About Kuro

A Slashie ,Consultant ,and Medium Blogger. Kuro is principally engaged in the consulting experience of the Cybersecurity, risk management, it security control, compliance review, network infrastructure security, vulnerability assessment, mobile application security, and security assessment testing / auditing (ISMS, regulatory compliance), especially in financial security sector. Through years of experience and research, He is committed to assisting clients in solving information security, either management policy or technical issues with his diverse backgrounds and expertise. Other responsibilities include working with sales and bids teams to identify potential opportunities and also to sign off bids, plus many more.

My experience includes but is not limited to:

IT Governance, Risk and Compliance :

  • Performed IT General Controls review in the areas of Physical access, Logical access and Change management for several leading companies.
  • Performed Network/OS/DB Security Review
  • Performed IT General Control audit support, information systems security audits and compliance review, such as ISO27001 and Financial Institutions compliance review.
  • Reviewing information security policies
  • Recommending appropriate cyber security controls and countermeasures

Security Lab, Testing and Investigation

  • Vulnerability Assessment and Penetration testing
  • App Security testing & social engineering
  • ISO 17025 Lab Management
  • Incident Response Management & Investigation

Security Architecture & Solution

  • Defense-in-depth Network Design
  • Risk-based architecture maturity Assessment
  • IEC 62443 Systems
  • Network Device Security and Configuration Assessment ( such as Cisco Router, Cisco Switch, WAF, IPS, Firewall, Server, LB and SIEM)
  • Cyber security consultancy and training
  • SOC Maturity Assessment

Work Experience

  • High-tech Manufacturing Industry - Information Security 高科技製造業 資安管理
  • Ernst & Young (EY) - CyberSecurity Consultant 安永企業管理諮詢 資安架構顧問
  • Deloitte - CyberSecurity Consultant 勤業眾信聯合會計師事務所 資安管理暨技術顧問
  • Financial Industry : Information System Security 金融業 資安管理

Other Experience

  • Sticker Maker : ( https://line.me/S/shop/sticker/author/1656721)
  • Regulatory Compliance & Security Framework : 金融機構合規檢視, ISMS, CIS Control, STIGs, IEC 62443, Singapore TRM Guidelines, Philippine MORB, Cyber security maturity assessment, Security Operation Center (SOC) maturity assessment.
  • Technical Assessment : Computer System Security , Pentesting, Mobile Application Security, Secure Configuration Baseline, General Data Protect, Network Architecture, Solution engineering ,Incident response
  • Security Management : Security program development, Risk Management, Risk Control Design, Risk Control Design and Implementation, IT Risk Identification, IT Risk Analysis and Evaluation

Speaking

Services

  • Find opportunities to be an lecturer, Instructor or speaker | 內外部講師
  • Cybersecurity Consulting Services | 資安顧問服務
  • Vulnerability Analysis : Web application, mobile application, System and etc. | 網站滲透測試與APP安全
  • Network Security Architecture (IT & OT) | 企業網路架構評估與設備組態安全分析
  • Cyber Security Audit | 資訊系統安全技術稽核
  • CyberSecurity Framework & Baseline : CIS Control, ISMS, STIG | 資安制度與框架

Blog


Community / Conference Volunteer:

– HITCON( Hacks in Taiwan Conference ) Staff : 台灣駭客年會

  • 2018/2019/2020/2021

– COSCUP(Conference for Open Source Coders, Users and Promoters) Staff : 開源人年會

  • 2016/2018/2020/2022

– SITCON (Students' Information Technology Conference) Staff : 學生計算機年會

  • 2016/2017

– CSCS

Professional Organization & Role :

  • ISC2, International Information System Security Certification Consortium | 國際資訊系統安全認證協會
  • ISC2 Taipei Chapter Board of Supervisors - ISC2台北分會 監事
  • ISACA, Information Systems Audit and Control Association | 國際電腦稽核協會
  • CAA, Computer Audit Association | 中國民國電腦稽核協會
  • EC-Council | 國際電子商務顧問委員會

Certification

IT Governance, Risk and Compliance (GRC) :

  • ISC2 CISSP, Certified Information Systems Security Professional | 國際資安系統安全專家
  • ISC2 CCSP, Certified Cloud Security Professional | 國際雲端資安專家
  • ISACA CISA, Certified Information Systems Auditor | 國際電腦稽核師
  • ISACA CISM, Certified Information Security Manager | 國際資訊安全經理人
  • ISACA CRISC, Certified in Risk and Information Systems Control | 國際資訊風險控制師
  • ISACA CGEIT, Certified in the Governance of Enterprise IT | 國際企業資訊治理師
  • ISACA CDPSE, Certified Data Privacy Solutions Engineer (ExamPass) | 國際資訊隱私防護師
  • ISO/IEC 27001 Lead Auditor | ISO 27001 主導稽核員訓練
  • ISO/IEC 27001 Internal Auditor | ISO 27001 內部稽核員訓練
  • ISO 9001 Internal Auditor | ISO 9001 內部稽核員訓練

Security Analysis :

  • CEH, EC-Council Certified Ethical Hacker | EC-Council 認證駭客技術專家
  • ECSA, EC-Council Certified Security Analyst | EC-Council 認證資安分析專家
  • CPSA, CREST Practitioner Security Analyst | CREST 認證資安分析專家
  • TCSE, Trend Certified Security Expert | 趨勢認證資訊安全專家

Incident Handling :

  • CTIA, EC-Council Certified Threat Intelligence Analyst | EC-Council 威脅情資分析專家
  • CSA, Certified SOC Analyst | EC-Council 安全運營中心(SOC)分析師

Network Security :

  • CCNP Security, Cisco Certified Network Professional : Security | 思科認證網路安全專家
  • NSPA, Network Security of Packet Analysis | 網路安全封包分析師
  • CyberArk Trustee, CyberArk Trustee Certification | CyberArk 受託者認證
  • CyberArk Certified Sales Professional
  • CyberArk Certified Pre-Sales Engineer | CyberArk 售前規劃師

Network Infrastructure :

  • CCNP Enterprise, Cisco Certified Network Professional : Enterprise | 思科認證企業網路建置專家
  • VCP-NV, VMware Certified Professional – Network Virtualization | VMware 認證網路虛擬化專家
  • CCNA R&S, Cisco Certified Network Associate : Routing and Switching | 思科認證網路工程師

Cloud Computing

  • AZ-900, Microsoft Azure Fundamentals | 微軟Azure雲端概論

Other :

  • ISO/IEC 17025, General requirements for the competence of testing and calibration laboratories | ISO 17025 實驗室品質管理訓練合格
  • Foundations of Operationalizing MITRE ATT&CK
  • Foundations of Purple Teaming