CHAK SUM CHAN

• Cybersecurity Leadership and Governance:
• Led the development and implementation of the entire cybersecurity architecture for the team to enhance product security
• Formulated cybersecurity policies and standardized security baselines for Research and Development (RD) to ensure security could considered in software production lifecycle
• Addressed global product compliance risks, including US
• CCPA, EU GDPR, Taiwan Privacy Law, India Privacy
• Framework, and Australia Cyber Security Acts
• Managed the cybersecurity budget for the PG team, overseeing expenses for staff and tools, with a total annual budget of approximately US$150,000 and helping the tender by the tools in different regions
• Ensured team compliance with standards such as ISO 27001
• NIST, SOC2, CSA STAR Lv1, and others
• Introduced and provided training on risk and compliance thinking to the SaaS service team to advance the product advantages
• Promoted a production lifecycle strategy from DevOps to
• DevSecOps with controls minimizing impact to the team
• DevSecOps Implementation:
• Enabled DevSecOps capacity across the myViewBoard Team for revamping the security into production lifecycle
• Evaluated development lifecycle risks, suggested mitigations, and implemented operational response methods
• Collaborated with developers to review and adjust existing security controls
• Reviewed and integrated Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) into the CI/CD pipeline process
• Built the Identity and Access Management (IAM) system and formulated IAM security control policies
• Incident Management and Privacy assessment handling to compliant the cross regional legal framework
• Managed internal and external cybersecurity issues and incidents and responses including vCast and AWS platform issues
• Led disaster recovery drills
• Conducted cybersecurity awareness training for the RD team
• Oversaw all privacy issues globally on the myViewBoard platform, acting as the privacy officer
• Oversaw myViewBoard product GDPR assessment and collaborated with the group's Data Protection Officer (DPO) on renewing End User License Agreements (EULA), Privacy
• Policy, and Terms & Conditions
• Security Team Development:
• Formulated and led security team with both Red Team and
• Blue Team development
• Leading 2 member to ensure product security team functions could improve sales and product values
• Served as the contact point for the product engineering team

• Reporting to (Name & Title) Glenn Gunara-Chen (CISO)
• Salary NT2,640,000 /annual + performance bonus
• Job Duties / Achievements: Cybersecurity Leadership and Governance:
• Lead the development and implementation of the entire development related architecture for the team and assist business landing Shift-left Strategy on security governance for both technical and non-technical approaches
• Managed the cybersecurity budget for the team, overseeing expenses for security engineering projects, with a total annual budget of approximately US$200,000 and helped business to prevent over US$ 400,000 loss on both AWS and application development
• Introduced and provided training on risk and compliance thinking to the production team to making information security be seamless adoption
• Promoted a production lifecycle strategy from DevOps to
• DevSecOps with controls minimizing impact across the team that not affecting product releases
• DevSecOps Implementation:
• Evaluated development lifecycle risks, suggested mitigations, and implemented operational response methods to transition the risk handling to shift-left approach
• Collaborated with technical leaders and project director office to review and adjust existing security controls that mitigates technical risks on beginning
• Reviewed and integrated Static Application Security Testing (SAST), secret detection, Software Composition analysis (SCA) and Dynamic Application Security Testing (DAST) into the
• CI/CD pipeline process that promoting automation culture on security testing
• Leading to build the Identity and Access Management (IAM) in tools authentication, the IAM also based on the communication across the teams to ensure less execution overheads
• Incident Management on Cloud and SaaS environments to formulating the future adjustment process and hardening for
• Cloud environment that prevent business loss
• Balance the business values across the team on landing
• DevSecOps in practical way
• Security Team Development:
• Formulated and led security team with both Red Team and
• Blue Team development.

