William Dou Email & Phone Number

• Design, develop and maintain enterprise SOC and security systems that meet organizational and regulatory guidelines
• Manage a team of 6 security engineers and provide mentoring and coaching where appropriate
• Maintain up to date documentation and diagrams on system architecture, use cases, and procedures
• Interface and maintain relationship with government clients and cross-functional teams

• Achieved a lifelong dream of traveling throughout Southeast Asia visiting Taiwan, Singapore, Malaysia, Indonesia, Japan, South Korea, Vietnam, Cambodia & Thailand and immersed myself in new culture
• Planned multi-city, multi-country transportation, accommodation and activities logistics to ensure a smooth enjoyable experience
• Conducted comprehensive research and analysis to achieve 25-70% cost savings throughout the sabbatical
• Improved videography, photography, and video editing skills to document the experience.
• Adapted to driving on the other side of the road in applicable countries

Mclean, VA, US

• Develop and execute governance for threat modeling and provide reporting of compliance and adoption
• Produce educational training materials that support the adoption of threat modeling by associates across the business
• Support our customers in adopting and using the threat modeling tools we deliver for the business.
• Provide documentation to aid our customers in using those tools
• Plan and deliver work with the team through Agile and Scrum practices to provide visibility and transparency

Fairfax, Virginia, US

• Maintained and updated the information security program, including policies, processes, controls, and assessments, leading to increase in cybersecurity maturity across the enterprise.
• Managed, trained, and developed the cybersecurity team, conducted performance reviews, skill gap analysis; provided tasks prioritization, coaching and mentoring.
• Maintained oversight of DFAR & CMMC compliance, created Plan of Action and Milestone, worked with cross-functional departments to ensure compliance, and reported metrics to senior management.
• Directed evaluation, acquisition, and architected SIEM software across 3000+ endpoints and services, allowing continuous healthy ingestion and monitoring of logs.
• Conducted security risk assessment and management of vendors, client contracts, internal & external projects, mergers & acquisitions, and remediated risks, findings and vulnerabilities.
• Maintained relationships across departments with both executive and technology teams, leading to greater transparency, collaboration, and cohesion.

Fairfax, Virginia, US

• Develop and carry out information security plans and policies
• Awareness training on information security standards, policies and best practices
• Implement protections
• Conduct periodic network scans to find potential vulnerabilities
• Coordinate simulated attacks on the system to find exploitable weaknesses
• Monitor networks and systems for security breaches, through the use of software that detects intrusions and anomalous system behavior

Washington, District Of Columbia, US

• Managed projects by creating workflow diagrams, tracking numerous moving parts and tickets, leading planning meetings, resulting in greater efficiency and productivity.
• Led the security incident response process, evaluated business impact, provided stakeholders with daily updates, and saw remediation through to resolution.
• Audited SOC 2 Type 2 compliance activities and follow-up on outstanding tasks.
• Responded to client security questionnaires and interfaced with clients directly.
• Evaluated security posture of third party vendors and provided security advice and risk mitigation.
• Educated staff members on all aspects of security, provided consultation on best practices and solution on security issues.

• Remained as part of the global Economist Group information security team and continued to interface and aid in Economist security efforts (CQ Roll Call being Economist Group subsidiary)
• Work closely with the IT sysadmin group to ensure security controls are implemented effectively
• Propose, implement or amend security controls to changing attack vectors
• Audit security controls effectiveness against internal and industry standards
• Educate staff and provide security advice on internal projects across different departments, including collaborating with non-IT teams
• Conduct new joiner on-boarding security orientations

London, London, GB

• Design, implementation, deployment and management of vulnerability management program
• Mentor, train and help develop new members of the team in a welcoming and friendly atmosphere
• Create written and video documentation for system installs, configuration, and procedures that are concise, detailed yet easy to follow
• Conducted in-house web app security testing, created and socialized reports, and worked with developers to prioritize and remediate vulnerabilities.
• Written articles, conducted webinars and in person drop-in sessions to increase security awareness
• Plan and implement security logging solutions, worked with other departments to on-board sources, and analyze logs on an ad hoc basis