Peter Teoh | +1 646-767-6447 | New York, NY, US


A well-rounded privacy and information security leader with hands on experience in a wide range of technologies from firewalls to DLP. I work well in cross-functional teams and have an excellent understanding of the balance between business, legal, and technological priorities.

Professional Experience


December 2019 - Present

Program Manager, Privacy Safety & Security

  • Responsible for strategic privacy compliance programs across Google's product areas.

  • Leading privacy code audit efforts.


March 2019 - December 2019

Security Engineer, Certificate Authority

  • Responsible for secure operations of Google’s publicly-trusted Certificate Authority including required audit procedures, and annual security assessments.

  • Performed duties in key generation and revocation ceremonies in accordance with approved procedures.


April 2018 - March 2019

Program Manager, Engineering Compliance

  • Led the annual WebTrust audit of Google’s Certificate Authority; successfully delivering reports on time.

  • Coordinate, manage, and facilitate compliance processes under multiple compliance frameworks like ISO 27001, SSAE, HITRUST, for Google Cloud and Infrastructure.

Flatiron Health

January 2017 - February 2018

Head of Security Policy, Audit & Compliance

  • Worked across Information Security, Legal, and Business teams to develop Flatiron’s security policy in accordance with regulatory and contractual requirements. (HITRUST, HIPAA)

  • Built processes to audit compliance to security policy.

  • Conducted security onboarding training for all new employees.

OTG Management

June 2014 - January 2017

Director of Compliance

  • Guided the software development team to improve security posture and compliance with industry standards and regulatory requirements, including PCI and SOX.

  • Instituted change control process for new software deployment, ensuring proper notification to stakeholders, and reducing outages due to miscommunication.

  • Evaluated EMV payment terminal options and worked with Legal and Business Operations to map out and execute migration strategy.


June 2012 - June 2014

Technical Lead, Data Protection

  • Managed a team of Security Analysts in day-to-day operations of the Data Loss Prevention program.

  • Led the technical direction and architecture for the data protection program to increase the scope of coverage from personally identifiable information (PII) to unstructured material nonpublic information.

  • Collaborated with Compliance and Internal Audit to ensure security controls matched policies.

  • Led TIAA's LGBT Employee Resource Group for the Charlotte office.


July 2009 - June 2012

Senior Information Security Engineer

  • Successfully led a multi-year project to fully deploy Symantec Data Loss Prevention (Vontu).

  • Deployed and managed Ironkey devices for secure encrypted storage of corporate data.

  • Performed firewall change request reviews and approvals.

  • Performed server vulnerability testing with nCircle appliances.


June 2004 - July 2009

Senior Network Engineer

  • Managed NetScreen firewall configurations at multiple locations with NetScreen Security Manager.

  • Led a team to complete the migration of business partner connections to the new Broomfield Data Center.

  • Consolidated multiple disparate DNS and DHCP services into a single platform using Lucent VitalQIP.

  • Designed and implemented IronPort email security appliances for malware and spam filtering.

  • Managed global server load balancing function using F5’s 3DNS and Big-IP platforms.

  • Designed and implemented DMZ and remote access services for Charlotte office.

  • Managed multiple Proxy Server environments including Blue Coat HTTP and Permeo SOCKS proxies.

Meijer, Inc.

January 2001 - June 2004

Network Architect

  • Managed Check Point firewalls on Nokia hardware platform and Cisco PIX firewalls.

  • Designed and deployed DMZ with full redundancy to dual ISPs using BGP4 for near 100% uptime.

  • Managed Cisco VPN appliances, routers, switches, and CSS load balancers in DMZ environment.

  • Designed and managed enterprise DNS/DHCP platform with Lucent QIP.

Haworth, Inc.

May 1998 - December 2000

Computer Systems Engineer

  • Implemented cost-efficient VPNs for connectivity to the company's European locations.

  • Redesigned and installed frame relay WANs for international locations.

  • Managed Check Point Firewall-1 and Cisco PIX firewalls with full failover capability.

  • Responsible for GroupWise server infrastructure.

Haworth, Inc.

April 1995 - May 1998

Treasury Analyst

  • Implemented Positive Pay system with electronic imaging to eliminate check fraud.

  • Managed short-term investment portfolio, and short-term loans for optimal cash balances.

  • Developed financial plan and analysis for manufacturing startup in Malaysia and China.

Volunteer Experience


January 2016 - Present

CFP Review Board and Goon

  • Reviewed talks and workshops proposals submitted to DEF CON and provided input for acceptance or rejection.

  • Staffed registration and check in of students for DEF CON Workshops.


April 2018 - November 2020

Board Member and Vice President

  • Provide strategic direction for Queercon, a 501(c)(3) nonprofit for LGBTQ+ security professionals.

Crypto & Privacy Village

January 2015 - January 2017


  • Led the recruitment and scheduling of volunteers to staff village during DEF CON.

  • Worked with organizing team to plan and execute talks, workshops, and activities for the village.

Achievements & Training

  • ISO/IEC 27001:2013 Lead Implementer (EY Certificate 20190125-019)

  • ISO/IEC 22301:2012 Lead Implementer (EY Certificate 20180523-010)

  • Presented talk on “Data Protection 101” at DEF CON 22 (2014)

  • HP Arcsight ESM Security Analyst training


Western Michigan University

Master of Business Administration (1998)

  • Concentration in Information Systems.

Bachelor of Business Administration (1994)

  • Graduated cum laude. Major: Finance, Minors: Accounting and General Business


  • Fluent in English, Malay, and several dialects of Chinese including Mandarin, Cantonese and Hokkien.