• Project Manager - Permanent...
• Project Manager - Trading...
• Project Manager - Telco
• Marketing Manager
• Head of Business Intelligence -...

Sleepless in an online university

Peter Davidson, Information Age

14/02/2006 12:02:43

ACS member Dr Craig Wright is a (very) highly qualified ICT risk assessment and security specialist who believes that a full range of skills is important - which is why he became a certified security guard licensed to carry a gun.

It's not that he is looking for after hours work; it's just that he believes that a combination of ICT, accounting and business skills is essential for anyone offering a full range of risk services these days.

And that means learning every aspect of security - including physical intrusion threats.

And learn he does. As computer assurance services manager for chartered accountants BDO, at 35 he has a catalogue of academic and professional qualifications a metre long.

His reasoning is simple enough: "What better way to understand a role than to be trained in it?"

Over the next year or so he will complete three more Masters qualifications and start on a law degree in e-commerce and digital forensics as a precursor to a doctorate in business administration.

The Masters are in information systems security, and management, at Charles Sturt, and statistics at Newcastle Universities.

All have been gained through online, self-paced programs sourced in Australia, the US and UK: "As long as I can do distance learning I am happy - I don't like the structured approach of on-campus university.

"I am doing my third Masters at Charles Sturt because I like their teaching styles. They have a strong focus on business relevance and are one of the best universities I have been to for this.

"Newcastle offers what I would call 'academic purity' and from an advanced mathematics perspective, this is better."

He did complete a "traditional" IT degree in the 90s as a platform for later studies which have earned him a Master of Network and System Administration, Graduate Diplomas in Business (for both Logistics and Purchasing), and associate degrees in nuclear physics and organic chemistry.

He holds Certified Information Security Auditor (CISA) and Management (CISM) qualifications from ISACA, and CISSP in both architecture and management. He also has G7799 and GCFA SANS technical certifications.

"Personally, I do not know how companies can offer security reviews and assessments, particularly risk assessment, without staff who have at least a combination of technical security and business qualifications."

As well as the ACS, he has membership in IEEE, and is an Associate Fellow of the Australian Institute of Management. There are other professional memberships, but like his qualifications, has to be pushed to list them.

He thinks "there are about 50 qualifications" but insists that he "cannot remember offhand what they all are". It's not a case of being coy, nor of some sort of obsessive acquisition - study has always been his thing.

As a teenager, he started into IT selling PCs for K-Mart in Brisbane, but his ambition was to be a pilot in the RAAF, preferably combined with a degree in IT engineering. The more he looked at it as a career path, however, the more he realised that the engineering side would dominate and he would never get to fly.

So he left his B.Eng unfinished, and started a journey of learning, commitment and accomplishment with Novell certifications in the early 90s and a series of jobs with organisations like Corporate Express and Ozemail.

It gave him a background in database management, technical services and security, and importantly, an understanding of business/IT convergence, leading to the first of a string of qualifications in logistics and other business imperatives.

Heading to Sydney to find wider pastures in the mid-90s, he joined the Australian Stock Exchange and became immersed in ICT security, and among other things became familiar with VMS (the ASX was predominately as Digital site) "to learn how things should run".

"They had a DEC machine there running VMS which had not been rebooted in 11 years," he recalls. "It had been running so long, no one really knew what it did."

He left to start his own consultancy and the learning, both academic and practical, went on. At BDO in Sydney since 2005 his pressured life continues as a manager in a chartered firm dealing with a portfolio of clients, but also delivering courses to audit staff.

BDO specialises in computer system audits, risk reviews, network vulnerability assessment, statistical analysis and information systems security in general - in addition to a range of financial and business services.

To ensure that staff stay in touch with current issues, Wright lectures on corporate fraud detection, financial and IT risk management and analysis, Sarbanes-Oxley, ISO 7799, digital forensics, disaster recovery and business continuity, and security issues in general (including physical intrusion).

Sleep? What sleep? It's a life that's covered to the edges with responsibilities and continuing personal development. So what does he do for relaxation?

He and his wife (she has, among other qualifications, an MBA in international business) live NSW's Central Coast from where he commutes for an hour or more every day to his Sydney office.

The time isn't wasted; he downloads and scans reference material into MP3 files and listens to them in his car. Otherwise he's busy staying abreast of developments in his chosen fields, but this doesn't leave much time for sleep: "Nuclear physics requires a ridiculous amount of reading."

They also have a cattle property in the north of NSW which has a manager on it as part of an agistment deal, but like everything else, the business of running a property and managing a herd meant research, again done online.

Business ethics And just when you think the nerdy learning thing will never end, a question about the "Dr" in front of his name reveals that he is also a Dr of Theology in the Uniting Church, and he's working towards becoming a Deacon.

Raised as a Catholic, he turned to Protestantism to find a more practical spiritual fulfilment, demonstrated in his charity work sourcing and supplying IT gear and skills for needy children.

His religion also gives him a base from which to consider the ethical issues which increasingly need resolution alongside technical ones in ICT and business.

He scours auction listings for redundant PCs and peripherals, scrounges them from his own and other companies and buys superseded software for as little as he can legally get it. If anything needs fixing, he takes it home and does that himself "to keep his hand in".

It's where his career started a couple of decades ago, after all. With decades of professional life ahead of him, where it will end up is a research exercise in itself (which he has probably done already).