Led authorized penetration testing engagements for prominent public hospitals, universities, military organizations, and government departments in Thailand. Assessed business-critical systems from a security expert’s perspective, identifying and reporting 17 critical and 23 high-risk vulnerabilities. Collaborated with IT departments to drive timely remediation and significantly reduce the overall risk surface. • • Supported local banking clients with regulatory gap analysis in alignment with the requirements of Thailand’s Financial Administration. Conducted comprehensive assessments of IT control frameworks and internal processes, identifying 78 non-compliant areas. Provided actionable recommendations and facilitated remediation, resulting in a 94.9% rectification rate and achieving 100% risk detection. • Enhanced enterprise endpoint security by introducing and integrating leading external solutions, including EDR, XDR, ZTSA, and MDM products. Developed and optimized the company’s endpoint security management systems, processes, and checklists to strengthen detection, response, and incident management capabilities. • Enhanced risk detection for 220+ enterprise endpoints by tuning EDR detection logic in alignment with MITRE framework, achieving a 44% improvement in real-time detection through iterative rule optimization and monthly evaluation cycles. • Investigated and mitigated major cybersecurity incidents (2024–2025), including response to six mining Trojan variants and nine supply chain attacks involving malicious PyPI packages. Drove incident response, threat containment, and post-incident analysis to minimize business impact.

Risk Assessment & Blue Team Leadership: Proactively uncovered business system vulnerabilities through comprehensive security assessments and Red Team/Blue Team exercises and spearheaded a complete rebuild of Country Garden’s security operations program, strengthening both security strategy and technical defenses across the enterprise. • • Security Strategy & Platform Development: Developed and implemented an information security technology strategy with key technical decisions aligned to business needs and current system state and revamped the entire security operations platform to improve detection granularity (reducing false positives,ensuring event fidelity, expanding IOC coverage, enhancing scenario correlation) and to integrate critical systems such as Advanced Persistent Threat (APT) detection, honeypots, and network intrusion defense. This initiative resulted in a far more effective and unified security operations platform. • Incident Response & Automation: Redefined the security incident response workflow by conducting a thorough process evaluation and adjustment. Integrated Security Operations Center (SOC) processes with SOAR (Security Orchestration, Automation, and Response) tools to streamline incident handling, greatly improving response speed and consistency while reducing manual effort. • Team Training & Development: Implemented a Problem-Based Learning (PBL) program combined with regular Red Team/Blue Team simulation drills, elevating the cybersecurity team’s technical proficiency scores by 29% over 12 months. Directed the upskilling of 17 team members across threat hunting, security engineering, cloud security, and security operations, utilizing industry tools such as AuthLogParser, Hybrid Analysis, Malwarebytes, and Intezer Analyze to build practical skills. • Project Leadership & SOC Enhancement: Led the team to deliver major security projects worth over RMB 10 million in under six months, including the launch of a new Security Operations Center platform with 8 advanced modules (e.g. distributed real-time event correlation engine with multi-tier logic, threat hunting search engine, full network 0-day threat analysis, APT intrusion detection, compromise detection intelligence, integrated threat intelligence feeds for IP/domain and file reputation, and automated incident orchestration). The new platform provided unified analysis of network traffic, user behavior, and log data across 7,000+ servers and 670+ externally facing business systems. • Results & Impact: Addressed critical gaps from the previous SOC platform by boosting threat detection accuracy from 60% to 92% and cutting false- positive alerts by ~77% (from ~13,000 down to ~3,000). Achieved automated resolution for the majority of routine security events, whereas previously over 60% of incidents required manual intervention, significantly enhancing the organization’s overall detection and response capabilities.

Risk Reduction: Achieved zero security breaches in 2020 (down from 7 in 2019) by establishing a comprehensive “zero-to-one” security architecture and program from scratch. • • Team Leadership: Built and managed a high-performing security team from the ground up, overseeing daily operations and incident response while mentoring staff to enhance their technical and operational capabilities. • Data Protection: Designed and implemented an end-to-end data security lifecycle framework, including data encryption, classification, anonymization, audit trails, and data labeling, to protect sensitive information. • Security Infrastructure: Integrated a robust suite of security solutions, leveraging both open-source and commercial products to establish a layered defense and comprehensive threat coverage. This included deploying 8 open-source tools (for network traffic analysis, intrusion detection systems, honeypots, • vulnerability management, sensitive data monitoring, SIEM/SOC platform, and threat intelligence) and implementing 16 commercial solutions (for web defacement protection, endpoint DLP, WAF, IPS, antivirus gateways, internal network auditing, EDR, asset inventory mapping, vulnerability scanning, database auditing, etc.). Directed the establishment of an enterprise ISMS, achieving 100% compliance and successful certification for both ISO 27001 and ISO 22301 within 10 months, minimizing audit findings and accelerating project closure by 20%; leveraged GRC tools and standardized policy automation workflows. • Upgraded threat detection standards by adopting continuous improvement workflows in collaboration with Red Team/Blue Team simulation and utilizing MITRE ATT&CK and industry benchmarking; generated monthly KPI reports that drove a 27% quarterly reduction in repeated vulnerability instances. • Incident Response: Established a formal incident management and emergency response framework to enable swift containment and resolution of security incidents. • Cost Savings: Realized significant cost savings by utilizing open-source security solutions and optimizing security investments, all without compromising protection or performance.

