About Kuro

A Slashie, Consultant, and Medium Blogger. Kuro primarily engages in consulting experiences related to cybersecurity, risk management, cloud security, compliance review, infrastructure security, vulnerability assessment, mobile application security, and security assessment testing/auditing. He specializes in the financial and high-tech manufacturing security sectors. Through years of experience and research, he is committed to assisting clients in solving information security issues, whether they are related to management policies or technical challenges, leveraging his diverse background and expertise. Other responsibilities include collaborating with sales and bid teams to identify potential opportunities and approve bids, among other tasks.

My experience includes but is not limited to:

IT Governance, Risk, and Compliance:

  • Conducted IT general controls reviews in the areas of physical access, logical access, and change management for several leading companies
  • Performed Network/OS/DB Security Reviews
  • Provided support for IT general control audits, information systems security audits, and compliance reviews, such as ISO 27001 and compliance reviews for financial institutions
  • Reviewed information security policies
  • Recommended appropriate cybersecurity controls and countermeasures
  • Cloud security management
  • General data protection
  • Developed security programs
  • Established secure configuration baselines
  • Regulatory compliance & Security framework : 金融機構合規檢視, ISMS, CIS Beanchmark, STIGs, Singapore TRM Guidelines, Philippine MORB, Cyber security maturity assessment

Security Lab, Testing, and Investigation:

  • Conducted vulnerability assessments and security Testing
  • Conducted mobile application security testing
  • Managed ISO 17025 Laboratories
  • Social engineering

Security & Solution Architecture:

  • Designed Defense-in-depth Network Architecture
  • Cloud Security architecture review
  • CNAPP Solution
  • Implemented IEC 62443-3 / Smart factory security architecture
  • Conducted Network Security and Configuration Assessments (e.g., Cisco Router, Cisco Switch, WAF, IPS, Firewall, Server, LB, and SIEM) / CIS Beanchmark review
  • Provided cybersecurity consultancy and training

Work Experience

  • High-tech Manufacturing Industry - Information Security 高科技製造業 資安策略規劃師/資安架構師
  • Ernst & Young (EY) - CyberSecurity Consultant 安永企業管理諮詢 資安架構顧問
  • Deloitte - CyberSecurity Consultant 勤業眾信聯合會計師事務所 資安管理暨技術顧問
  • Financial Industry : Information System Security 金融業 資安管理

Professional Organization

  • ISC2 Taipei Chapter Board of Supervisors - ISC2 台北分會 監事, 專業發展委員會成員
  • ISC2, International Information System Security Certification Consortium | 國際資訊系統安全認證協會
  • ISACA, Information Systems Audit and Control Association | 國際電腦稽核協會
  • CAA, Computer Audit Association | 中國民國電腦稽核協會會員

Speaking

Blog

Community / Conference Volunteer:

– HITCON( Hacks in Taiwan Conference ) Staff : 台灣駭客年會

  • 2018門機組長/2019餐飲副組長/2020門機組員/2021門機組長/2024場務組副組長

– COSCUP(Conference for Open Source Coders, Users and Promoters) Staff : 開源人年會

  • 2016攤位股/2018門機股/2020門機股長/2022門機股長/2023門機股長/2024門機股長

– SITCON (Students' Information Technology Conference) Staff : 學生計算機年會

  • 2016/2017 議程組

– CSCS 志工

Certification & Certificate

IT Governance, Risk and Compliance (GRC) :

  • ISC2 CISSP, Certified Information Systems Security Professional | 國際資安系統安全專家
  • ISC2 CCSP, Certified Cloud Security Professional | 國際雲端資安專家
  • ISC2 CC, Certified Cyber Security
  • ISACA CISA, Certified Information Systems Auditor | 國際電腦稽核師 (2021 Taiwan Top2)
  • ISACA CISM, Certified Information Security Manager | 國際資訊安全經理人 (2021 Taiwan Top2)
  • ISACA CRISC, Certified in Risk and Information Systems Control | 國際資訊風險控制師 (2021 Taiwan Top3)
  • ISACA CGEIT, Certified in the Governance of Enterprise IT | 國際企業資訊治理師 (2021 Taiwan Top1)
  • ISACA CDPSE, Certified Data Privacy Solutions Engineer | 國際資訊隱私防護師
  • ISO/IEC 27001 Lead Auditor Training Course | ISO 27001 主導稽核員訓練
  • ISO/IEC 27001 Internal Auditor Training Course | ISO 27001 內部稽核員訓練
  • ISO 9001 Internal Auditor Training Course | ISO 9001 內部稽核員訓練

Security Analysis :

  • CEH, EC-Council Certified Ethical Hacker | EC-Council 認證駭客技術專家
  • CEH, EC-Council Certified Ethical Hacker Practical | EC-Council 認證駭客技術實戰專家
  • CEH, EC-Council Certified Ethical Hacker Master
  • ECSA, EC-Council Certified Security Analyst | EC-Council 認證資安分析專家
  • CPSA, CREST Practitioner Security Analyst | CREST 認證資安分析專家
  • TCSE, Trend Certified Security Expert | 趨勢認證資訊安全專家
  • MOEA Certified Information Security Engineer-Associate Level | iPAS 初級資訊安全工程師能力鑑定

Cloud Computing

  • AZ-900, Microsoft Azure Fundamentals | Azure 雲端從業者
  • AWS Certified Cloud Practitioner Certification | AWS 雲端從業者
  • AWS Certified Solutions Architect — Associate | AWS 解決方案架構師
  • GCP Associate Cloud Engineer | GCP 助理雲端工程師

Incident Handling :

  • CTIA, EC-Council Certified Threat Intelligence Analyst | EC-Council 威脅情資分析專家
  • CSA, Certified SOC Analyst | EC-Council 安全運營中心(SOC)分析師
  • ECIH, Certified Incident Handler | EC-Council 資安危機處理員

Network Security :

  • CCNP Security, Cisco Certified Network Professional : Security | 思科認證網路安全專家
  • NSPA, Network Security of Packet Analysis | 網路安全封包分析師

Network Infrastructure :

  • CCNP Enterprise, Cisco Certified Network Professional : Enterprise | 思科認證企業網路建置專家
  • CCNA R&S, Cisco Certified Network Associate : Routing and Switching | 思科認證網路工程師
  • VCP-NV, VMware Certified Professional – Network Virtualization | VMware 認證網路虛擬化專家

Lab/Testing :

  • ISO/IEC 17025, General requirements for the competence of testing and calibration laboratories | ISO 17025 實驗室品質管理訓練合格(APP檢測實驗室)

運動 :

  • 中華民國健身運動協會 - 體適能健身C級指導員