Peter Teoh

pete@teoh.us | +1 212-882-1335 | 2 Gold St 22D, New York, NY 10038

Summary

A well-rounded Information Security and Compliance leader with hands on experience in a wide range of technologies from firewalls to DLP. I work well in cross-functional teams and have an excellent understanding of the balance between business, legal, and technological priorities.

Experience

Google

April 2018 - Present

Program Manager, Engineering Compliance

  • Coordinate, manage, and facilitate compliance processes with internal and external stakeholders to provide timely deliverables and rapid remediations for Google Cloud.

Flatiron Health

January 2017 - February 2018

Head of Security Policy, Audit & Compliance

  • Worked across Information Security, Legal, and Business teams to develop Flatiron’s security policy in accordance with regulatory and contractual requirements. (HITRUST, HIPAA)
  • Built processes to audit compliance to security policy.
  • Conducted security onboarding training for all new employees.
  • Performed PoC and selected a GRC tool to consolidate related information to a single system of record.

OTG Management

June 2014 - January 2017

Director of Compliance

  • Guided the software development team to improve security posture and compliance with industry standards and regulatory requirements, including PCI and SOX.
  • Instituted change control process for new software deployment, ensuring proper notification to stakeholders, and reducing outages due to miscommunication.
  • Evaluated EMV payment terminal options and worked with Legal and Business Operations to map out and execute migration strategy.
  • Collaborated with Corporate Legal Counsel to create privacy policy for the company.

TIAA

June 2012 - June 2014

Technical Lead, Data Protection

  • Managed a team of Information Security Analysts in day-to-day operations of the enterprise Data Loss Prevention (DLP) program.
  • Led the technical direction and architecture for the data protection program to increase the scope of coverage from personally identifiable information (PII) to unstructured material nonpublic information.
  • Established configuration baselines with oversight for web proxy, and email security platforms.
  • Collaborated with Compliance and Internal Audit teams to ensure security controls match company policy and regulatory requirements.
  • Led TIAA's LGBT Employee Resource Group for the Charlotte office.

TIAA

July 2009 - June 2012

Senior Information Security Engineer

  • Successfully led a multi-year, multi-million dollar project to fully deploy Symantec Data Loss Prevention (Vontu) including Data at Rest, Data in Motion and Data in Use aspects.
  • Deployed and managed Ironkey devices for secure encrypted storage of corporate data.
  • Performed firewall change request reviews and approvals.
  • Performed server vulnerability testing with nCircle appliances.

TIAA

June 2004 - July 2009

Senior Network Engineer

  • Managed NetScreen firewall configurations at multiple locations with NetScreen Security Manager.
  • Led a team to complete the migration of business partner connections to the new Broomfield Data Center.
  • Consolidated multiple disparate DNS and DHCP services into a single platform using Lucent VitalQIP with network access control capabilities using Lucent Registration Manager.
  • Designed and implemented IronPort email security appliances for malware and spam filtering.
  • Managed global server load balancing function using F5’s 3DNS and Big-IP platforms.
  • Designed and implemented DMZ and remote access services for Charlotte office.
  • Managed multiple Proxy Server environments including Blue Coat HTTP and Permeo SOCKS proxies.

Meijer, Inc.

January 2001 - June 2004

Network Architect

  • Performed vulnerability assessments and monitoring on DMZ hosts utilizing Nessus and nmap.
  • Managed Check Point firewalls on Nokia hardware platform and Cisco PIX firewalls.
  • Designed and deployed DMZ with full redundancy to dual ISPs using BGP4 for near 100% uptime.
  • Managed Cisco VPN appliances, routers, switches, and CSS load balancers in DMZ environment.
  • Designed and managed enterprise DNS/DHCP platform with Lucent QIP.

Haworth, Inc.

May 1998 - December 2000

Computer Systems Engineer

  • Implemented cost-efficient VPNs for connectivity to the company's European locations.
  • Redesigned and installed frame relay WANs for international locations.
  • Managed Check Point Firewall-1 and Cisco PIX firewalls with full failover capability.
  • Responsible for GroupWise server infrastructure.
  • Designed and implemented standard web server architecture for B2B and B2C web applications

Haworth, Inc.

April 1995 - May 1998

Treasury Analyst

  • Implemented Positive Pay system with electronic imaging to eliminate check fraud.
  • Managed short-term investment portfolio, and short-term loans for optimal cash balances.
  • Developed financial plan and analysis for manufacturing startup in Malaysia and China.

Volunteer Positions

Queercon

April 2018 - Present

Board Member

  • Provided input and direction as a Board Member for events organized by the team.

DEF CON

January 2016 - Present

Workshops Review Board and Goon

  • Reviewed workshop proposals submitted to DEF CON and provided input for acceptance or rejection.
  • Staffed registration and check in of students for DEF CON Workshops.

Crypto & Privacy Village

January 2015 - January 2017

Co-Organizer

  • Led the recruitment and scheduling of volunteers to staff village during DEF CON.
  • Worked with organizing team to plan and execute talks, workshops, and activities for the village.

Achievements & Training

  • Presented talk on “Data Protection 101” at DEF CON 22 (2014)
  • HP Arcsight ESM Security Analyst training
  • GIAC Security Essentials Certification (GSEC) (expired), published in SANS Reading Room
  • Cisco Certified Network Associate (CCNA) (expired)
  • Check Point Certified Security Administrator (CCSA), Check Point Certified Security Expert (CCSE)

Education

Western Michigan University

Master of Business Administration (1998)

  • Concentration in Information Systems.

Bachelor of Business Administration (1994)

  • Graduated cum laude. Major: Finance, Minors: Accounting and General Business