Spearheaded the development of the company's security operations platform alongside the research, development, and implementation of proprietary security products. • • Cultivated internal security tools and products by leveraging insights from red team/blue team exercises, security vulnerability detection, and contributions to open-source WAF (Web Application Firewall) projects. •Implemented risk-based prioritization and iterative refinement of security rules for intrusion prevention systems (IPS) and web application firewalls (WAF). •This approach reduced manual monitoring/response efforts by 30% while improving security rule accuracy, coverage, and threat detection rates by 22%. Achieved deployment of self-developed solutions-including WAF and real-time traffic analytics-across 200+ business systems (spanning Tmall GoodHousing's primary portal, core services, and edge applications) during tenure. •

Provided leadership and strategic direction: Led the institution’s cybersecurity team, safeguarding sensitive information assets, protecting the company’s reputation, and ensuring continuity of critical business operations. • • Developed comprehensive security strategy: Created and implemented a robust cybersecurity strategy and governance framework aligned with all regulatory requirements and industry best practices. • Managed high-performance security team: Managed a team of 10 cybersecurity professionals, setting clear objectives, mentoring staff, and overseeing performance to ensure consistent delivery of high-quality security services. • Reduced security incidents by 25%: Conducted regular cybersecurity risk and vulnerability assessments and oversaw remediation of identified issues, achieving a 25% reduction in security incidents. • Strengthened cloud security (Azure): Spearheaded an Azure cloud security incident response and event analysis project, implementing Azure-native monitoring tools that improved cloud threat detection and reduced cloud incident response times by 30%. • Ensured 100% regulatory compliance: Continuously updated and enforced cybersecurity policies and procedures across the institution; achieved 100% pass rates in annual security audits with zero regulatory findings. • Built external partnerships: Cultivated strong relationships with external stakeholders – including regulatory bodies, industry partners, and law enforcement agencies – to facilitate information sharing and coordinate responses to emerging threats. • Executive reporting and communication: Delivered quarterly reports and presentations to senior management and the Board of Directors, detailing the organization’s cybersecurity posture, emerging risks, and analysis of security incidents. • Directed implementation and enforcement of control policies across 12 business units over 10 months, utilizing MS Defender and Azure Policy to elevate compliance monitoring frequency to monthly cycles and ensure consistent alignment with NIST and ISO 27001 standards.

Conducted targeted security technical operations and management initiatives through analysis of security governance challenges, devising and optimizing the company's holistic security strategies. • • Analyzed security testing and risk assessment gaps, revised and enhanced the organization's security governance framework to strengthen perimeter defenses and reduce external attack surfaces, achieving accelerated risk mitigation. • Deployed industry-standard vulnerability scanning tools (Nessus, Appscan, Nexpose) for comprehensive assessments of the Civil Aviation Department's core systems. • Performed exploit validation through hybrid manual/tool-driven methodologies (Burp Suite, Cobalt Strike, frp) to address vulnerabilities in external-facing business systems. • Implemented Cyber Kill Chain analysis, risk matrix modeling, and threat intelligence frameworks to evaluate mobile applications, business systems, and infrastructure architecture, producing comprehensive risk assessment reports with cost-benefit analysis. • Security Strategy: Developed and implemented 50+ security rules for network intrusion detection systems (NIDS), resolving detection accuracy gaps for Webshell management tools (Hatchet, Chopper) through traffic pattern analysis. • Security Testing: Identified 26 critical vulnerabilities, 47 high-risk vulnerabilities, and 130+ medium/low-risk vulnerabilities across 30+ mission-critical systems, including: Flight scheduling systems, Aviation information management platforms, Meteorological intelligence architectures.