A well-rounded Information Security and Compliance leader with hands on experience in a wide range of technologies from firewalls to DLP. I work well in cross-functional teams and have an excellent understanding of the balance between business, legal, and technological priorities.
March 2019 - Present
Security Engineer, Certificate Authority
- Responsible for secure operations of Google’s publicly-trusted Certificate Authority including required audit procedures, and annual security assessments.
- Performed duties in key generation and revocation ceremonies in accordance with approved procedures.
April 2018 - March 2019
Program Manager, Engineering Compliance
- Led the annual WebTrust audit of Google’s Certificate Authority; successfully delivering reports on time.
- Coordinate, manage, and facilitate compliance processes under multiple compliance frameworks like ISO 27001, SSAE, HITRUST, for Google Cloud and Infrastructure.
January 2017 - February 2018
Head of Security Policy, Audit & Compliance
- Worked across Information Security, Legal, and Business teams to develop Flatiron’s security policy in accordance with regulatory and contractual requirements. (HITRUST, HIPAA)
- Built processes to audit compliance to security policy.
- Conducted security onboarding training for all new employees.
June 2014 - January 2017
Director of Compliance
- Guided the software development team to improve security posture and compliance with industry standards and regulatory requirements, including PCI and SOX.
- Instituted change control process for new software deployment, ensuring proper notification to stakeholders, and reducing outages due to miscommunication.
- Evaluated EMV payment terminal options and worked with Legal and Business Operations to map out and execute migration strategy.
June 2012 - June 2014
Technical Lead, Data Protection
- Managed a team of Security Analysts in day-to-day operations of the Data Loss Prevention program.
- Led the technical direction and architecture for the data protection program to increase the scope of coverage from personally identifiable information (PII) to unstructured material nonpublic information.
- Collaborated with Compliance and Internal Audit to ensure security controls matched policies.
- Led TIAA's LGBT Employee Resource Group for the Charlotte office.
July 2009 - June 2012
Senior Information Security Engineer
- Successfully led a multi-year project to fully deploy Symantec Data Loss Prevention (Vontu).
- Deployed and managed Ironkey devices for secure encrypted storage of corporate data.
- Performed firewall change request reviews and approvals.
- Performed server vulnerability testing with nCircle appliances.
June 2004 - July 2009
Senior Network Engineer
- Managed NetScreen firewall configurations at multiple locations with NetScreen Security Manager.
- Led a team to complete the migration of business partner connections to the new Broomfield Data Center.
- Consolidated multiple disparate DNS and DHCP services into a single platform using Lucent VitalQIP.
- Designed and implemented IronPort email security appliances for malware and spam filtering.
- Managed global server load balancing function using F5’s 3DNS and Big-IP platforms.
- Designed and implemented DMZ and remote access services for Charlotte office.
- Managed multiple Proxy Server environments including Blue Coat HTTP and Permeo SOCKS proxies.
January 2001 - June 2004
- Managed Check Point firewalls on Nokia hardware platform and Cisco PIX firewalls.
- Designed and deployed DMZ with full redundancy to dual ISPs using BGP4 for near 100% uptime.
- Managed Cisco VPN appliances, routers, switches, and CSS load balancers in DMZ environment.
- Designed and managed enterprise DNS/DHCP platform with Lucent QIP.
May 1998 - December 2000
Computer Systems Engineer
- Implemented cost-efficient VPNs for connectivity to the company's European locations.
- Redesigned and installed frame relay WANs for international locations.
- Managed Check Point Firewall-1 and Cisco PIX firewalls with full failover capability.
- Responsible for GroupWise server infrastructure.
April 1995 - May 1998
- Implemented Positive Pay system with electronic imaging to eliminate check fraud.
- Managed short-term investment portfolio, and short-term loans for optimal cash balances.
- Developed financial plan and analysis for manufacturing startup in Malaysia and China.
January 2016 - Present
Workshops Review Board and Goon
- Reviewed workshop proposals submitted to DEF CON and provided input for acceptance or rejection.
- Staffed registration and check in of students for DEF CON Workshops.
April 2018 - Present
Board Member and Vice President
- Provide strategic direction for Queercon, a 501(c)(3) nonprofit for LGBTQ+ security professionals.
Crypto & Privacy Village
January 2015 - January 2017
- Led the recruitment and scheduling of volunteers to staff village during DEF CON.
- Worked with organizing team to plan and execute talks, workshops, and activities for the village.
Achievements & Training
- ISO/IEC 27001:2013 Lead Implementer (EY Certificate 20190125-019)
- ISO/IEC 22301:2012 Lead Implementer (EY Certificate 20180523-010)
- Presented talk on “Data Protection 101” at DEF CON 22 (2014)
- HP Arcsight ESM Security Analyst training
Western Michigan University
Master of Business Administration (1998)
- Concentration in Information Systems.
Bachelor of Business Administration (1994)
- Graduated cum laude. Major: Finance, Minors: Accounting and General Business
- Fluent in English, Malay, and several dialects of Chinese including Mandarin, Cantonese and Hokkien.