Chris Su
Delta Electronics, Inc. / RD Sr. Supervisor
With extensive expertise in product security assessment and management, I successfully established an ISO 17025-accredited product security testing laboratory at Delta Electronics, where I served as the Technical Lead and Approval Signatory. I Have deep knowledge of international cybersecurity standards like IEC 62443 and has cooperated with IEC 62443 CBTL to to issue certified reports through rigorous reviews. In my leadership role, I guided a team in conducting comprehensive security assessments, including vulnerability research, threat modeling, risk assessment, penetration testing, fuzz testing, and vulnerability assessment for internal products. We have more than test over 100 products and discovered/ reported over 400 product weaknesses. Through product testing and evaluation, vulnerability reporting, Secure Development Lifecycle (SDLC) consulting, and cybersecurity certification guidance, I have ensured the comprehensive security of Delta's products. I specialize in ICT, IoT, and embedded device security, with a wealth of expertise in product security testing and evaluation.
Skills:
Binary vulnerability research and analysis
Information Security Testing and Assessment
Reverse engineering and vulnerability exploitation
Secure Development Lifecycle (SDLC) implementation
IoT and embedded device security
Threat Modeling is a must have of the Secure Development Lifecycle (SDLC) in Industrial Automation and Control Systems (IACS) and product planning. Conducting threat modeling during the early stages of product design and development, as well as ensuring compliance with security requirements, often presents numerous challenges for engineering and development teams. This speech will combine process implementation with practical experience, offering insights into following the IEC 62443-4-1 framework to establish a comprehensive process from the perspective of requirement verification and testing.
We will systematically explore the methodologies of Threat Modeling and Risk Assessment (TMRA), explaining how to identify critical threats, evaluate potential risks, and design effective mitigation measures during product development. Through anonymized real-world cases, we will demonstrate how to translate TMRA results into specific testing requirements and align them with the testing requirements of the Security Verification & Validation phase.
The session will cover:
- Threat identification and case studies
- Demonstrations of testing methods for specific threats
Additionally, we will share common challenges and solutions encountered during product certification and discuss how to establish a sustainable security maintenance mechanism.
This course is designed for product development team members, system security engineers, software security architects, and professionals responsible for certification evaluation, DevSecOps, or SDLC. Through practical recommendations, process guidance, and valuable hands-on experience, we aim to help participants build secure development processes for IACS and deepen their understanding of product security.
CYBERSEC 2025 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy 。