security Management
2010 – 2012
http://www.sans.edu/academics/curricula/msise
http://www.giac.org/certified-professional/craig-wright/107335
Incorporates:
• Economic theory,
• Quantitative financial modelling,
• Algorithmic game theory and
• Statistical hazard/survival models.
The models will account for Heteroscadastic confounding variables and include appropriate
transforms such that variance heterogeneity is assured in non-normal distributions. Process
modelling for integrated Poisson continuous-time process for risk through hazard will be developed
using a combination of:
• Business financial data (company accountancy and other records),
• Legal databases for tortuous and regulatory costs and
• Insurance datasets.
This data will be coupled with hazard models created using Honeynets (e.g. Project Honeynet),
reporting sites such as the storm centre. The combination of this information will provide the
framework for the first truly quantitative security risk framework.
Activities and Societies: The Quantification of Information Systems Risk The goal of this research
project is to create a series of quantitatively models for information security. Mathematical modelling
techniques that can be used to model and predict information security risk will be developed using a
combination of techniques.
See
http://www.itmasters.edu.au/WhichQualification/MasterofSystemsDevelopment/MicrosoftMCSDNet3
5Stream.aspx
Activities and Societies: Java, C#, C, C++
Activities and Societies: Associate Student at present. Have completed. Foundations of Psychology
University of Newcastle
Master of Statistics (MSTAT), Quantitative Statistics
2005 – 2009
Northumbria University
LLM, Law (International Commercial Law)
2006 – 2008
Sans Institute
GSE-Compliance, GSE-Malware, GIAC Security Expert (Compliance Stream)
2007 – 2007
Ask me and I may share. I act as a lay pastor and I do not always desire to argue with people who
Ask me and I may share. I act as a lay pastor and I do not always desire to argue with people who
have no concept of religion. I was a catholic, became an atheist, and moved towards the uniting
church as I learnt more in science and mathematics.
If you need to ever need to know of Dionysus, Vesta, Menrva, Ceres (Roman Goddess of the Corn,
Earth, Harvest) or other Mythological characters - I am your man. I could even hold a conversation
on Eileithyia, the Greek Goddess of Childbirth and her roman rebirth as Lucina.
I bet you did not know that Asklepios Aesculapius is the Greek God of Health and Medicine or that
Lucifer is the name of the Roman Light-bearer, the God and Star that brings in the day.
Activities and Societies: A comparitive study of Greko-Roman foundations to the Judeo-Christian
origins of the Eve belief and myth structure. If you are really lucky (or unlucky as the case my be) I
may let you read my dissertation: "Gnarled roots of a creation theory".
Fuel Sciences
Associate of Science (Organic Chemistry)
1995 – 1997
Nuclear Physics
Nuclear Physics, Nuclear magnetic resonance (NMR)
1993 – 1995
University of Queensland
Engineering, Computer Systems Engineering (incomplete - changed to
Comp Sci in 4th year - I was young)
1988 – 1992
Padua College
HIgh School, Senior Certificate
1986 – 1987
Interests
Music (Piano) Research Learning
Patents
Recommendations
# Craig is a little bit crazy, as in Orville & # Craig has a vast array of knowledge and
Wilbur Wright craziness of deciding to add experience at his disposal. He keeps his
an engine to a glider. ... a true visionary. commitments and gets along with with
See more other team members. He does quality…
See more
Groups
© 2015 User Agreement Privacy Policy Community Guidelines Cookie Policy Copyright Policy Unsubscribe