A well-rounded privacy and information security leader with hands on experience in a wide range of technologies from firewalls to DLP. I work well in cross-functional teams and have an excellent understanding of the balance between business, legal, and technological priorities.
December 2019 - Present
Program Manager, Privacy & Data Protection Office
Responsible for strategic privacy compliance programs across Google's product areas.
Leading privacy code audit efforts.
March 2019 - December 2019
Security Engineer, Certificate Authority
Responsible for secure operations of Google’s publicly-trusted Certificate Authority including required audit procedures, and annual security assessments.
Performed duties in key generation and revocation ceremonies in accordance with approved procedures.
April 2018 - March 2019
Program Manager, Engineering Compliance
Led the annual WebTrust audit of Google’s Certificate Authority; successfully delivering reports on time.
Coordinate, manage, and facilitate compliance processes under multiple compliance frameworks like ISO 27001, SSAE, HITRUST, for Google Cloud and Infrastructure.
January 2017 - February 2018
Head of Security Policy, Audit & Compliance
Worked across Information Security, Legal, and Business teams to develop Flatiron’s security policy in accordance with regulatory and contractual requirements. (HITRUST, HIPAA)
Built processes to audit compliance to security policy.
Conducted security onboarding training for all new employees.
June 2014 - January 2017
Director of Compliance
Guided the software development team to improve security posture and compliance with industry standards and regulatory requirements, including PCI and SOX.
Instituted change control process for new software deployment, ensuring proper notification to stakeholders, and reducing outages due to miscommunication.
Evaluated EMV payment terminal options and worked with Legal and Business Operations to map out and execute migration strategy.
June 2012 - June 2014
Technical Lead, Data Protection
Managed a team of Security Analysts in day-to-day operations of the Data Loss Prevention program.
Led the technical direction and architecture for the data protection program to increase the scope of coverage from personally identifiable information (PII) to unstructured material nonpublic information.
Collaborated with Compliance and Internal Audit to ensure security controls matched policies.
Led TIAA's LGBT Employee Resource Group for the Charlotte office.
July 2009 - June 2012
Senior Information Security Engineer
Successfully led a multi-year project to fully deploy Symantec Data Loss Prevention (Vontu).
Deployed and managed Ironkey devices for secure encrypted storage of corporate data.
Performed firewall change request reviews and approvals.
Performed server vulnerability testing with nCircle appliances.
June 2004 - July 2009
Senior Network Engineer
Managed NetScreen firewall configurations at multiple locations with NetScreen Security Manager.
Led a team to complete the migration of business partner connections to the new Broomfield Data Center.
Consolidated multiple disparate DNS and DHCP services into a single platform using Lucent VitalQIP.
Designed and implemented IronPort email security appliances for malware and spam filtering.
Managed global server load balancing function using F5’s 3DNS and Big-IP platforms.
Designed and implemented DMZ and remote access services for Charlotte office.
Managed multiple Proxy Server environments including Blue Coat HTTP and Permeo SOCKS proxies.
January 2001 - June 2004
Managed Check Point firewalls on Nokia hardware platform and Cisco PIX firewalls.
Designed and deployed DMZ with full redundancy to dual ISPs using BGP4 for near 100% uptime.
Managed Cisco VPN appliances, routers, switches, and CSS load balancers in DMZ environment.
Designed and managed enterprise DNS/DHCP platform with Lucent QIP.
May 1998 - December 2000
Computer Systems Engineer
Implemented cost-efficient VPNs for connectivity to the company's European locations.
Redesigned and installed frame relay WANs for international locations.
Managed Check Point Firewall-1 and Cisco PIX firewalls with full failover capability.
Responsible for GroupWise server infrastructure.
April 1995 - May 1998
Implemented Positive Pay system with electronic imaging to eliminate check fraud.
Managed short-term investment portfolio, and short-term loans for optimal cash balances.
Developed financial plan and analysis for manufacturing startup in Malaysia and China.
January 2016 - Present
Workshops Review Board and Goon
Reviewed workshop proposals submitted to DEF CON and provided input for acceptance or rejection.
Staffed registration and check in of students for DEF CON Workshops.
April 2018 - Present
Board Member and Vice President
Provide strategic direction for Queercon, a 501(c)(3) nonprofit for LGBTQ+ security professionals.
Crypto & Privacy Village
January 2015 - January 2017
Led the recruitment and scheduling of volunteers to staff village during DEF CON.
Worked with organizing team to plan and execute talks, workshops, and activities for the village.
Achievements & Training
ISO/IEC 27001:2013 Lead Implementer (EY Certificate 20190125-019)
ISO/IEC 22301:2012 Lead Implementer (EY Certificate 20180523-010)
Presented talk on “Data Protection 101” at DEF CON 22 (2014)
HP Arcsight ESM Security Analyst training
Western Michigan University
Master of Business Administration (1998)
Concentration in Information Systems.
Bachelor of Business Administration (1994)
Graduated cum laude. Major: Finance, Minors: Accounting and General Business
Fluent in English, Malay, and several dialects of Chinese including Mandarin, Cantonese and Hokkien.