I am working as an automotive cybersecurity assessor and consultant regarding UNECE R155/R156. Mainly reviewing of OEM's documentations such as TARA, test result, worst case, risk acceptance, CIA (cybersecurity interface agreement), infodoc, etc. As a partnership of RDW, a Dutch Vehicle Type Approval Authority, proactively participate in the assessment.

cybersecurity consulting and audit service provider

I am working for IT security consulting and audit especially for payment business like acquiring, issuing, switching, and payment processing. As qualified personnel for CISSP, ISO27001 and PCI QSA, I am providing education for the compliance, regulation and IT security best practice. Also I am providing gap analysis, remediation support, consultancy, formal audit especially for PCI DSS. With the support of UL international skillful security assurance team, my service to the customer is different in business, technology and flexibility. Previously in UL, as a technical advisor in EMV, Mobile Payment, Information Security and Transit Practice, I participate in the mobile payment council, transit council and contribute by writing white papers and analyzing market trends, especially for Asia and Korea, and delivering training courses and technical workshops to the customers.In addition provides technical consulting for payment such as how to adopt the standards into business, how to fit to specific business environment, what standards should be considered in rolling out of service and how to test a product/service in timely manner. PCI - PCI manages payment security standards and most Korean companies are interested in PCI DSS and PCI PTS. PCI DSS is corresponding to people, process, and technology for network and system which store, process and transmit cardholder data. PCI PTS is corresponding to device which engages in either making of payment or key management. As one of QSA I am providing consultancy and formal audit service for PCI DSS to the customers. Besides I help POI manufacturers to be compliant to PCI PTS. EMV- Different to the beginning EMV now specifies mobile requirements, payment tokenization as well as card and terminal specifications. I’m delivering consultancy and training for the specifications, how to get test for the certification and implementation. Also I have participated in developing of EMV test suites for contactless terminal.

With the work experience and background knowledge, I managed projects for AFC in Korea and New Zealand. Projects for main cities in Korea including Seoul were based on the local scheme T-money. The projects included implementation and maintenance of the reader, back-end and developing an interface with other entities.New Zealand’s project was to install T-money system on Wellington buses as a partner of Snapper. We utilized T-money’s card structure and scheme, and installed the contactless readers on all of Wellington’s buses, taxis, ferries and retail shops. Also the data collection, clearing and settlement were implemented based on the assets that we had. A few years later, Snapper requested to implement NITIS card specifications in the existing reader. The version 0.9 of NITIS was implemented for card data reading, parsing and transaction generation. The software upgrade was deployed in Wellington as well as in Auckland’s Transport AFC system. I also participated in the development of proposals and system design for other AFC projects in Bogota Colombia, Toronto Canada, Kuala Lumpur Malaysia, etc.Snapper (an e-Ticketing system operation in Wellington) was requested by NZTA to implement the NITIS card specification in their contactless card readers to enable HOP cardholders to use the Snapper readers. Snapper’s system was implemented by LG CNS therefore Snapper requested LG CNS to manage the project. The team analysed the NITIS specifications in detail and discussed how to implement the existing reader. There were also several EODs defined by NITIS and these were quite different from those which were used in the Snapper system. We designed the firmware and data file to accommodate NITIS spec. In addition, a plan was developed to validate the implementation. This project was executed in 3 phases and was successfully deployed.

I was extensively involved in the implementation of Wellington e-Ticketing system as a technical leader. The activities under my responsibility were the design of the system architecture, data flow, communication protocol, code review and testing. Most of the activities in the project involved the introduction of Smart Cards in Seoul’s transit system, GPS positioning and testing. The project was executed in three phases and completed successfully.My responsibility during this time was the installation of contactless readers in public transport such as buses, taxis, subway gates, card value rechargers and ticket investigators. I designed the firmware and application software of the readers in modular basis thus reusing the common functional modules and enhancing the maintenance performance. At first, the system was implemented in Seoul only, but as the business expanded, over 15 cities in Korea adopted the same system for their e-Ticketing solution.

As a software developer of the contactless card reader, I operated a debit card issuing machine to be used in a bank. I also developed an EMV contact reader which adopted embedded Linux as OS. Coding was done with C-language

I was responsible for the automatic production system of sensors especially for the software. I did troubleshooting and implemented newly requested functions.

I belonged to the car performance development team and tuned the engine parameters to improve the performance and meet the exhaust gas regulation for US, Europe and Korea.