Peter Teoh

pete@teoh.us | +1 212-882-1335 | 2 Gold St 22D, New York, NY 10038

Summary

A well-rounded Information Security and Compliance leader with hands on experience in a wide range of technologies from firewalls to DLP. I work well in cross-functional teams and have an excellent understanding of the balance between business, legal, and technological priorities.

Professional Experience

Google

April 2018 - Present

Program Manager, Engineering Compliance

  • Led the annual WebTrust audit of Google’s Certificate Authority; successfully delivering reports on time.
  • Coordinate, manage, and facilitate compliance processes for Google Cloud and Infrastructure.

Flatiron Health

January 2017 - February 2018

Head of Security Policy, Audit & Compliance

  • Worked across Information Security, Legal, and Business teams to develop Flatiron’s security policy in accordance with regulatory and contractual requirements. (HITRUST, HIPAA)
  • Built processes to audit compliance to security policy.
  • Conducted security onboarding training for all new employees.

OTG Management

June 2014 - January 2017

Director of Compliance

  • Guided the software development team to improve security posture and compliance with industry standards and regulatory requirements, including PCI and SOX.
  • Instituted change control process for new software deployment, ensuring proper notification to stakeholders, and reducing outages due to miscommunication.
  • Evaluated EMV payment terminal options and worked with Legal and Business Operations to map out and execute migration strategy.

TIAA

June 2012 - June 2014

Technical Lead, Data Protection

  • Managed a team of Security Analysts in day-to-day operations of the Data Loss Prevention program.
  • Led the technical direction and architecture for the data protection program to increase the scope of coverage from personally identifiable information (PII) to unstructured material nonpublic information.
  • Collaborated with Compliance and Internal Audit to ensure security controls matched policies.
  • Led TIAA's LGBT Employee Resource Group for the Charlotte office.

TIAA

July 2009 - June 2012

Senior Information Security Engineer

  • Successfully led a multi-year project to fully deploy Symantec Data Loss Prevention (Vontu).
  • Deployed and managed Ironkey devices for secure encrypted storage of corporate data.
  • Performed firewall change request reviews and approvals.
  • Performed server vulnerability testing with nCircle appliances.

TIAA

June 2004 - July 2009

Senior Network Engineer

  • Managed NetScreen firewall configurations at multiple locations with NetScreen Security Manager.
  • Led a team to complete the migration of business partner connections to the new Broomfield Data Center.
  • Consolidated multiple disparate DNS and DHCP services into a single platform using Lucent VitalQIP.
  • Designed and implemented IronPort email security appliances for malware and spam filtering.
  • Managed global server load balancing function using F5’s 3DNS and Big-IP platforms.
  • Designed and implemented DMZ and remote access services for Charlotte office.
  • Managed multiple Proxy Server environments including Blue Coat HTTP and Permeo SOCKS proxies.

Meijer, Inc.

January 2001 - June 2004

Network Architect

  • Managed Check Point firewalls on Nokia hardware platform and Cisco PIX firewalls.
  • Designed and deployed DMZ with full redundancy to dual ISPs using BGP4 for near 100% uptime.
  • Managed Cisco VPN appliances, routers, switches, and CSS load balancers in DMZ environment.
  • Designed and managed enterprise DNS/DHCP platform with Lucent QIP.

Haworth, Inc.

May 1998 - December 2000

Computer Systems Engineer

  • Implemented cost-efficient VPNs for connectivity to the company's European locations.
  • Redesigned and installed frame relay WANs for international locations.
  • Managed Check Point Firewall-1 and Cisco PIX firewalls with full failover capability.
  • Responsible for GroupWise server infrastructure.

Haworth, Inc.

April 1995 - May 1998

Treasury Analyst

  • Implemented Positive Pay system with electronic imaging to eliminate check fraud.
  • Managed short-term investment portfolio, and short-term loans for optimal cash balances.
  • Developed financial plan and analysis for manufacturing startup in Malaysia and China.

Volunteer Experience

DEF CON

January 2016 - Present

Workshops Review Board and Goon

  • Reviewed workshop proposals submitted to DEF CON and provided input for acceptance or rejection.
  • Staffed registration and check in of students for DEF CON Workshops.

Queercon

April 2018 - Present

Board Member and Vice President

  • Provide strategic direction for Queercon, a 501(c)(3) nonprofit for LGBTQ+ security professionals.

Crypto & Privacy Village

January 2015 - January 2017

Co-Organizer

  • Led the recruitment and scheduling of volunteers to staff village during DEF CON.
  • Worked with organizing team to plan and execute talks, workshops, and activities for the village.

Achievements & Training

  • Presented talk on “Data Protection 101” at DEF CON 22 (2014)
  • HP Arcsight ESM Security Analyst training
  • Expired Certifications: GIAC Security Essentials Certification (GSEC), Cisco Certified Network Associate (CCNA), Check Point Certified Security Administrator (CCSA), Check Point Certified Security Expert (CCSE)

Education

Western Michigan University

Master of Business Administration (1998)

  • Concentration in Information Systems.

Bachelor of Business Administration (1994)

  • Graduated cum laude. Major: Finance, Minors: Accounting and General Business

Languages

  • Fluent in English, Malay, and several dialects of Chinese including Mandarin, Cantonese and Hokkien.