Joseph Huang

LINE BANK Taiwan / Head of Information Security Technology Department / Vice President

Taipei City, Taipei City, Taiwan

About

In Charge Cyber & Information Security of LINE Bank TW 金融產業10年經驗:(整家銀行從無到有各項資安方案規劃導入與維運經驗) 從頭到尾參與LINE Bank台灣籌備與營運迄今,包含從2019開始規劃整間銀行的資安維運方案,協同4大顧問與日、韓兩國資安、infra同仁依據規劃中的網路系統架構搭配遴選後的資安工具(從網路、系統、端點、應用系統、監控等面涵蓋零信任、縱深防禦、網路微分隔、端對端加密等共40項資安產品)進行部署與維運管理,審查了銀行超過200項工作流程並給予安控建議、全程參與兩張銀行執照取得之金管會面試及書面審查。除了具備資安、infra等相關技術外,亦具備規範制定與撰寫能力,除了制定銀行內部相關資安規範外,目前亦為銀行代表參與銀行公會安控基準法等外部法規之修訂。 在渣打銀行期間,除了代表渣打銀行在銀行公會協助參與外規制定外,亦作為台灣與渣打總部間的溝通橋樑協助台灣團隊能夠配合總部資安要求並將台灣法規要求跟總部對標以利合規。 在中國信託期間除縱掌整套SIEM與SOC監控外,亦協助導入各項資安專案譬如SIEM導入成熟度分析,使用者行為分析等,亦重新正規化銀行既有的SIEM監控規則以利告警更為精準。 遊戲產業10年經驗: 負責遊戲橘子除遊戲外所有系統,譬如企業官網、活動官網、客服系統、電子報系統、金流系統(如GASH/Beanfun!)等之建置與維運,上述包含了一版/刀鋒伺服器採購與建置、storage採購與建置、機房建置、資安與部份網路系統建置譬如Anti-DDoS/WAF/IPS/負載平衡設備(基本上除switch/router外L4含以上均是由我負責),亦協助樂點卡分公司成立的一切系統基礎建設均由我完成。 後加入子公司果核(現為雲力橘子)擔任遊戲橘子集團內外之SI顧問,負責資安硬體與資安監控相關方案維運與提供服務,除了服務遊戲橘子集團外,亦服務外部客戶如高鐵局、台灣兢舞、大宇資訊、吉恩立等。

Experience

  • LINE Bank 連線銀行 (7 yrs 6 mos)
    • Vice President
      Feb 2022 - Present · 4 yrs 6 mos

      In charge the Cyber Information Security of LINE Bank Taiwan with Information security / Infrastructure Security / Application security /Security monitor/System Security/AI Security/Cloud Security and all security related (local regulations/principles/policies/technology/management ...etc) task. Represented the Bank as a member of the Technical Subgroup of the Information Security Group of the Electronics Committee of the Banking Association. (銀行公會電子化委員會資訊安全小組技術分組) Support LINE Bank Taiwan got the Bank license from (local regulatory)FSC(金管會) in security perspective. (2019.2-2021.4) Representative of the Banking Association for the revision of financial regulations(ex: in specific reversion team(安控基準法改版小組) to renew the "Financial institutions' electronic banking security control operations(安控基準法)"). Take all responsibility security items of brand new pure internet only digital bank in Taiwan. (After the Bank grand open: I design / define / create and review the whole security standard and policy (rules) .join each new bank service discussion meeting and give my comments within the Bank in APP/web process. for example: security control with 2FA design which used for internal control and bank transfer control design with the other product in Bank APP and internet bank web service for enterprise entity / Cryptography define for the encryption mechanism ….etc) Make sure all systems designed by regulation、 security and privacy Make sure all cooperation with LINE(LY) Group internal JP/KR team and vendors for each system will follow the same security baseline and policy. Manage security solution vendors in order to support any Bank request. Build/Define the standard documents in order to meet the regulation and for our Bank internal project request. Create new business plan and the budget every year. Lead the Security Technical department and members to perform the deployment、management、maintenance and BAU task of security within whole bank.

