Tony Hsu work email
- Valid
Tony Hsu personal email
- Valid
20 yrs in cloud security solutions and secure development practices. 500强企业安全专家, 深圳商用密码协会委员会专家 /副主席, 中国互联网协会安全副部长个人著作:1. Author of “Hands-on Security in DevOps” ISBN: 978-1-78899-550-4 产品安全开发流程2. Author of "Hands-on Security Automation in DevOps" ISBN: 978-1-78980-202-3自动化安全测试3. Author of 《ISA SERVER隨身管理手冊》ISBN:9861252894 4. 共同著作 OWASP Web Security Testing Guide, secure API design CheatSheet, Proactive Control Guide, Encryption Guide.5. <中国智能家电信息安全发展白皮书4.0> 物联生态安全联盟等共同作者国家标准共同作者:**《家用和类似用途电器专用WLAN通信模块技术规范》**《智能家用电器个人信息保护要求和测评方法》**T/CHEAA 0001.2-2020《智能家电云云互联互通 第2部分: 信息安全技术要求与评估方法 https://www.cheaa.org/contents/419/9210.html** 国标《智能家用电器个人信息保护要求和评价方法》出版,标准号 GB/T 40979-2021** 行标《物联网实时操作系统安全技术要求(评估保障级4增强级)》出版,标准号CCRC-EAL-TR-039-2021my Blog with over 300+ technical articles.- http://qa-knowhow.com/Key expertise includes- Web penetration testing (OWASP) Guide, rest API Security, Proactive Control Guide co-Authored - Privacy Data Protection (encryption, anonymiszation, Pseudonymization, data masking...) and GDPR, TRUSTe compliance - BSIMM, OWASP SAMM, SDL (Secure Development Lifecycle), ISO 27034 -Security Automation/Performance testing (ZAP, nmap, JMeter, SoapUI, Selenium, Python, BDD/Robot) -WireShark Network Forensics Analysis and Malware Analysis- MS Database performance tuning- Secure Code Review (C/Java/Python)CertificateCompTIA Security+ Trend Certified Security ExpertCCNA/CCDA / Cisco PIX FirewallMCSE (Microsoft Certified System Engineer)Sun Certified System Administrator SolarisMSDBA / Sybase Administrator / Oracle OCAPMP (Project Management Professional)Interview / Speaker / Publication引领行业!美的荣获20周年网络安全国家标准优秀实践案例奖http://pingquan.jiaju.sina.com.cn/zixun/q/20220421/6922819297614300455.shtml- 智能安全先行:美的IoT打造智能家居安全顶格标准 http://www.wcwntv.com/news/2020/07/29/61856776.html- 美的AIOT智慧家居安全 http://www.abi.com.cn/news/htmfiles/2019-10/219245.shtml- OWASP co-Authors contributors of "OWASP Testing Guide" https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents- OWASP co-authors of Proactive Controls https://www.owasp.org/index.php/OWASP_Proactive_Controls-Automation session speaker of “Top 100 summit conference” in Beijing 2012 Dec. http://top100summit.com/content.php?id=365-“Efficient Stand-up Meeting for Agile/SCRUM practices”. 站立會議拼效率,團隊更敏捷 (2012-12 / Cheers Magazine Issue 147)http://www.cheers.com.tw/article/article.action?id=5045302- "跨國合作" 經理人雜誌 http://www.managertoday.com.tw/?p=31821- "雲端資訊安全實務" at 資訊策進會 http://www.iiiedu.org.tw/ites/CCS.htm
-
Iot Security HeadMidea Group (Fortune Global 500 Company) Jun 2019 - Jan 2023Foshan, Guangdong, CnMidea IoT Security Lab secure the IoT cloud security, mobile APP, and smartHome appliances devices. The security program covers1. Established SDL (Secure Development Lifecycle) AIoT DevSecOps In addition to application security, the E2E security covers the IoT security such as firmware security, protocol connections, TPM/TEE with hardware, data privacy security.2. Build SmartHome/AIoT Appliance Security framework Privacy data protection, devices self-protection, communication security, devices fingerprint, Cloud service security and so on.3. Security and Privacy Certification/Standards Compliance Privacy : GDPR, TrustE, ISO 27001, ePrivacyAPP, ISO27701 Common Criteria, ISO 15408 IoT Security: ENISA, GSMA, NIST 8259, ETSI 303645, China CCRC Cloud Security: CSA STAR, CCM, NIST, MLPS 2.0 等保 IoT Security Lab: Certified by ISO 17025 + China CNAS 美的智慧家居 IoT 首席安全官AIoT安全与隐私体系 - 工信部20周年网络安全三等奖负责美的全集团智能化智慧生活的安全与隐私保障 体系建设包含:云服务安全, 移动APP安全, 智能家电安全, 数据风控, 隐私数据保护等1. 