• Network Defense and Security Planning:
• Led Network Defense projects, introducing Clean-Pipe Anti-
• DDoS and CASB solutions to the organization
• Conducted requirement collection for projects and facilitated cross-team communication within the internal organization
• Managed compliance checking support for internal processes
• Oversaw cloud solution evaluation and integration of CASB solutions within the organization
• Assisted and participated in SD-WAN revamp Proof of
• Concept (PoC) exercises
• Attended regular security assessment meetings
• Coordinated meetings with other teams to evaluate projects from a cybersecurity perspective
• Security Standards and Implementation:
• Assisted in reviewing the standards for SaaS and IaaS (Azure or AWS) implementation requirements
• Wrote and adjusted implementation criteria for SaaS and
• IaaS (Azure or AWS), ensuring projects met internal compliance
• Assisted in deploying SaaS usage guidelines compliant with
• ISO 27002 standards
• Contributed to documenting and developing internal
• Security Operations Center (SOC) processes
• Assisted in the case review of Security Orchestration
• Automation, and Response (SOAR) system
• Technical Analysis and Collaboration:
• Assisted in the communication and technical analysis of the implementation project for Anti-DDoS Clean-Pipe solution

• Job Duties / Achievements: Security Operations Center (SOC) Management and Development:
• Led SIEM data onboarding and managed the SIEM replacement project, transitioning from Arcsight to Splunk
• Oversaw staff development and assisted in the selection of
• Security Analysts/SOC Security Engineer team members
• Managed a team of 14 Security Engineers, including staff based in Hong Kong, mainland China, and Taiwan
• Led the redesign and revamp of Managed Security Service (MSS) offerings
• Spearheaded the SOC revamp project, ensuring optimal efficiency and effectiveness
• Provided assistance in managing SOC incidents related to specific customers
• Developed workflows, guidance, and handling procedures for T1 support
• Revamped the newsletter format and workflow for improved communication
• Constructed workflows for threat hunting and threat research activities
• Designed and developed the newspaper clipping service and its system
• Customer Service and Workflow Management:
• Gathered customer requests on services and helped consolidate tasks for streamlined delivery
• Primarily responsible for supporting customer data center relocation and constructing workflows for the process
• Analyzed Splunk usage and reported on Splunk Search Processing
• Language (SPL) construction
• Integrated Splunk with MSS service, ensuring seamless operations
• Wrote Splunk SPL for MSS service delivery and continuous service improvement
• Developed Splunk platform use cases and implemented them effectively
• Set up Splunk for customers and conducted Proof of Concept (POC) exercises.

• Cybersecurity Consultation and Management:
• Provided information and suggestions to customers on their systems, infrastructure, and applications to achieve cybersecurity goals
• Analyzed and reported on monthly cybersecurity reports, conducting drills to address problems or abnormal behaviors
• Advised customers on cybersecurity approaches based on their network configurations
• Utilized Splunk for monitoring customer systems
• Assisted in Splunk deployment, suggesting correlation rules deployment, and fine-tuning
• Migrated log collection and monitoring policies from
• Sentinel to Splunk for specific customers
• Advised on security log onboarding to Splunk (AWS Docker and Office 365)
• Incident Response and Team Management:
• Monitored security incidents and alerts
• Managed a team of junior staff (11 people) in handling security incidents and alerts
• Assisted in updating ISO documents for internal processes and procedures
• Led internal learning initiatives and technology trend updates for both junior and senior colleagues
• Led security incident investigations and report writing
• Led internal improvement projects and application development
• Assisted in ISO 27001 document writing
• Developed the ISO 27035 Incident Response Playbook
• Security Operations and Threat Management:
• Assisted in performing network scans and malware scanning
• Conducted threat hunting on enterprise systems or new technologies
• Established and guided junior staff in constructing labs and achieving yearly use-case

