Hanoi, Hanoi, Vietnam
Experience in building a security management program in the banking and finance industry with many years of practical work in the security field. A strong technical foundation helps to build an effective, appropriate, and feasible security program that complies with the laws and regulations of the State Bank. Good management skills, flexibility, efficiency, and good coordination with other departments to implement security programs for the whole company.
Achievement/Tasks: -Building long term Security Strategy for PG Bank after assessing current situation. -Create Security Action Plan in order to implement and increase security maturity over each year. -Develop a set of security policy documents that are suitable, practical, and compliant with the State Bank's circulars (Circular 09/2020/TT-NHNN, Circular 35/2016/TT-NHNN, Circular 35/2018/TT-NHNN, Circular 47/2014/TT-NHNN) -IT Risk Management: identify IT security risks, propose mitigation plans and monitoring. -Security hardening: Vulnerability Management, Pen-testing, Hardening systems, Improve endpoint security solution efficiency, Implement security patch management program,Implement Secure Admin Workstation Model, Implement Microsoft's Active Directory Tier Administrative Model, Planning to implement Central Internet Gateway solution, Privileged Account Management Solution, SIEM Solution. -Rebuild IT Security Team
PTF Vietnam is a finance company acquired by SeABank and started to restructure to operate again since 2018. I am very proud to join a smart, dynamic, enthusiastic team to rebuild the company from the early days. At PTF, I have built a security framework to help the company meet the requirements of information security in the banking industry. By implementing policies, operating procedures, security standards and basic security systems to help the company operations safely.
Achievements/Tasks: -Lead a team who responsive to conduct operations to improve Vietinbank's Information Security, including Penetration Testing, Security Scanning, Security Auditing, Risk Assessment -Manage F5-BigIP with highly customized Application Firewall system. -Manage Database Security System which monitor Databases to detect anomaly behaviors -Manager/Operator others security system such as IBM Appscan, Nessus, Rapid7/Metasploit Pro, RSA SecurID, Entrust IDG, RSA KPI, Microsoft RMS, Intellinx... -Research/deploy security solutions/systems -Building and Training internal Security Course: Security Coding, Pen-testing, Server Hardening. Projects: -F5 Big-IP Deployment +Deployment new F5 Big-IP system to replace current Citrix Netscaler system with various modules: GTM, LTM, ASM. +Converting all configuration from Citrix to F5 with improved design +Implement new modules such as GTM, ASM, Caching, Content Switching +Implement Application Firewall System (ASM module) with highly customized policies and rules, to protects hundred of applications, prevent 99% normal attacks even 0-Day exploits. +Built an in-house program to help manage F5 better: 10 times faster implement, more accurate by reduce admin's manual activities. -Vietinbank's New Core Banking System Security Penestration Testing Project -Vietinbank Mobile Internet Banking Project -Vietinbank Enterprise Data Warehouse Pentesting Project -PCI-DSS Project
Achievements/Tasks: -Building Security Pen-tesing Procedure -Conduct Security Pen-testing -Conduct System Security Scanning -Manage Security Systems -Implement Courses to improve Vietinbank employees' Security Awareness Projects: -RSA SecurID implement -SIEM Implement -RSA KPI Implement
-Works as a penetration tester. Found many security vulnerabilities in many website in Vietnam, including gov websites and big companies, such as Viettel and Vietinbank.