美的-物联网安全开发工程流程:端到端包含硬件与firmware 安全到云服务整体开发安全流程2. 产品安全:TEE/TPM, 隐私数据保护, 设备指纹, 通信安全等3. 安全认证:云安全认证, 隐私数据认证, CC认证等4. 隐私数据合规:GDPR, APP个人隐私数据处理规范, California Consumer Privacy Act (CCPA) AB 375 , California Cybersecurity IoT Law SB 327 等IoT 安全合规 5. 美的商城安全保障著作1. 个人著作 Hands-on Security in DevOps2. 个人著作 Practical Security Automation and Testing3. 共同作者 - 2020年中国物联网年度报告 -- IoT安全团标/国标共同作者1.《家用和类似用途电器专用WLAN通信模块技术规范》2.《智能家用电器个人信息保护要求和测评方法》3.《智能家电云云互联互通 第2部分: 信息安全技术要求与评估方法 》4. 行业标准 RB/T <智能家居产品信息安全评价规范>5. 团体标准 T/CAS 499-2021 智能家用电器网络安全技术要求和测评方法6. 国家标准立项 智能语音控制器通用安全技术要求7. 国家标准 智能家用电器的通用安全技术要求8. 国标《智能家用电器个人信息保护要求和评价方法》出版,标准号 GB/T 40979-20219. 行标《物联网实时操作系统安全技术要求(评估保障级4增强级)》出版,标准号CCRC-EAL-TR-039-2021引领行业!美的荣获20周年网络安全国家标准优秀实践案例奖http://pingquan.jiaju.sina.com.cn/zixun/q/20220421/6922819297614300455.shtml数据安全“星熠”優秀案例https://mp.weixin.qq.com/s/fCSwyWma58_LcR68hrYAKgMidea AOIT Security Press releaseshttp://www.abi.com.cn/news/htmfiles/2019-10/219227.shtmlhttp://baijiahao.baidu.com/s?id=1647556608132230738&wfr=spider&for=pc -
Chief Cyber Security Archiect @ Cyber Security OfficeHuawei Technologies Jan 2016 - Jun 2019Shenzhen, Guangdong, CnProvide worldwide telecom customers SaaS / networking management software in a secure manner. Tony is in charge of technical cloud security solutions with dev team size of 10,000+. The key R&R drives the software security maturity (OWASP SAMM and BSIMM) through the SDL Secure software development lifecycle and continuous operation (DevSecOps) including design, coding, develoment, QA and security testing.1. Secure Architecture design review with industry best practices2. Built Threat modeling (STRIDE, CAPEC, CWE) knowledgebase.3. Secure Development Lifecycle (BSIMM, SAMM)4. Penetration and Fuzz testing automation (ZAP, Burp, Nmap, Python, Kali, MobSF)5. C/Java Secure Code Review (CWE, CERT, MITRE, klocwork, Coverity, Fortify)6. Security Solutions Adoption (Antivirus, WAF, IPS, Encryption, IAM, Cloud Security)7. Vulnerability discovery and incidents response8. Industry and Secure best Practices compliance ( ISO 27017/27018, CSA, OWASP, NIST)9. Security and threats monitoring 10. Information and data leakage prevention for the RD dept team. 1 负责网络安全工程部SDL(安全设计, 安全编码与测试)开发团队规模超过一万人。软件成功通过欧洲市场与英国安全测试中心认证与合规 (GDPR, BCR, CBPR), 德国电信 PSA (Privacy and Security Assessment)等2 安全开发工程能力评估, 基线建立, 安全规范与标准, 安全工具与安全自动化70%技术导入于开发流程中. 3 负责对IT风险的识别和管理与各产品线开发过程中的安全关键风险 (如SQLi、XSS、CSRF等)4 精通主流安全漏洞与原理, 相关对应安全设计攻防方案, 对软件漏洞与安全问题响应与分析 (CVSS 3.0)5 对标行业安全(OWASP, ETSI SEC, ISO 2700x, FedRAMP, NIST, MPLS, TC260(中国))与业务架构安全设计 (IAM, 微服务, API安全, Web安全框架, 认证, 加密, 会话管理)等于产品的落地.6. 规划与负责产品云化上线所需安全控制(例如: WAF, SIEM, IPS/IDF等)7. 云安全运维规划与设计8. 支撑各产品共通性安全问题的解决, 安全编码, 安全设计与安全自动化测试等个人获得 1. 2019 电信软件改革表彰项目组(Carrier Software Reform Award Project Team) 2. Future Stars Award 2018 on the Hall of Fame 3. 华为网络安全总裁奖 2016/20174. 网络安全三等奖 (Hauwei Telco OS 安全)5. 2017年年度最佳网络安全与用户隐私保护工程师http://www.huawei.com/en/events/mwc/2016/topics/digitizing-with-huawei-telco-os安全架构设计方案包含: OpenAPI, 微服务鉴权, 平台服务安全, 数据安全, DDOS应用层安全, IAM认证 -
