PhD, M.Phil, MAArbDR, BSc
Principal Consultant
19 years of IT Security Experience
Professional Certifications
CISSP, CISA, CISM, CCFP, CCSP, CCSK, CEH, GPEN, GIAC Advisory Board, ACE, ISSMP, ISSAP, ISO 27001 LA, STAR Auditor
- ISC2 Asia-Pacific Information Security Leadership Achievements (ISLA) Honoree – Senior Information Security Professional (2017)
- GIAC Advisory Board Member
- Founding Member of High Tech Crime Investigation Association
- Founding Member and Council Member of Information Security and Forensic Society (F.ISFS)
- Founding Member, Vice-President for Professional Development of Cloud Security Alliance (HK & Macau) Chapter
- Authorized CCSK Trainer
- ISC2 Authorized CCSP Trainer
- Part-time lecturer and Adjunct Assistant Professor of the Hong Kong University of Science and Technology
Award
- Asia-Pacific Information Security Leadership Achievements (ISLA®) Program 2017 honorees:
Senior Information Security Professional
Achievements
- Led and performed security risk assessment, security audit, penetration tests, and security strategy study for HKSAR government departments.
- Performed Sarbanes-Oxley Act 404 IT consultancy services for China and Hong Kong-based US corporations.
- Led and conducted Computer Forensics investigations and incident handling services for HKSAR government departments and Financial Institutes in Hong Kong.
- Designed and developed computer forensics tools for multi-national corporations
- Defined and planned the IT security services direction of the HP e-Security Center, HP Security Team in HK and AP Security Competence Center of HP;
- Led the HP Security Team in HK and Deputy Manager in the ITPSA Cat D (Security Services) for HKSAR Government.
- Led one of the two HP e-Security Center and performed penetration test services for clients in Asia Pacific, Europe and America.
Reference Cases
- Led over 50 governmental Security Risk Assessment and Audit cases for HKSAR governments
- Led and performed security assessment and audit for over 10 financial institutions in Hong Kong
- Led and performed web penetration tests for over 20 local and international corporations
- Conducted over 50 trainings on cloud security, incident handling and forensics, operating systems security and IT general awareness trainings