In this role, I advise clients on how to increase the transparency of their software supply chain, and thereby dramatically improve their cyber security posture, specifically by leveraging "software bill of materials" (SBOM) technologies and processes. I also design solutions that leverage emerging international standards such as OWASP's CycloneDX / Vulnerability Exploitability eXchange (VEX), and the OASIS Common Security Advisory Framework (CSAF), to achieve these outcomes.I have joined the international community of professionals that are leading improvements in this area and have participated in a number of specialist activities, including: (1) the "Lineaje Software Supply Chain Security Summit", held in August 2024 in Las Vegas; (2) the SANS AI Cyber Security Summit, held in September 2024 in Las Vegas; (3) the US DHS Cyber Security and Infrastructure Security Agency (CISA) "SBOM-a-Rama" and the SBOM Solutions Showcase, both held in September 2024 in Denver, and (4) an AIBOM Workshop led by SAP staff, also held in September 2024 in Denver. I also delivered a presentation entitled, "Start dropping SBOM's - Improving Security and Transparency in the Software Supply Chain" at the 2024 AusCERT Cyber Security Conference, held in May 2024 in Queensland, Australia.Other strategic work included producing an enterprise-wide Cyber Security and Service Assurance Improvement Plan for the University of the Sunshine Coast (Queensland, Australia).

I served as the corporate executive responsible for enterprise cyber security and IT/OT risk management, including related compliance and assurance functions, at a large, complex, public service organization with annual (2023) revenue of $3 billion, $36 billion in assets, and 10,000 staff. BCC is comprised of a variety of businesses units performing broadly diverse functions including: delivery of multi billion dollar civil infrastructure projects, traffic management, city planning and urban development, transportation services, corporate and customer services, regulation enforcement, library management, cemetery/crematorium management, waste management, parks and recreation, and many others.Some responsibilities of the role included:• Development and operation of an enterprise ICT risk management function• Creation and leadership of an inspired team of cyber security and IT risk management professionals to achieve a level of professionalism and efficiency that exceeds the leading external IT consulting organisations• Provision of technical leadership across a broad range of IT initiatives, including network security, enterprise identity & access management infrastructure, cloud security, and operational technology (OT) for water and sewage processing, and transportation management systems (OT)• Oversight of the provision of cybersecurity consulting services for over 150 digital transformation and ICT infrastructure improvement initiatives annually ($100M-$300M per annum) and • Ownership, leadership, and delivery responsibility, for an annual 7-figure dedicated program of work to progress strategic cyber security improvement initiatives• Cyber defense strategy, planning, and implementation, for international events hosted in Brisbane, such as the 2014 Brisbane G20 Intergovernmental Forum, the 2018 GC Commonwealth Games, and advance planning for the 2032 Brisbane 2032 Olympic and Paralympic Games.

In this role I advised executive management, enterprise and ICT solution architects, IT service delivery staff, and a wide range of business managers, regarding how to manage IT risk. Responsibilities included:• Introducing the organisation to effective IT/information risk management, and guided investment and process improvement.• Provision of expert advise related to enterprise risk management, IT security, information privacy, disaster recovery, business continuity management, as well as associated contractual and regulatory requirements in these areas.• Conducting IT risk assessment for specific initiatives and educating staff throughout the division regarding IT risk management • Performing IT risk and security assessment for a wide range of IT initiatives• Winning the confidence of senior managers so that they would appreciate both IT and information risk

To gain an understanding of the complex legal issues that can arise in cyber security, information risk management, information privacy, and software supply chain management, I successfully completed postgraduate law courses in contract law, statutory interpretation, torts (including negligence), intellectual property management, and legal reasoning.

Global Gaming Systems is a boutique IT consulting firm specializing in the casino gaming industry with operations in Las Vegas, Macau, South Africa, and Isle of Man. My role involved the provision of IT strategy, architecture, and risk advice relating to:• Effective architecture and design of operational systems in the context of geographically dispersed ICT operation centers and with very high system availability requirements• Sarbanes-Oxley Act (SOX) compliance preparation and testing• Management of IT systems in an environment of complex regulatory compliance obligations• Information security in the context of casino gaming operations

This role was based within the Department of Computer Science in the Howard R. Hughes School of Engineering. I performed scientific research, disseminated the results via scientific publications, supervised research teams, mentored aspiring IT professionals, and developed new graduate courses, and met all teaching and learning objectives. I produced industry-relevant scientific research in the areas of electronic commerce and cyber security. This included pioneering kernel-enforced "application whitelisting” , which the Australian Signals Directorate reports is an “essential mitigation strategy” to defeat malware and is also the basis for Microsoft’s Applocker™ product. I taught courses in programming language design, computer networking, IT security, and created a new graduate course on information warfare.

The Center was formed from a strategic partnership between a public university and the Nevada state government to be both a technology innovator, and a service provider, to commercial and government organizations. The Center developed novel technology to enable law enforcement officials to rapidly detect electronic crime while protecting individual privacy. In this role I participated in the creation and operation of the Center and performed research. Activities included:• Promoting the creation of the Centre to business stakeholders• Contributing to overall business development strategy• Directing staff working on various research initiatives• Making appearances on local television to report on cyber security issues affecting the general public

Ameristar Casinos [NYSE: ASCA] owned and operated large gaming resorts across the United States, each worth approximately USD$500 million. Reporting directly to the Vice President of Information Technology, I was responsible for:• Collecting business requirements from senior management from across the enterprise• Mapping business functions to business processes and application clusters• Created business cases for eliminating overlapping and redundant capability. I also had to perform product and technology assessments. • Assessing enterprise software solutions to support data management initiatives supporting marketing, gaming operations, internal audit and fraud detection. • Ensuring that system architecture would be capable of meeting very high availability requirements.

Adspace Networks developed and deployed a national digital advertising network linking digital display screens positioned in high-traffic public spaces. I was recruited to develop a high performance CPM-based real-time billing system for the entire ad network. However as one of the first ten employees of this Silicon Valley-based start-up company, my actual responsibilities exceeded those defined in my role statement. Some activities I performed included: • Collecting business requirements from current and prospective customers • Contributing to product strategy, product development, and product management• Product presentations and demonstrations to potential customers and investors• Software development, system architecture, system design and implementation and software testing