Tommy Tseng

Viewsonic / Security Architect

With extensive experience in cybersecurity and software development, I specialize in integrating security technologies with best development practices, providing enterprises with comprehensive security protection and process optimization. Proficient in DevSecOps, cloud security architecture, and enterprise security governance, I ensure that development, operations, and infrastructure comply with international security standards and regulatory requirements.

I hold multiple international certifications, including CISSP, CISM, CISA, CCSP, ISO 27001, ISO 27701, ISO 22301, and ISO 42001, with expertise in cloud architecture analysis, information security management, cloud and network security, risk assessment, and compliance. I assist enterprises in building robust security frameworks and risk management mechanisms.

Currently, I am pursuing a degree in technology law, combining law, cybersecurity, and privacy expertise to develop comprehensive security governance and compliance solutions. My goal is to ensure that businesses maintain a competitive edge amid digital transformation and evolving cybersecurity challenges, strengthening security governance to address future threats and regulatory changes.

SPEECH

4/17 (Thu.) 11:45 - 12:30 7F 701F Secure Software & DevSecOps Forum

Decoding AI Compliance: Integrating Core Principles from the EU White Paper on Artificial Intelligence into DevSecOps

This talk explores seamlessly integrating AI compliance into DevSecOps, balancing technological innovation and regulatory adherence. As AI adoption grows, the EU AI Act, the world’s first AI regulation, imposes strict requirements on technology development and risk governance, significantly raising compliance thresholds for businesses.

We will deconstruct the AI Act, tracing its evolution from the AI White Paper → Trustworthy AI → AI Act, and incorporate ISO 42001 methodologies to examine risk management, governance, process management, data governance, AI algorithms, system architecture, and input-output processes for comprehensive AI compliance.

Additionally, this session will explore embedding compliance into the DevSecOps lifecycle, covering security and privacy, ethical standards, legal risk management, and continuous improvement. Ultimately, we aim to help businesses build human-centric, trustworthy AI, ensuring they stay competitive in the rapidly evolving AI regulatory landscape.