Chun Horng's Home Page

My Resume
Home | About Me | Favorite Links | Contact Me | My Resume

Yeong Chun Horng
Age: 36

Bishan, Singapore

My E-Mail Address

Objective:

My objective is to become a leading expert in the field of information security. Starting from a theoretical and academic background as a researcher in the university, I moved to development and deployment of commercial security systems.  I was the lead developer of a secure online payment system which was deployed in production environment.  The experience further exposed me to the deployment and operational side of security.  My encounters with top auditors from leading financial institutions also sparked my interest in security auditing which led me to obtain BS7999 lead auditor certification and CISSP (Certified Information Systems Security Professional).

Experience

RadianTrust Pte Ltd:   Nov 2006 – Present
 
Currently a Senior Security Software Engineer in RadianTrust, a fully owned subsidiary of CrimsonLogic. 
 
Consultancy and Training
Providing security consultancy and training in Public Key Infrastructure (PKI) and cryptography.
 
Product Development
Various security products.
 
Encentuate Pte Ltd:   Feb 2005 – Oct 2006
 
A Senior Software Design Engineer in the development of the Encentuate TCI product which won the 2007 SC Magazine Awards in the "Best Identity Management Solution" category.

 
Single Sign On
Product development using USB tokens, biometric devices and Windows system programming, including USB, GINA, Windows Terminal Services and Citrix.

PrivyLink Pte Ltd:   May 1998 – Jan 2005

 

A Principal Engineer who leads a team in the development of cryptography enabled applications or application development toolkits.  The scope of my work includes software design, documentation, actual coding, designing test plans and deployment plans as well as providing technical support to customers.

 

Product Development – Java Toolkit

·         Designed and developed a JCE (Java Cryptographic Environment) library and a Java based toolkit that implements PKCS and X.509 standards.

 

A Government Agency

·         Ported PrivyLink’s hardware security module (HSM) client API to OS390.

·         Developed a Cobol interface for interfacing PrivyLink’s hardware security module (HSM) to OS 390 mainframe.

 

Product Development - Secure Lightweight Internet File Transfer (SLIFT)

·         Designed and led a team to develop a web based version of the SLIFT product.  SLIFT is a secure file transfer application that allows users to exchange files securely via the World Wide Web.

·         Designed and led a team to develop a FTPS based version of the SLIFT product.  FTPS is a SSL enhanced FTP protocol.

 

Product Development - Hardware Security Module (HSM)

·         Designed and developed PKCS #11 and Microsoft CryptoAPI interfaces for PrivyLink’s Cryptographic Key Server (CKS).

 

Online Payment System For A Financial Institution

 

·         Played key role in the design and development of SET payment products.  SET or Secure Electronic Transaction is a payment standard proposed by VISA with MasterCard.  The following components were developed for the financial institution: Certification Authority, Payment Gateway, Merchant Server and Cardholder software.

·         The solution includes the implementation of the following standards: X.509 Certificates and Certificate Revocation Lists (CRLs), PKCS #1, PKCS #5, PKCS #7, PKCS#8, PKCS#10, PKCS#12, ISO8583 financial messages and ASN.1.

·         Obtained SET Mark for Payment Gateway and Certification Authority for compliance with international standards.  Our product was the first product in Asia outside of Japan to obtain this certification.

·         Tested the developed applications using Test Environment Toolkit (Tetware) from the Open Group.

·         Familiar with Visa International and MasterCard’s audit requirements for operating a CA and Payment Gateway.

·         Designed policies and procedures for operation and administration of Standard Chartered Bank’s Data Centre that have successfully cleared Visa International’s audit for CA and Payment Gateway operations.

·         Currently the data center has been in production for 4 years running.  The transaction volume averages 14,000 every week.

 

Electronic Service Delivery For A Overseas Project

 

·         Extended Java Digital Certificate and Revocation List classes.

·         Packaging of Payment Gateway for a bank and provided technical consultancy.

 

Electronic File Submission System For a Government Agency

·         Provided consultation to clients, solicited requirements and subsequently developed implementation plans.

·         Analysed and customised APIs for the generation and processing of certificates and Certificate Revocation Lists.

·         Coordinated the development and delivery of software and documentation for Certificate/CRL and smart card modules.

  

Internal Training

·         Conducts training on cryptography and security to internal staff.

 

National University of Singapore:   Oct 95 – Apr 98

 

Singapore Enterprise Security Architecture (SESA) for 13 leading organisations in Singapore with the aim to secure communication on open networks.

·         Participated in the design, development and documentation of SESA.

·         Researched on public key and smart card technology and communication protocols.

·         Designed and built a Certification Authority to generate X.509 version three Certificates and version two Certificate Revocation Lists.

·         Developed smart card personalization program for Gemplus MPCOS cards.

·         Interviewed clients to collect requirements for the development of applications making use of public key technology.

·         Designed and built a Generic Transaction Authorisation system that makes use of public key technology.

·         Designed and conducted training sessions for users.

 

Developed functional language database for Research purposes

·         Designed and built interface for formulating database queries.  Project required knowledge in database query processing, query transformation and optimisation, and functional language programming.

EDUCATION

National University of Singapore:   Jun 91 – Apr 99

 

·         Masters of Science (Computer Science) – Thesis entitled “Optimising Public Key Infrastructure for Smart Cards”.

·         Bachelor of Science (Honors in Information Systems & Computer Science).

·         NUS Research Scholarship.

·         Awarded Dean’s List for Meritorious Performance in undergraduate years.

·         Teaching Assistant for first year computing students.

 

NCR – Industrial Attachment:   Apr – Dec 93

·         Developed and implemented a full functionality Point of Sales (POS) system on a NCR POS Terminal.

 

TECHNICAL KNOWLEDGE/EXPERIENCE

 

n     Operating System • UNIX • IBM AIX • HP-UX • DECUNX, SOLARIS, WINDOWS 95/98/2000/NT/XP • OS390

n     Hardware • Atalla Hardware Security Module • PrivyLink CKS

n     Tools • OSS ASN.1 Tools • MS Developers’ Studio • Certified JBuilder 6 Developer • Netscape Enterprise Server • Oracle SQLPlus •  Sybase • Microsoft Access • MySQL • Tomcat server

n     Programming Languages • SQL • C•  C++ • Java • COBOL • UNIX Scripting • ASN.1 • Haskell • Lisp

n     Other Technical Knowledge • Cryptography • Smart Cards • SSL • JCE • Payment Protocols • FTPS • Requirements on setting up a Certification Authority • SET 1.0 protocol messages • ISO8583 Payment Protocol • PKCS • X.509 • MS CAPI • PKIX • Web • Network  Security • CGIs, JSPs and Servlets • BS7799 Information Security Management Lead Auditor Certified • CISSP • OS390 JCL and Pre-Linker

n     Technical Interests • WAP • XML, Secure communication protocols