I am leading the chapter as aligned with ISC2 goals, my responsibilities are to preside over the business meetings and ensures that all rules and regulations are observed, appoints and serves as a member of all committees, decides tie votes and ensures that all officers faithfully perform their duties, supervise the affairs and ensure continuity of all aspects of chapter operations

I am a part of 3 original members of the chartering chapter which were on the final roster and being entitled with "Founding Members or Charter Members” unique designation and recognition after ISC2 Bangkok Chapter becomes an official chapter.

I am a director of the chapter, as aligned with ISC2 goals, my responsibilities are to promote the membership growth of the chapter and ensuring new and potential members can take part as easily and smoothly as possible. Also responsible for maintaining membership records to ensure they are accurate and up to date. I have been able to accelerate the growth rate of chapter members for over 1000% during my time.

As the board member of an association, my role is to oversee an association's operations, safeguarding stakeholder interests, and ensuring growth while outlining its diverse responsibilities and roles.My key duties are to be guardian of governance, strategic architects, overseeing performance, and be a champion stakeholders.

As a role of subject matter expert, I provide recommendation on Governance of IT, Information Security Governance, Enterprise Architecture and Business Resilience, this include keeping organization remain on compliance by continuously monitor all computer related legislation requirements and provide recommendation on proper control objective and implementation. In the part of Information System, I provide recommendation on Business Continuity Management, this include Business Impact Analysis (BIA), BCP and DRP which include detail design, planning and implementation of System Resiliency and Redundancy, Data Backup, Storage, and Restoration.In the part of Information Security, I provide recommendation on risk analysis base on weaknesses and potential threats to existing information assets and provide update and/or reports for internal and external clients detailing the security issues, making recommendations and identifying solutions.In the part of Cybersecurity, I provide advice on hacking tools, techniques and solution and on IT security incident response strategy and implementation method, including recommendation for services from Managed Security Service Providers (MSSP).As a practitioner and mentor, I provided consultant and training services in practices and standard such as ITIL, COBIT, TOGAF, ISMS, Project Management, CISSP, CISA, CISM, CDPSE, Data Privacy, CFR, CompTIA and in Vendor certification such as Cisco.

I also take a role of Data Protection Officer (DPO) which identify both internal and external requirements for the privacy program and practice to align with legal and regulatory requirement and best practices. I participate in the development of privacy policy, standard, procedure and process those align with business strategy. I manage, evaluate and review the contract, SLA of 3rd party partner and supplier to comply with privacy law and regulation. I participate in privacy incident management process and collaborate with information/cyber security for privacy relate risk and treatment plan. I ensure that privacy practice are follow throughout SDLC. I develop privacy relate metric and report the status and outcome of privacy relate program and practice to board of directors. I develop and maintain privacy related awareness training and ensure privacy continual improvement.As DPO, I also need to identify compliance and business requirement for data lifecycle management, I perform privacy impact assessment along with business impact analysis and develop/implement data lifecycle procedure that align with privacy policy and business strategy. I develop and validate and maintain security control base on data classification and keep the records reliable and up-to-date.Finally, I developed privacy control and privacy architecture those align with privacy policy and business needs. I manage the collaboration with information security and cybersecurity for privacy related risk assessment and ensure that privacy program and practice are follow under SDLC. I also evaluate, assess and ensure that the enterprise architecture and information security architecture are embedded with privacy by design.

As aligned with unified strategic and governance framework, I lead and guides the team to collaborate and supports end-to-end, enterprise security architectures work in agile environment, to support the national e-services platform super apps with more than 40 million subscribers.I provide and enhance the frictionless collaboration all across the organization from business, enterprise architecture, solution and developers and operations (DevOps) teams. This required the strong leadership and expertise in information technology, digital platform and cybersecurity to be able to create and manage a comprehensive technology for customers, organization and its supply-chain, ensuring that digital platform, infrastructure and its continual improvement align with the company's business goals.The key standards, frameworks and tools those I utilized including:ISO/IEC 27000 Series, NIST Cyber Security Framework and Risk Management Framework.ISO 31000, ISO 22301, ISO/IEC 29110, ISO/IEC/IEEE 12207 and ISO 9001Secure System/Software Development Lifecycle (S-SDLC)CMMI Dev, CMMI, CMMCMITRE CVE, MITRE ATT&CK, MITRE D3FEND, FIRST CVSS, NIST NVD, OWASP ASVS and MASStatic Application Security Testing (SAST), Software Composition Analysis (SCA)Interactive Application Security Testing (IAST), Dynamic Application Security Testing (DAST)Runtime Application Security Protection (RASP)

