Expert Details
Information Security & Cybersecurity
ID: 740265
California, USA
Throughout his career, Expert has demonstrated a keen ability to streamline security processes and achieve cost efficiencies, such as saving hundreds of thousands of dollars through tool consolidation and cloud migrations. He has played a pivotal role in strengthening third-party risk management practices by conducting vendor assessments and implementing governance programs. At Madison Square Garden, he led security initiatives for high-profile venues, while at CTBC Bank, his leadership resulted in a phishing simulation click-through rate of under 2%, showcasing his commitment to robust security awareness training. His expertise extends to presenting complex security topics to executive teams and international leadership, underscoring his capability to communicate the importance of cybersecurity in business terms. His proactive approach to evolving threats and deep technical knowledge make him a valuable asset in guiding organizations toward resilient security postures.
Education
| Year | Degree | Subject | Institution |
|---|---|---|---|
| Year: 2018 | Degree: BS | Subject: IT Security | Institution: Western Governor's University |
Work History
| Years | Employer | Title | Department |
|---|---|---|---|
| Years: 2022 to 2024 | Employer: Madison Square Garden | Title: Director, Information Security | Department: |
Responsibilities:• Responsible for information security oversight at the studio in Burbank and Sphere in Las Vegas, including cloud security, email security, content security, and security awareness.• Initiated risk assessment and gap analysis of Motion Picture of America (MPA) best-practice guidelines against current control implementation and worked closely with studio teams to mitigate security weaknesses in governance, digital security, and physical security. • Researched, evaluated, selected, and implemented next-generation email security platform, and eliminated the use of redundant tools, achieving yearly cost savings of $100,000. • Led the rollout of phishing-resistant MFA to all employees. • Created SIEM dashboards to support incident response and alert to large data movements between studio networks and external entities. • Partnered with Identity & Access Management team to migrate tens of applications to single sign-on (SSO) and SCIM provisioning. • Performed all in-person security awareness training for Burbank staff. |
|||
| Years | Employer | Title | Department |
| Years: 2019 to 2021 | Employer: CTBC Bank, USA | Title: First Vice President and Deputy CISO | Department: |
Responsibilities:• Researched evaluated, and implemented Menlo Security’s cloud-based web isolation platform, eliminating 100% of web-based malware.• Implemented Crowdstrike EDR, device control, and endpoint firewall solutions. • Implemented Splunk Cloud to replace on-premises SIEM, achieving yearly cost savings of over $50,000. • Responsible for the implementation of bank security awareness and social engineering education program, resulting in a consistent phishing simulation click-through rate of less than 2%. • Presented quarterly information security metrics to senior management. • Presented and spoke on numerous information security topics to parent bank leadership at headquarters in Taiwan. • Coordinated and executed yearly penetration tests and FFIEC risk assessments. |
|||
| Years | Employer | Title | Department |
| Years: 2015 to 2017 | Employer: Paramount Pictures | Title: Director, Information Security | Department: |
Responsibilities:• Implemented IBM Appscan infrastructure to support a global application security program capable of dynamically scanning hundreds of Viacom and Paramount websites daily.• Aligned with web development teams to classify, track, and remediate critical and high-risk vulnerabilities discovered during the scanning process. • Responsible for third-party risk management of new and existing vendor relationships. • Responsible for the collection and preservation of all forensic data within Paramount needed for legal discovery. • Performed risk assessments and site visits for new engagements. |
|||
| Years | Employer | Title | Department |
| Years: 2009 to 2015 | Employer: Dexia Credit Local, | Title: VP, Information Security | Department: |
Responsibilities:• Led the information security program for the bank’s New York and Canada offices, comprising a total portfolio value of $33 billion USD.• Re-engineered risk management program based on ISO 17799, COBIT, and the Shared Assessments frameworks to better align with FFIEC guidance. • Implemented firmwide monitoring solution using NetIQ and Splunk to quickly spot problem areas requiring immediate resolution. • Led an information security-sponsored security reinforcement project to strengthen the bank’s security posture, resulting in an overall reduction in state and federal regulatory agency audit recommendations. • Responsible for creating and updating all information security policies and procedures. • Implemented email encryption solution using Voltage on-site encryption servers to protect the confidentiality and integrity of sensitive bank data being transmitted externally. • Designed vendor governance program using Shared Assessments questionnaires and conduct third party site visits. • Presented monthly high-level security metrics to executive management. |
|||
| Years | Employer | Title | Department |
| Years: 2009 to 2009 | Employer: MTV Networks | Title: Information Security Consultant | Department: |
Responsibilities:• Responsible for the collection and preservation of all forensic data needed for legal discovery.• Streamlined the collection process by eliminating redundancy, resulting in a 40% decrease in collection time. • Designed custom scripts to perform forensic image consistency analysis across entire forensic collection, and flagged those that failed integrity checks. • Provided subject matter expertise to subsidiary Paramount Pictures during EnCase upgrade and rollout, eliminating the need to hire costly external consultants. |
|||
| Years | Employer | Title | Department |
| Years: 2005 to 2008 | Employer: Merrill Lynch | Title: Information Security Officer | Department: |
Responsibilities:• Performed site visits and security reviews of many third parties doing business with Merrill Lynch, including currency trading platforms and overseas call centers.• Provided information security subject matter expertise for new internal projects as well as external engagements, ensuring that new systems adhere to strong security best practices. |
|||
| Years | Employer | Title | Department |
| Years: 2001 to 2005 | Employer: Merrill Lynch | Title: Team Leader, Security Operations | Department: |
Responsibilities:• Overhauled back-end institutional trading platform from older Solaris infrastructure to new, upgraded Nokia appliances, resulting in a substantial increase in throughput and improved stability.• Consolidated legacy service-based security model to a shared infrastructure, resulting in fewer firewalls needed globally and saving thousands of dollars per year in management and licensing costs. • Directed daily workflow initiatives among junior members of the team. |
|||
| Years | Employer | Title | Department |
| Years: 2000 to 2001 | Employer: Breakaway Solutions | Title: Senior Security Engineer | Department: |
Responsibilities:• Designed and implemented a security operations network for secure remote engineer access, customer logging, and backups.• Implemented Solaris jumpstart servers for building pre-hardened customer and enterprise infrastructure firewalls, allowing the engineering staff to deploy new equipment within minutes. • Continued to support existing customer relationships developed prior to norSEC acquisition. |
|||
| Years | Employer | Title | Department |
| Years: 2000 to 2000 | Employer: norSEC, Inc. | Title: Senior Security Engineer | Department: |
Responsibilities:• Configured, implemented, and supported hundreds of Check Point and WatchGuard Firebox firewalls for large Fortune 500 companies within enterprise data centers as well as on-site at customer premises.• Performed on-site security architecture design and deployment. |
|||