David Ross

Contact Details
T: 
07 3231 5434
Contact person by email
Brisbane
Principal Consultant

David is a Principal Consultant with Bridge Point Communications. In these roles, David mentors staff and provides Security Consulting Services where his more than 20 years of experience in the industry are put to use. David has worked across a whole range of Security and IT related projects, and has a PhD in Wireless Network Security.

Qualifications & Memberships 

  • Doctor of Philosophy (Information Security), ISI, QUT (2010)
  • Bachelor of Engineering (Electrical), University of Queensland (1986)
  • Bachelor of Arts (Computer Science), University of Queensland (1996)
  • Postgraduate BA Class I Honours in Computer Science, UQ (1999)
  • Certified Information Systems Security Professional (2006, 2009)
  • SABSA Chartered Foundation (SCF) Certificate (2007)
  • SABSA Chartered Practitioner: Architectural Design (SCPA) (2009)
  • PCI DSS Qualified Security Assessor (QSA) (2009, 2010)
  • IBM ISS Systems Engineer (2009)
  • RSA Certified Systems Engineer (CSE) – envision (2009) 
  • National Security and Non-National Security Clearances available as required

Areas of Expertise

  • Wireless Computer Networks
  • Public Key Infrastructure
  • Computer and Internet Security
  • Security Architecture Design
  • Security Incident Response
  • Computer Forensics
  • Security Training
  • PCI DSS, ISO27001, QGIS18 Consultancy Services
  • Vulnerability and Penetration Testing
  • Policy and Procedure Development
  • Project Management
  • IT Personnel Management
  • RSA enVision
  • IBM ISS products
  • Unix System Administration

Professional Affiliations:

  • Chartered Member of the Institution of Engineers, Australia
  • Member of the APESMA
  • Member of the Electrical College, IEAust
  • Member of the Engineering Practice Sub-Committee, IEAust
  • Member of the System Administrators Guild of Australia
  • Member of the Australian Information Security Association
  • Member of the Association of Computing Machinery (USA)
  • Member of the IEEE (USA)

Verifiable Experience

Developed the initial Queensland whole-of-Government Public Key Infrastructure Certificate Policies and led the initial development of the QGPKI Framework for the QGCIO and supervised, advised and provided QA for various components of the ongoing enhancement of the QGPKI into production.

Developed a cross-enterprise Public Key Infrastructure framework for a multi-organisation quasi-government entity.

Performed an audit of all PKI usage within the Department of Natural Resources and Water and determined an architectural design that adhered to NRW policy and offered the most cost-effective and logical path forward for a consolidated architecture. The approach was very similar to the one recommended in this body of work; interview, mediation and facilitation of inter and intra-Departmental groups, adherence to both internal policy and QofG policy and GEA to architectural design and sign off.

SABSA Security Architect for a Queensland Council. Develop the e-commerce security architecture as a component of the Enterprise Security Architecture to provide the ability to transact securely online with Council. Develop a series of documents using the Sherwood Applied Business Security Architecture (SABSA®) method to provide the initial components of an Enterprise Security Architecture (ESA). This was a process of progressively defining an ESA from a business-driven top level architecture. The pure business requirements for information security were normalised into standardised conceptual elements at the second level, which combined with the top level to instantiate the “Strategy and Planning” phase of the SABSA® method. From the Strategy and Planning result, the third level of the SABSA® architecture, the logical architecture, then detailed the required security services. From the logical architecture, the fourth level, the physical architecture then describes the security mechanisms required to support the security services described at the logical level.

Developed a Certificate Policy and a Certificate Practice Statement for the Department of Natural Resources and Water. This also met the requirements for the QGAF, QGIS18 and NRW internal Information Security Classification and Control Policy, which conforms with the Queensland Government Information Security Classification Framework. Liaison with the QGCIO also took place during the course of this project.

Design and test a proof-of-concept installation of a new RADIUS solution involving the integration of new appliances with the existing Public Key Infrastructure, including existing custom-built open-source Certification Authority, X.509 client certificates installed for Microsoft Machine Authentication on wireless devices, with wireless access points configured for EAP-TLS authentication; new local Microsoft Active Directory Domain Controllers and the enterprise Novell eDirectory services.

Design a new PKI to integrate with a Government Department's wireless access and remote access and external access services. This included a review of open source and commercial PKI solutions such as those from VeriSign and RSA.

Perform a security review of Education Queensland's One Network architecture, as one of the system initiatives supporting the Smart Classrooms strategy to establish information and communications technology into the core of education in Queensland schools.

Design a new two-factor authentication system involving the integration of RSA ACE/Server and personal tokens with the existing Cisco ASA firewall and Microsoft IAS and ISA servers distributed between the corporate office network and the Web Central third-party hosting site.

Academic papers:

David has delivered the following Academic and Industry Papers:

[1] David Ross. “The Security of Wireless Computing Technologies”. In Andrew Clark, Kathryn Kerr, and George Mohay, editors, AusCERT Asia Pacific Information Technology Security Conference Refereed R&D Stream, pages 51-63. Australian Computer Emergency Response Team, May 2005. ISBN: 1-86499-799-0.

[2] David Ross, Andrew Clark, and Mark Looi. “Securely Deploying IEEE 802.11 WLANs”. In A. Clark, M. McPherson, and G. Mohay, editors, Proceedings of AusCERT Asia Pacific Information Technology Security Conference (AusCERT2007): Refereed R&D Stream, pages 50-70. Australian Computer Emergency Response Team, University of Queensland, May 2007. ISBN: 978-1-86499-877-1.
 
Industry papers:

David Ross. “Using SNMP Without Destroying Network Security”. In SAGE-AU, Proceedings of the National Conference of The System Administrators Guild of Australia, SAGE-AU, 2002.

David Ross. “Introduction to Network Security”. In SAGE-AU, Tutorials of the National Conference of The System Administrators Guild of Australia, SAGE-AU, 2002.

David lecturers on the following;- COMS3000/7003 - Information Security within the University of Queensland.