Sherman Li(CISSP/CISA)

Experience

• 

  HP

  Dec 2008 - Feb 2012

  Security Specialist

  Review customer's existing security strategies, Evaluate and analyze vulnerability scan and pentest reports to identificate issues and improvement areas, base on leading security technologies, best practices and research to design ISMS and/or Enterprise Security Architect for our clients. Perform a lead role in the identification of security trends, threats and risks. Assume a lead role in the design, build, configuration, and implementation of security services projects. Collaborate effectively with other teams and result in stronger relationships and a great benefit to everyone involved. Consistently achieve deadlines and reach key objectives for clients. Primarily during this period I delivered the following projects: ITG/ITM Project of China Investment SecuritiesIT Governance based on IT and Security assessment.Planning, establishing, maintaining and implementing information security policies and procedures based on industry standards and reviewing and making recommendations and changes as required to keep the client aligned with current security practices. ISO27001 Compliance of the Shenzhen airline (the subsidiary company of the Air China)Security risk assessment and architect designSecurity control framework design by mapping ISO27001 and CobitISMS Project of Taiping Assurance GroupRisk assessmentISO27001 and SOX compliance Show less

• 

  IBM

  Mar 2012 - Mar 2015

  Worke at IBM GTS BU , take security services leader role in China regin.Identify key trends and emerging technologies that can enhance or impact our security solution to maximize the value of our offering. Lead Security Services Teams to get winning results. Train and develop internal staffs. Research Cloud-based IAM solution with global Collaborated effectively with a global team to engage Cloud- based SOC solution to sell as an offering.My positive attitude allows me to see problems not as issues but as challenges that are fun to be solved. Master of multitasking, triaging and prioritizing. Possess excellent commercial awareness, and combine the ability to communicate with all levels of business individuals. Got the Top Gun achievement. Show less In GTS BU, as a results- orientated solution consultant, with IBM Security Pattern Design method, I had developed a great number of security solutions and collaborated effectively with Account Managers to identify opportunities. Engaged with delivery/sales teams to win the bid. Key Activities:ISO27001 Project of Foton(the fourth in China’s auto industry)Risk assessment and Security governance Architecture design ISMS DeliveryData Security Project of Qingdao BankArchitected and implemented Data Security Solution across IBM IAM, Guardium, and 3party product of User behavior auditMobility Security Project of the biggest real estate agency in ChinaRisk assessment and Security governance Architecture design and Mobility security solution delivery,include firewall and IDM Show less

  • Security Services Leader

    Apr 2014 - Mar 2015

  • Solution Architect

    Mar 2012 - Mar 2014
• 

  Accenture

  Nov 2021 - now

  Security delivery manager

  After the establishment of IBM Security Business Unit, I take a multiple role to co-work with the staff from security software department. Done some POCs together, and finished many hands on training to widen my knowledge of IBM Security Products and troubleshooting skills. Architecting by IBM IT Architect Thinking Method and implementation, utilising current technologies best suited to our clients. Serve as the owner of security services projects. The responsibility for successfully delivering security solutions into the customer environment. Keep customers safe by researching, developing, and keeping abreast of tools, techniques, and process improvements in support of security detection and analysis in accordance with current and emerging threat and attack vectors. Key Activities：SIEM Project of Agricultural Bank of ChinaArchitected and implemented Qradar SIEM platform based on risk assessment and log analysisTuned correlation rules for unique scenaros and APT detection, and monitoring security events from FW, F5, IDM, Router, OS, DB, IDPS, etc. Show less