I started working as a fellow in the field of information security at Coupang, but after about a year, I took over as the manager of the Blue Team, which consists of four teams: Detection and Response Team, Detection Engineering Team, Blue Engineering Team, and Blue Operation Team. Our mission is to detect and respond to any cyber incident, data loss, policy violation, and minimize the impact on the environment. And in July 2022, I moved to the U.S. to build a follow-the-sun model in terms of… Show more I started working as a fellow in the field of information security at Coupang, but after about a year, I took over as the manager of the Blue Team, which consists of four teams: Detection and Response Team, Detection Engineering Team, Blue Engineering Team, and Blue Operation Team. Our mission is to detect and respond to any cyber incident, data loss, policy violation, and minimize the impact on the environment. And in July 2022, I moved to the U.S. to build a follow-the-sun model in terms of IR, not to mention SOC. Show less

Mainly I have focused on Cyber Incident Response, Compromised Assessment, and Digital Forensic Incident Response (DFIR) against advanced persistent threat. With my broad experiences, I eliminate the complexity and burden of cyber security for organization struggling to prepare for, prevent, and respond to cyber attacks.In terms of threat hunting, I also have pursued threat groups tracking adversary of incident response engagements and profiling technical attribution of threat actors… Show more Mainly I have focused on Cyber Incident Response, Compromised Assessment, and Digital Forensic Incident Response (DFIR) against advanced persistent threat. With my broad experiences, I eliminate the complexity and burden of cyber security for organization struggling to prepare for, prevent, and respond to cyber attacks.In terms of threat hunting, I also have pursued threat groups tracking adversary of incident response engagements and profiling technical attribution of threat actors through not only FireEye echosystem but also open framework such as VirusTotal. Sometimes in case of finding an incident earlier than customer, we try to reduce the dwell time with them. Show less

As a leader in MSS Strategy Team, I had pursued three missions; prevent break-in, escaping, and make data useless even if it's leaks.Strategist for Managed Security Service (MSS)• Establishing state-of-the-art MSS strategy for Samsung conglomerate• Rebuilding the whole MSS process, SIEM structure and organization• Creating indices such as response time, re-occurrence ratio, and dwell time and maintaining themCyber Security Consultant• Strategizing innovative MSS… Show more As a leader in MSS Strategy Team, I had pursued three missions; prevent break-in, escaping, and make data useless even if it's leaks.Strategist for Managed Security Service (MSS)• Establishing state-of-the-art MSS strategy for Samsung conglomerate• Rebuilding the whole MSS process, SIEM structure and organization• Creating indices such as response time, re-occurrence ratio, and dwell time and maintaining themCyber Security Consultant• Strategizing innovative MSS for Samsung Electronics• Developing and implementing Secure Web Gateway for Samsung Electronics• Establishing a mid-term strategy of Samsung security business Show less

[Job Category]• Enterprise Information Security (Office, IDC, vCould, Amazon Cloud)• Digital Forensic Incident Response• Anti-DDoS• Online Game Security (PC and Mobile)[Knowledge and Product]• Perimeter Defense: Firewall, Anti-DDos, IDS(Security Onion), and Application Switch• Operating System and Server Protection: Windows, Linux, Web, DNS, Proxy, etc.• Computer Incident Response: EnCase, GRR, and Volatility• Host Protection: Anti-Virus• Information… Show more [Job Category]• Enterprise Information Security (Office, IDC, vCould, Amazon Cloud)• Digital Forensic Incident Response• Anti-DDoS• Online Game Security (PC and Mobile)[Knowledge and Product]• Perimeter Defense: Firewall, Anti-DDos, IDS(Security Onion), and Application Switch• Operating System and Server Protection: Windows, Linux, Web, DNS, Proxy, etc.• Computer Incident Response: EnCase, GRR, and Volatility• Host Protection: Anti-Virus• Information Protection: SSL, PKI, and DRM[Analysis, Management and Automation Tools]• Splunk (50GB/day)• ELK Stack with Redis (50GB/day)• Zabbix• Python, JavaScript Show less

Digital Forensic Analyst, A-FIRST (AhnLab Forensic Incident Response and Service Team)• Organized a team dubbed A-FIRST specialized to DFIR (2010 - 2012)• Having a lot of experiences of Incident Response at several industries of Financial, Game and National Information Infrastructure• Developing physical memory analyzer and carving utility for Windows Event Log• Introduced the timeline analysis based on visualization• Consulting Digital Forensic Readiness in enterprise… Show more Digital Forensic Analyst, A-FIRST (AhnLab Forensic Incident Response and Service Team)• Organized a team dubbed A-FIRST specialized to DFIR (2010 - 2012)• Having a lot of experiences of Incident Response at several industries of Financial, Game and National Information Infrastructure• Developing physical memory analyzer and carving utility for Windows Event Log• Introduced the timeline analysis based on visualization• Consulting Digital Forensic Readiness in enterprise environment especiallyAnti-Virus Researcher, AhnLab Security Emergency response Center, ASEC (2005 - 2010)• Malware Analysis (Virus, Worm, Trojan, Spyware, etc,.)• Developing V3 Anti-Virus Engine which is core of AhnLab• Analyzing malware Network packet and making IDS/IPS signatures based on Snort• Researching Vulnerability(CVE, MAPP) and Response• Developing Malware Automatic Research System - throughput of one day for the system is 50,000 malicious files Show less

• Developing DRM(Digital Right Management) Solution• Developing PKI(Public Key Infrastructure) Library by using MSCryptoAPI• Developing On-line Certificate Issuance Solution for Korea G4C (Government for Citizen) Web Site• Developing Web Contents Protection Software• Developing Identification Service base on Cryptography Programming• Developing Automatic Code Obfuscates Software

• Developing Windows Device Driver with C/C++• Developing POS (Point Of Sale) System with C++• Developing Dynamic DNS Client, Server (Unix server programming) with C• Developing various Web sites written in PHP, ASP