Max Luo

AI Security Engineering Lead (Crypto/Web3) | Open-Source Book Author: AI for Security & Security for AI | Blockchain Security | OSCE³

Hong Kong SAR

About

AI Security Engineering Lead in Web3 & Blockchain | Focused on building AI-native, scalable security systems for the global crypto ecosystem, implementing AI-driven security strategies (AI For Security & Security For AI) to align security protection with business innovation. With experience in leading global cybersecurity teams, I have led the delivery of global application security architecture and AI for Security architecture. Backed by solid technical expertise in AI security engineering, cloud security, application security, DevSecOps, data security and privacy compliance, enabling the evolution of security systems from defensive to intelligent and proactive governance.

Experience

  • Leader of Security AI Automation Team at Leading Cryptocurrency Exchange
    Dec 2025 - Present · 8 mos

    Leader, Security AI Automation Team at a globally Leading Cryptocurrency Exchange,building AI-driven security solutions.

  • SHEIN (On-site)
    • Head of Global AI Security COE
      Aug 2025 - Dec 2025 · 5 mos

      As Head of the Global AI Security Center of Excellence (AISC) at GSRM, leading the company’s strategy and platform development in the AI-for-Security domain to drive innovation across cybersecurity, privacy compliance, and risk management. Overseeing the design and implementation of a dedicated AI security middleware layer—covering data adaptation, vectorization, context enrichment, and unified interface standards—to enable scalable, cross-platform reuse of AI-driven security capabilities. Defining AISC’s long-term roadmap and technical standards, fostering cross-domain collaboration to standardize, platformize, and globalize intelligent security solutions that advance GSRM’s vision for intelligent, AI-enabled security systems. 作为 GSRM 全球 AI 安全中台(AISC)负责人,全面负责公司在 “AI for Security” 领域的战略规划与平台建设,推动人工智能在网络安全、隐私合规与风险管理中的创新应用。 主导安全专用中间件与能力平台的研发与落地,构建涵盖数据适配、向量化、上下文增强与统一接口标准的核心技术体系,实现 AI 安全能力的模块化复用与跨平台赋能。 制定 AISC 的中长期路线图与技术标准,协同 GSRM 各业务域推进智能安全方案的标准化、平台化与全球化部署,实现安全体系的智能化演进。

    • Head of Global Application Security
      Aug 2024 - Aug 2025 · 1 yr 1 mo

      Be responsible for the overall management of the Global Application Security team. Take the lead in the construction of the application security system of the SHEIN Group and build a global application security architecture, which involves aspects such as systems, processes, tools, operations, services, business indicators, talent development plans and the cooperation mechanism between Chinese and American teams, to ensure that the application security risks of the Group can be effectively controlled and meet the regulatory compliance requirements of Europe and the United States. Lead the team to efficiently solve the application security risks in large-scale and complex technical architectures through an engineering approach, promote the optimization and upgrading of the SDL/DevSecOps culture and processes, realize the shift-left of security work, and make the application security construction of SHEIN reach the top level in the industry. 负责希音(SHEIN)全球应用安全团队的管理。主导 SHEIN 集团应用安全体系建设,搭建全球应用安全架构,涉及制度、流程、工具、运营、服务、业务指标、人才发展规划和中美团队协作机制等内容,确保集团应用安全风险得以有效控制,并符合欧美监管合规要求。带领团队通过工程化方式高效解决大规模、复杂技术架构中的应用安全风险,推动 SDL/DevSecOps 文化与流程优化升级,实现安全工作左移,让 SHEIN 的应用安全建设达到行业领先水准。

    • Head of Global Security Business Partner
      Jan 2024 - Jul 2024 · 7 mos

      Establish a global GSBP team (also known as Business Information Security Officer in the industry). This team collaborates with global business departments, delves into business processes to identify potential security risks therein, promotes risk rectification work, and thus reduces risks in areas such as data security, privacy compliance, and application security. 建立全球 GSBP 团队(业内也称为 Business Information Security Officer)。该团队与全球业务部门合作,深入业务流程,挖掘潜在的安全风险,推动风险整改工作,从而降低数据安全、隐私合规和应用安全等领域的风险。