• Infrastructure and System Integration:
• Implemented new integrations (REST APIs) to the IMMS system
• Designed and developed the company's REST API platform
• Assisted in upgrading the Hypervisor from vSphere 5.5 to 6.5 and deploying new Hypervisors
• Integrated SAN switch to the network and deployed all-flash storage as a hot tier for server usage
• Managed VOIP phone system, deploying new number ranges with new IDAP connections
• Managed new user enrollments, including Exchange mail account creations
• Assisted in deploying Ansible for package updates
• Assisted in implementing OpenShift and Docker systems
• Mainly deployed Virtual Desktop Infrastructure (VDI) using
• VMWare Horizon and HP ZeroClient
• Assisted in deploying sub-domain Active Directory (AD) and
• Exchange systems
• Assisted in managing mail gateway and spam systems
• Mainly installed Linux servers (CentOS and Ubuntu) for testing and coordinated server resources
• Consolidated vendor relationships and scheduled meetings for infrastructure improvement
• Mainly in charge of back-end infrastructure upgrades
• Responsible for cloud storage system mobile application development
• Integrated version control for all company projects
• Assisted in developing an automation deployment system
• Developed mini tools for daily operation usage
• Responsible for LDAP system integration in high-availability standard
• Tested PredictionIO and TensorFlow for a data analysis project
• Integrated office file editor into the cloud storage system
• Mainly involved in the office relocation project with main network and WiFi upgrades
• Supported user daily operations and resolved ad-hoc issues
• Conducted network migrations and daily tuning of resource allocation for different parties
• Upgraded server room infrastructure and planned new network infrastructure with a self-made developed network appliance machine
• IT Security and Compliance:
• Assisted in ensuring the data center ran under ISO 27001 requirements
• Updated security baselines and policies of the company
• Implemented different system training for end-users
• Handled subsidiary side projects and participated in Hybrid
• Mobile Application Development
• Assisted in ISO 27001 document updates and rewriting
• Conducted yearly user security awareness training
• Tested SIEM using ELK
• Deployed Mobile Device Management (MDM) solutions to control internal BYOD devices
• Integrated multiple services into API platforms.
• Assisted in ISO external audit
• Contracted the security baseline to implement IT services
• Managed endpoint security console and tuned policies
• Assisted in deploying a double Web Application Firewall (WAF) architecture for the company
• Cloud and Big Data Projects:
• Deployed GlusterFS File system for an elastic data collection platform
• Developed and deployed a new big data infrastructure using
• Ambari
• Responsible for OpenStack testing and implementing Redis for
• Cloud storage system usage
• Mainly in charge of Big Data infrastructure constructions and
• Data Center upgrade
• Responsible for data lake deployment with GreenPlum
• Documented Docker system usage and deployed guidelines to programmers needing to use Docker
• Developed cloud storage for both company internal and external use.

Project Management and Delivery:
• Engaged directly with customers to provide project briefings. • Strategized and planned project delivery, including task
breakdowns and scheduling.
• Established testing environments for project development,
ensuring rigorous testing processes.
• Configured production servers for customers, optimizing
performance and reliability.
• Resolved server issues promptly and maintained servers in
optimal condition.
• Scheduled project deliveries and coordinated with cross-
departmental staff to ensure timely completion.
• Facilitated communication across different departments to
maintain project delivery schedules.
• Assisted in standardizing procedures and programming
environments for enhanced efficiency.
• Reported to upper-level management for resource requests and
project updates.
Web Development and Programming:
• Specialized in using PHP, HTML5, JavaScript, jQuery, and MySQL
for website and web application development.
• Investigated and developed the integration of third-party APIs to enhance project functionalities.

Responsible to planning the work flow of project Responsible to cooperate with the general staff
Responsible to estimate the working schedule and report to the project owner
Project planning and monitoring the execution
Helping to standardize the procedures and programming environment Reporting to the upper level for resources request
Mainly use PHP, HTML5, JavaScript and MySQL for developing websites and web applications
Documenting the policy and standard of the works
Mainly focus on Hong Kong Box Office reporting system development

Responsible to planning for the new website deployment (based on PHP and JavaScript)
Responsible for internal IT infrastructure construction
Responsible for Data mining and categorization of specific project Contact vendors for purchasing IT equipment
Analysis and developing the new functions of internal management systems (Based on Apache + MySQL with PHP+HTML5+CSS3+Javascript)
Tuning up the Linux Server for email functions and Web application testing
Constructing the Database for ERP system and doing system testing Cooperating with other project manager with specified project Develop mobile apps for internal usage (iOS and Android) Providing training for both internal staff
Monitoring part-time staff
Dealing with the server security issues IT strategic planning of the company