At PeerApp, I was a Subject Matter Expert/Principal Project Management/Lead Practitioner and Mentor in Enterprise Architecture (Main focus in Open Digital Framework, Open Digital Architecture and Frameworx - eTOM, SID and TAM), Enterprise Information Security Architecture, Cloud, Telecommunication and Network Infrastructure, Content Delivery Optimization, Acceleration and Monetization and other advance technology for telcos/operators and enterprises.I utilized AWS cloud, Google Cloud Platform, Microsoft Azure and GIT for provisioning of development environment, performance test and security assessment under SDLC, deployment and release management of PeerApp system platform.I also utilized Salesforce under PeerApp standard operation, including Sales Cloud, Service Cloud and Marketing Cloud.Based on Service Cloud, I manage the support program and play the key role in IT Service Management (ITSM) process improvement based on ITIL.PeerApp provide content delivery and optimization to help operators maintain the astounding growth in demand for Internet video and other OTT contents based on consumer behavior in this digital era. Bringing content closer as local, operator can cope with increasing consumers demand in Quality of Experience and lowers costs. Local content delivery is evolving with extended capabilities to optimize networks for quality and cost as the basis for monetization of OTT traffic for operators.

My primary role was to guide an organization in the part of Governance of IT, Information Security Governance, Data Privacy and Enterprise Architecture. This included an establishment, management and evaluation for continuous improvement of IT Governance, Strategy, Standard, Framework, Best Practices. I also provided guidance in the development of an Enterprise Risk Management (ERM), Policies, Standard, Guideline and Procedures. These include guidance on Organizational Structure design and establishment, applying Enterprise Architecture based on TOGAF, alignment of Maturity Models based on CMMI and ACMM. I also maintained an organization to remain on compliance based on legislation requirements. In the part of Information Security, I developed, established, evaluated, maintained and continuously improved the information security program, the goal is to protect the organization’s information assets in order to align with business goals and objectives those are enabled by the information system. These include the development of Information Asset Management, Security and Control, Information Asset Security Frameworks, Standards and Guidelines, Data Privacy, Physical Access and Environmental Controls, Identity and Access Management, Network and End-Point Security, Information/Data Classification, usage of Data Encryption and Encryption-Related Techniques and Public Key Infrastructure (PKI), Web-Based Communication and Security, Virtualized Environments, Mobile, Wireless and Internet-of-Things (IoT).

Dimension Data (Thailand) Limited. (Formerly Datacraft (Thailand) Limited and Later formed as NTT (Thailand) Limited) was a multinational system integrator with full capability of solution integration and consultancy for broad range of business vertical from Enterprise, Manufacturing, Telcos, Commercial/Retail, FSI, Education and Public Organization. I started my job as a Consultant (Subject Matter Expert) in the field of Information Management, Information Security, Governance, Risk and Compliance, Project Management and IT Services Management practices. Then I was promoted to Head of Security Solution; leading the team to fulfill customer needs in security solution. Not long after, with the increasing in the demand of security in all industries, my position was then again promoted to Head of Cross Line of Business Solution which manage a whole lot of the enterprise complex projects those required the integration of all solutions portfolio including:- Cloud, including Dimension Data cloud, AWS cloud and Microsoft Azure- Data Center Solution- Network Integration- Telecommunication- Security- Performance Optimization- Microsoft PlatformAt the same time, I was also an Enterprise Architect and a Client Partner for Dimension Data key accounts in all industries. My main focus was on client's enterprise Information Security Management System (ISMS) and IT services under SDLC. I utilized EITA and EISA framework; aiming for the outcomes of IT and Information Security those enabled and supported business goals and objectives. I also focused in the transformation of enterprise IT and information security, from a COST center to PROFIT center.I am also a Salesforce Skilled-User, utilizing Sales Cloud, Service Cloud and Marketing Cloud as part of Dimension Data standard operation.

I managed professional services team which comprise of presales consultants and services delivery engineers those utilizing and supporting Cisco Systems products & solutions, SUN Volume System Server and Storage, IBM eServer and Storage, Nortel Data (Routing and Switching) and Business Communication, Hitachi Data System, Brocade, CA BrightStor Enterprise Backup, McAfee, Symantec and Microsoft.My responsibilities included:- Prioritize procedure to provide a professional and harmony environment that put the customer first and treat them with respect.- Boost productivity, enhance procedures and drive the team to meet FY’04-06 revenue Quota. I also performed the project management based on practices led by PMO and managed IT services delivery based on IT Service Management (ITSM) practice.

I was a lead project manager for the multi-national team of developers and IT engineers in the development of Procars Freight Forwarding System project, utilizing IBM PSeries platform, WebSphere and DB2. I had demonstrated outstanding abilities in project management and code of conduct, resulting in solid enhancement of IT procedure in which supporting the company’s compliance in an achievement of ISO9002:2000 Standard.

I was the deployment team lead and project manager for the implementation of IT infrastructure and network control system for large manufacturing process, utilizing the technology from Rockwell Automation System and Cisco Integrated Industrial Grade Network Controller.I developed and maintained full IT service portfolio along with System Development Life Cycle (SDLC); including Analysis, Plan and requirements, Design, Development, Testing, Deployment, and Upkeep and Maintenance.