Government Security Engineering, Auditing, and Vulnerability Research

2017 - 2019, extending into later audit work NCCST (now National Institute of Cyber Security) / Taiwan Government Projects Security Engineer / Auditor / Vulnerability Researcher

Early in my career, I worked in environments such as the National Center for Cyber Security Technology, the organization now known as the National Institute of Cyber Security in Taiwan. That period of government and critical-infrastructure security exercises, auditing, and vulnerability research gave me the operational foundation for the product security, enterprise defense, and national-resilience work I do today.

Representative work included:

planning and executing critical infrastructure offensive and defensive exercises in Taiwan
contributing to more than ten penetration testing projects for central and local government
building and maintaining a vulnerability reporting system
performing penetration testing and research on IoT devices and mobile applications
helping turn IoT and industrial security testing methods into practical security work

Representative vulnerability research outcomes included:

Zyxel: CVE-2018-9149
Axis: CVE-2018-9156, CVE-2018-9157, CVE-2018-9158
ASUS: CVE-2018-11491, CVE-2018-11492
Gigastone: CVE-2019-15067, CVE-2019-15068, CVE-2019-15069

This period taught me to think about security not only from a research or presentation perspective, but from the realities of attack paths, reporting workflows, remediation constraints, and long-term capability building.