SEOUL, KOREA – “I am thrilled to be able to interact with security experts from around the world. I would like to become a world class information security expert." Dr. Shin Jong-whoi said.
Dr. Shin moved to Microsoft Korea as a Chief Security Advisor (CSA) from Korea Internet & Security Agency KISA on February of 2012 hoping to further his work as a global expert in his field. He has gained experience from his work with the National Information Agency (NIA) as a senior researcher in with work in IT standardization, and with KISA as a director working on personal information protection, critical information infrastructure protection and Information Security Management System (ISMS).
Regarding his recent shift from government work to a global company, Dr. Shin said "Microsoft currently has 23 CSAs around the world and I am actively collaborating with them in the security and privacy field. Also, I am sharing the information and intelligence on current security situations including the security policy of different countries. It is very useful and helpful to specialize my capability on not only security and privacy advice for internal activities, but also those which are external”.
While most of organizations refer to the security personal in charge of as a ‘CSO’ or ‘CISO’, Microsoft names them a ‘CSA’ to efficiently organize their organizations around the world. Microsoft coordinates their security organization from their head office rather than placing independent groups in each country. The representative organizations are Trustworthy Computing (TwC) and Cyber Crimes Center (CCC). In order to carry out security duties, these organizations are in close cooperation with each country’s CSA. In this regard the CSA has a responsibility and plays a pivotal role. Dr. Shin emphasized that Microsoft stands alone in its protection of the security of its products globally. Since the declaration of Trustworthy Computing in 2002 by Bill Gates, all products by Microsoft have their own Security Development Lifecycle (SDL) which is added in the software development stage. This precaution has been taken to minimize the vulnerability of source code.
Based on its expertise, Microsoft has been providing superior software to customers using SQL DB Server, Windows Server for Active Directory, VDI network separation solution, and Systemcenter all of which have satisfied legal requirements. In particular, SDL is used in worldwide companies such as Cisco and Adobe Systems.
Dr. Shin says that he want to be recognized as a well-rounded security expert with expertise in the policy and technology in the security and privacy field rather than just a simple technology-oriented officer. In the security expert industry one who can deal with the overall policy and regulations by government as well as the technology, is very rare.