Author Of "Practical Security Automation And Testing" & "Hands-On Security In Devops"Packt Jan 2018 - Aug 2018Birmingham, England, GbPublished two books wit the PACKT publisher Author of "Practical Security Automation and Testing"Author of "Hands-On Security in DevOps" Amazon - http://amazon.com/author/tonyhsuHere is the overview of the book, What you will learnUnderstand DevSecOps culture and organizationLearn security requirements, management, and metricsSecure your architecture design by looking at threat modeling, coding tools and practicesHandle most common security issues and explore black and white-box testing tools and practicesWork with security monitoring toolkits and online fraud detection rulesExplore GDPR and PII handling case studies to understand the DevSecOps lifecycleWho this book is forHands-On Security in DevOps is for system administrators, security consultants, and DevOps engineers who want to secure their entire organization. Basic understanding of Cloud computing, automation frameworks, and programming is necessary.Table of ContentsDevSecOps Drivers and ChallengesSecurity Goal and MetricsSecurity Assurance Program and OrganizationSecurity Requirements and ComplianceCase Study: Security Assurance ProgramSecurity Architecture, Common Modules Framework, Design PrinciplesThreat modeling Practices & Secure DesignSecure Coding Baseline, Tools and Best PracticesCase Study: Continuous releases with security by defaultSecurity Testing Plan and CasesWhiteBox Testing TipsSecurity Testing toolkitsAutomation - Key to built-in security CI pipelineIncident ResponseSecurity MonitoringSecurity Scanning for new Releases releasesThreat Inspection and IntelligenceBusiness Fraud, Accounts and Services Abuses detectionGDPR compliance case studyDevSecOps Challenges, Tips and FAQ -
Sdl Security Technical TrainerTrend Micro Dec 2010 - Dec 2015Tokyo, Japan, JpIn addition to his existing Software Program/Quality Manager role, he also gives the following security technical training courses to Software engineering team. Over 500+ engineers attended and 150+ training hours delivery.1. "Web Application Hacking, Testing, and Prevention in Practice". & Secure Coding & threat modelingIt covers OWASP Top 10 security issue and hands-on testing tools and prevention techniques.2. Web Security Automation Testing 3. Security Networking Packet Analysis by WiresharkPacket level analysis helps to identify and answer the following questions. a. Is it application or network issue? b. What cause the network latency? c. Any security breach?4. Malware Analysis Statistic and Dynamic analysis of suspicious file behaviors.5. Windows Internals and Debugging Uses of SystemInternals & Windbg to identify the root/cause of the high-CPU, Hang, resource leakage issue.6. SQL Server Performance Tuning and monitoring7. "Performance testing and methodology". It covers the performance testing methodology, tools it uses, management control, endpoint solutions performance benchmark, website performance analysis, Database/OS optimization.Refer here. http://www.qa-knowhow.com/?cat=8 -
Sr Security Engineering Manager & ArchiectTrend Micro Jul 2004 - Dec 2015Tokyo, Japan, JpRole and Responsibility负责云安全, 企业安全与消费者安全等各项安全服务软件开发工作, 参与项目例如: 威胁管理, 防火墙, 终端防毒, 企业安全, 手机安全, 云安全服务等He is in Trendmicro R&D team to deliver Cloud Security, Enterprise and consumer security solutions (threat management, firewall, IPS/IDS, anti-virus software, mobile security, cloud security) for 15 years.