Kuro Huang

ISC2 Taipei Chapter / Supervisor

Kuro currently serves as a supervisor for the ISC2 Taipei Chapter and is an active participant in the cybersecurity community. He runs the blog "Kuro's Cybersecurity Learning Notes" where he shares his personal learning journey and practical experiences. Kuro has a diverse professional background, having worked in high-tech manufacturing, finance, and one of the Big Four accounting firms. His responsibilities have included designing enterprise cybersecurity architectures, conducting technical assessments, and providing compliance consulting, giving him a well-rounded perspective from both the client and service provider sides.

Kuro has accumulated extensive project experience in the cybersecurity field, covering areas such as technical assessments, architecture design, data protection, regulatory evaluation, and risk control. He is also a frequent public speaker and professional trainer, dedicated to promoting information security, cybersecurity education, and talent development with the goal of enhancing the professional capabilities of cybersecurity practitioners in Taiwan.

In addition, Kuro holds more than 40 international certifications, including CISSP, CCSP, AWS SAA, GCP ACE, CISM, CISA, CGEIT, CDPSE, and CRISC.

SPEECH

4/17 (Thu.) 12:40 - 13:10 4F 4C Cloud Security Forum Lunch Learning Session Live Translation Session

A cloud administrator who often works quietly behind the scenes using admin privileges.

This session will take a neutral stance, exploring the management and technical risks associated with using cloud services from both the client's and provider's perspectives. Aimed at cybersecurity professionals looking to get started with cloud security, the discussion will consider the challenges and experiences faced in practical operations, given the finite resources available to enterprises.

We will delve into common cloud technology issues and their solutions, analyzing real-world scenarios to highlight various usage risks. Topics will include experiences with distributed and centralized cloud management, identity and access management security, virtual network architecture, workload security, relevant cybersecurity frameworks, cloud storage service misconfigurations, resource status considerations, and practical experiences. Our goal is to provide insights into architectural design, compliance, and technical solutions.