Alan Wong Director Alan is a director at Protiviti Hong Kong with over 21 years of experience in IT and security solutions and project management. He specialises in IT governance, risk assessment, regulatory compliance, and cybersecurity assessment and consulting. He also has an extensive experience in the secure software development lifecycle, security vendor solutions and technologies, and managed security and network services.Before joining Protiviti, Alan was a risk advisory associate director on Deloitte's cyber team, focusing on cybersecurity risk assessment and advisory services.Major projectsLed and delivered strategy advisory services such as implementing technology roadmaps for banks to meet Hong Kong Monetary Authority's (HKMA's) Cybersecurity Resilience Assessment Framework (C-RAF) and other regulatory requirements including TM-E-1, TM-G-1, TM-G-2, SA-2, OR-1, OR-2, etc.Managed and conducted assessment and advisory services to insurance companies regarding the Insurance Authority (IA) Guideline on Cybersecurity (GL20).Managed and conducted cyber maturity assessments for securities brokerage companies to comply with SFC guidelines, recommending solutions for implementing relevant security controls to fulfil compliance requirements and mitigate risks.Conducted Security Risk Assessment and Audit (SRAA) services for evaluating the security controls according to the OGCIO SRAA framework including S17, G3, etc.Managed and conducted security testing, including vulnerability scanning and penetration tests, providing remediation planning covering the revision of policies and various processes and procedures, including vulnerability management, patch management, firewall policy optimisation, etc., to clients.Delivered information security advisory services to an entertainment organisation to review and update their policies and standards covering network, system, application, data, and cloud security, as well as third-party risks, etc. Provided IT governance advisory services to a bank on their DevSecOps environment to comply with industry standards including HKMA TM-G-1, TM-E-1, ISO27017, etc.Led and managed the development of an ISO27001-certified SOC web portal with managed security service workflow design and integration of SIEM, ticketing, change management and other ITSM supporting systems.Delivered end-to-end managed security services to clients, including designing the scope, customising client requirements, and managing the deployment process to collect client information and retrieve logs for analysis and alerting.EducationBachelor of Computer Engineering, The University of Hong KongIndustry expertiseBanking and insurancePublic sectorRetailAreas of expertiseIT strategy and governanceSecurity architecture and control designCyber maturity assessment and technical security assessment & advisoryProfessional memberships and certificationsCertified Information Systems Security Professional (CISSP)Certified Cloud Security Professional (CCSP)Certified Information Systems Auditor (CISA)ISO27001:2013 Lead AuditorGIAC Exploit Researcher and Advanced Penetration Tester (GXPN)GIAC Penetration Tester (GPEN)Red Hat Certified Specialist in Ansible AutomationSplunk Certified ArchitectITIL Foundation
