Peter Teoh

pete@teoh.us | +1 212-882-1335 | 2 Gold St 22D, New York, NY 10038

Summary

A well-rounded Information Security and Compliance leader with hands on experience in a wide range of technologies from firewalls to DLP. I work well in cross-functional teams and have an excellent understanding of the balance between business, legal, and technological priorities.

Professional Experience

Google

March 2018 - Present

Security Engineer, Certificate Authority

Google

April 2018 - March 2019

Program Manager, Engineering Compliance

  • Led the annual WebTrust audit of Google’s Certificate Authority; successfully delivering reports on time.
  • Coordinate, manage, and facilitate compliance processes for Google Cloud and Infrastructure.

Flatiron Health

January 2017 - February 2018

Head of Security Policy, Audit & Compliance

  • Worked across Information Security, Legal, and Business teams to develop Flatiron’s security policy in accordance with regulatory and contractual requirements. (HITRUST, HIPAA)
  • Built processes to audit compliance to security policy.
  • Conducted security onboarding training for all new employees.

OTG Management

June 2014 - January 2017

Director of Compliance

  • Guided the software development team to improve security posture and compliance with industry standards and regulatory requirements, including PCI and SOX.
  • Instituted change control process for new software deployment, ensuring proper notification to stakeholders, and reducing outages due to miscommunication.
  • Evaluated EMV payment terminal options and worked with Legal and Business Operations to map out and execute migration strategy.

TIAA

June 2012 - June 2014

Technical Lead, Data Protection

  • Managed a team of Security Analysts in day-to-day operations of the Data Loss Prevention program.
  • Led the technical direction and architecture for the data protection program to increase the scope of coverage from personally identifiable information (PII) to unstructured material nonpublic information.
  • Collaborated with Compliance and Internal Audit to ensure security controls matched policies.
  • Led TIAA's LGBT Employee Resource Group for the Charlotte office.

TIAA

July 2009 - June 2012

Senior Information Security Engineer

  • Successfully led a multi-year project to fully deploy Symantec Data Loss Prevention (Vontu).
  • Deployed and managed Ironkey devices for secure encrypted storage of corporate data.
  • Performed firewall change request reviews and approvals.
  • Performed server vulnerability testing with nCircle appliances.

TIAA

June 2004 - July 2009

Senior Network Engineer

  • Managed NetScreen firewall configurations at multiple locations with NetScreen Security Manager.
  • Led a team to complete the migration of business partner connections to the new Broomfield Data Center.
  • Consolidated multiple disparate DNS and DHCP services into a single platform using Lucent VitalQIP.
  • Designed and implemented IronPort email security appliances for malware and spam filtering.
  • Managed global server load balancing function using F5’s 3DNS and Big-IP platforms.
  • Designed and implemented DMZ and remote access services for Charlotte office.
  • Managed multiple Proxy Server environments including Blue Coat HTTP and Permeo SOCKS proxies.

Meijer, Inc.

January 2001 - June 2004

Network Architect

  • Managed Check Point firewalls on Nokia hardware platform and Cisco PIX firewalls.
  • Designed and deployed DMZ with full redundancy to dual ISPs using BGP4 for near 100% uptime.
  • Managed Cisco VPN appliances, routers, switches, and CSS load balancers in DMZ environment.
  • Designed and managed enterprise DNS/DHCP platform with Lucent QIP.

Haworth, Inc.

May 1998 - December 2000

Computer Systems Engineer

  • Implemented cost-efficient VPNs for connectivity to the company's European locations.
  • Redesigned and installed frame relay WANs for international locations.
  • Managed Check Point Firewall-1 and Cisco PIX firewalls with full failover capability.
  • Responsible for GroupWise server infrastructure.

Haworth, Inc.

April 1995 - May 1998

Treasury Analyst

  • Implemented Positive Pay system with electronic imaging to eliminate check fraud.
  • Managed short-term investment portfolio, and short-term loans for optimal cash balances.
  • Developed financial plan and analysis for manufacturing startup in Malaysia and China.

Volunteer Experience

DEF CON

January 2016 - Present

Workshops Review Board and Goon

  • Reviewed workshop proposals submitted to DEF CON and provided input for acceptance or rejection.
  • Staffed registration and check in of students for DEF CON Workshops.

Queercon

April 2018 - Present

Board Member and Vice President

  • Provide strategic direction for Queercon, a 501(c)(3) nonprofit for LGBTQ+ security professionals.

Crypto & Privacy Village

January 2015 - January 2017

Co-Organizer

  • Led the recruitment and scheduling of volunteers to staff village during DEF CON.
  • Worked with organizing team to plan and execute talks, workshops, and activities for the village.

Achievements & Training

  • ISO/IEC 27001:2013 Lead Implementer (EY Certificate 20190125-019)
  • ISO/IEC 22301:2012 Lead Implementer (EY Certificate 20180523-010)
  • Presented talk on “Data Protection 101” at DEF CON 22 (2014)
  • HP Arcsight ESM Security Analyst training

Education

Western Michigan University

Master of Business Administration (1998)

  • Concentration in Information Systems.

Bachelor of Business Administration (1994)

  • Graduated cum laude. Major: Finance, Minors: Accounting and General Business

Languages

  • Fluent in English, Malay, and several dialects of Chinese including Mandarin, Cantonese and Hokkien.