Asia-Pacific Information Security Leadership Achievements - ISC

Freddy Tan, CISSPCo-Chair, Asian Advisory Board, (ISC) 2Chairperson, Board of Directors, (ISC) 2Cyber Security Strategist, Public Safety & National SecurityMicrosoft AsiaSINGAPOREFreddy enjoys enabling emerging information communications (infocomm) markets to“level up” their security posture to allow their communities to trust infocomm services.Before Microsoft, Freddy served with the Ministry of Defense, Singapore (MINDEF) andSingapore Armed Forces. Over the course of his twenty-five years with the MINDEF,he was involved in many aspects of infocomm security, ranging from security policyformulation to security monitoring and incident response.He has participated as a working committee member on various infocomm securitymasterplan projects with the Infocomm Development Authority (IDA) of Singapore.He was also a member of the Singapore National Infocomm Competency Framework(NICF) Technical Committee. He was awarded an (ISC) 2 President’s Award in 2003 inrecognition of his volunteer work with the organization.He is a frequent speaker at security events in Bangladesh, Brunei, Indonesia, Malaysia,Philippines, Singapore, Sri Lanka, South Korea, Thailand, the United States of America,and Vietnam. He has also been called upon by media in Bangladesh, Malaysia, Singapore,and South Korea for his opinions regarding cyber security.Charles Wale, CISSP, CISA, CRISCDirector, Lee Douglas & AssociatesAUSTRALIACharles Wale has fifteen years of experience in the information security industry. Hebegan his career working within the information risk management practice of KPMG,initially in London, U.K., and then in Melbourne, Australia. He led their informationsecurity practice in Melbourne, building it from two to five staff members within twoyears. He has also worked for Cybertrust (now Verizon Business) in their informationsecurity consulting practice and Fujitsu Consulting, where he spent some time as thecaretaker of the national information security consulting practice in Australia. He wasthe manager of the southern region of the information security consulting practicefor Telstra in Melbourne for three years. He is now the director of Lee Douglas &Associates’ Information Risk Management and Security practice.Mr. Wale has been heavily involved with the Australian Information Security Association(AISA), an (ISC) 2 Affiliated Local Interest Group (ALIG), for the past ten years. He assistedduring the early days of the Melbourne branch, when the organization was known asthe Information Security Interest Group (ISIG). He became the Melbourne branch chair,a position he held for two years, before chairing the Branch Chair Committee for oneyear. He also sat on the AISA Executive Board for three years. He was the founder andmoderator of the Australian AISA CISSP Forum. He has been a CISSP for seven years,and holds the CISA, CRISC and, until recently, the PCI-QSA certifications.Dr. Meng-Chow Kang, CISSP, CISADirector and Chief Information Security Officer for Chinaand A-P/JCisco SystemsSINGAPOREBased in Singapore, Dr. Kang has been a practicing information security professional formore than twenty years, with field experience spanning from technical to management inthe various security and risk management roles within the Singapore government, majormulti-national financial institutions, and security and technology providers. Dr. Kang hasbeen contributing to the development and adoption of international standards relatingto information security since 1998, and initiated the formation of the Regional AsiaInformation Security Standards (RAISS) Forum in 2004, which has since completed thedevelopment of a number of regionally focused standards deployment guides, and hasbeen serving as a regional platform contributing to international standards developmentin ISO and ITU-T. Since 2006, Dr. Kang has also been the convenor of ISO/IEC JTC 1 SC27 WG 4 – “Security Controls & Services”, responsible for managing and coordinatingthe development of a series of international security standards supporting the needsfor the implementation of the ISO/IEC 27001 standard for information security riskmanagement.- 18 - - 19 -