-Define security design, solution, quality policy, quality metrics, testing plan, beta testing plan, quality criteria for security project release - Security Automation Testing by JMeter, Selenium, Python, SoapUI, and BDD, Nmap, OpenSCAP, Kali Linux, ZAP, BurpSuite- Secure Code scanning, klocwork, Coverity, FortifyAchievement-Delivered over 5+ major versions release for both Enterprise and consumer home security solutions. The annual revenue of the projects is over US 200 million dollars with over 10,000 endpoint clients per customer base. -Successfully start-up and released V1.0 security solution from concept to production launch with over 300,000+ registered users in 1st year launch, and released 5 localization languages within 6 months.-Streamlined customer service flow which resulted in 40% decreases in the cycle time.Award-Best Employee Awards “communication” in Project Manager role in 2006.-Automation session speaker of “Top 100 summit conference” in Beijing 2012 Dec. http://top100summit.com/content.php?id=365-“Efficient Stand-up Meeting for Agile/SCRUM practices”. 站立會議拼效率,團隊更敏捷 (2012-12 / Cheers Magazine Issue 147)http://www.cheers.com.tw/article/article.action?id=5045302-Nominated for TrendMicro Excellence Engineering Award on “Agile development practice adoption” & “Engineering Tool & Methodology Innovation” in 2009 and 2012.
-
Technical Secutity LeadTrend Micro May 2002 - Jun 2004Tokyo, Japan, JpRole & Responsibility- Responsible of security Automation/Manual/Unit testing and debugging software components to make sure they meet specifications and user requirements.- Module level automation rate over 80%.- Tool/Technology: C, Python, JMeterAchievement-Pseudo Localization Award-Quarterly/Annual Best Employee 2003/2004-Successfully over 5+ major releases Enterprise solutions for Central Management, Mail Server protection, module integration-Build up Automation frameworkKey Technology/Tools-SQL Server-Web Portal-Automation development by using Perl, script or Python, Selenium
-
Security System EngineerArmy General Headquarter Jul 1998 - Apr 2000Security System Engineers for the Information Center of army general headquarter.@ 人事與財務系統的設計, 使用的工具為 PowerBuilder, Sybase。超過100線上使用者使用。@ 公文系統與LotusNotes Server導入、建置與維護。@ ISO 9001 軟體開發流程認證@ 負責人事署超過 100使用者系統,防毒、網路系統建置,網路線配置與規劃、網路伺服器(WINS, DNS, Database)建置與維護。@ windows、Unix(或Linux)等计算机操作系统,具备系统漏洞扫描、安全加固等@ 防火墙、IDS/IPS、防病毒、漏洞扫描、身份认证等安全产品软硬件知识,设计、安装、配置和故障处理@ 国家信息安全等级保护标准及涉密信息系统建设标准@ 负责对整体IT信息架构安全, 信息安全问题响应计画与预防措施
Tony Hsu Skills
Tony Hsu Education Details
-
Edinburgh Napier UniversityComputer Engineering -
National Taiwan University Of Science And TechnologyComputer/Information Technology Administration And Management
Frequently Asked Questions about Tony Hsu
What is Tony Hsu's role at the current company?
Tony Hsu's current role is IoT Security head/Author of "Hands-On Security in DevOps" & "Practical Security Automation and Testing ".
What is Tony Hsu's email address?
Tony Hsu's email address is to****@****cro.com
What schools did Tony Hsu attend?
Tony Hsu attended Edinburgh Napier University, National Taiwan University Of Science And Technology.
What skills is Tony Hsu known for?
Tony Hsu has skills like Test Automation, Software Project Management, Security, Software Quality Assurance, Performance Testing, System Testing, Quality Management, Computer Security, Microsoft Sql Server, Python, Localization, Security Management.
Free Chrome Extension
Find emails, phones & company data instantly
Aero Online
Your AI prospecting assistant
Select data to include:
0 records × $0.02 per record
Download 750 million emails and 100 million phone numbers
Access emails and phone numbers of over 750 million business users. Instantly download verified profiles using 20+ filters, including location, job title, company, function, and industry.
Start your free trial