    • Assistant Vice President
      Feb 2019 - Feb 2022 · 3 yrs 1 mo

      In charge the information security of LINE Bank Taiwan with Information security / Infrastructure Security / Application security and all security related task (local regulations/principles/policies/technology...etc). Support LINE Bank Taiwan got the Bank lincese from (local reguatory)FSC in security perspective. Take care all security items of brand new pure internet only digital bank in Taiwan. (During the Bank preparation: I design / define / create the whole security standard and policy (rules) .join every bank service discussion meeting and give my comments within the process. for example: security control with 2FA design which used for internal control and bank transfer control design in Bank APP and internet bank web service / Cryptography define for the encryption mechanism / E2EE design ….etc) Make sure all systems designed by regulation、 security and privacy. Make sure all cooperation with LINE Group internal JP/KR team and vendors for each system will follow the same security baseline and policy. Create new business plan and the budget every year. Lead the Security Technical department and members to perform the deployment of security within whole bank.

  • Senior Manager at Standard Chartered Bank
    Aug 2017 - Feb 2019 · 1 yr 7 mos

    Member of F-ISAC and BA(The Bankers Association of the Republic of China) Risk and InfoSec management As an information security manager and risk manager, I mainly involved in large and small projects in the industry: providing security advice, risk control, meeting the requirements of the competent authorities, and meeting Headquarters security requirements and so on. Also, on behalf of the bank to attend the BA meeting to express opinions, and with the Compliance to deal with the competent authorities. In addition, I also go outside to perform on-site DD in order to audit the third party, and provide relevant audit reports for the reference of the business unit.

  • Manager at CTBC Bank
    Jun 2016 - Aug 2017 · 1 yr 3 mos

    Information Security consultant Manage VA/PT、SIEM system(ArcSight) 、Event Analysis、 Rule define and evaluate any new technology and also be a SOC manager CEH v9 Licensed

  • Assistant Manager at DigiCentre Company Limited (Group of Gamania)
    Oct 2013 - Jun 2016 · 2 yrs 9 mos

    Information Security consultant IPS (TippingPoint/McAfee)/Anti-DDoS (Arbor / NSfocus) solution provider & management & Presale SIEM (N-Cloud / ArcSight) solution provider & management & Presale SLB (A10 / F5 / Citrix) solution provider & management WAF (Imperva) management Led SOC team to get the ISO27001:2013 certification for SOC & Information Security management service New technology evaluation and introduction SOC team Leader NSPA Licensed AESA Licensed , HP Technical Certified II - ArcSight Security Analyst [2012]

  • Supervisor at Gamania Digital Entertainment
    Sep 2006 - Oct 2013 · 7 yrs 2 mos

    Help to design (system/network infrastructure)、build (environment) and maintain over 70% non-game services in Gamania , like Global website/ beanfun! / EDM/ Customer Service system、 GASH PLUS (GASH POINT) Company payment services. Be a SI consultant for our subsidiaries to solve any technique issues and give more advise for game production hardware chosen.  Tuned / Improved Event web infrastructure and performance , game event ssl transaction handling ability is up to 476 times than previous. 2006-2007  Designed / Built / Managed the brand new “beanfun!” infrastructure and systems , let it on production successfully - 2008  Designed Gash Plus Company payment system infrastructure , training their first line system and network engineers to manage these systems. 2010-2011 (In 2011 GASH PLUS Company was established)  Tuned / Improved beanfun! infrastructure and performance , make sure beanfun! can handle over 200,000 current login users, and it is up to 4 times than previous. - 2011  Designed / Built new EDM system , performance is up to 7.5 times than previous , now it can send 10,000,000 EDMs per day - 2011  Designed beanfun! 2.1 infrastructure , migrated old beanfun! services and raised current user capacity up to 545.000, an increase of 220% over last year. 2012-2013  Led system team members for maintaining all over 70% non-game services and defined SOP for them to get triple efficiency to support any mission just like new game production online. 2008-2013  Consulted for all Gamania Group Companies to evaluate and purchase Servers、Storages、WAFs、IPSs、Load Balancers and always discuss with network engineers for infrastructure tuning over 90 projects. 2006-2013