Array Networks
Senior Security Consultant
I am a cybersecurity researcher and practitioner with a background in penetration testing, security engineering, incident response (IR), and security automation. Over the years, I have specialized in web and mobile application security assessments, honeypot development, SIEM optimization, and security tool automation.
My work includes leading the development of a web log analysis platform and designing security features and workflows for 5G Purple Team platforms, focusing on cyber threat intelligence and advanced security testing.
Additionally, I have hands-on experience in incident response tool development, honeypot deployment, VMware ESXi automation, and have contributed to establishing a mobile security testing lab that meets MAS (Mobile Application Security) standards within my organization. I am proficient in SIEM operations (ArcSight), security forensics.
I am passionate about bridging security research with practical solutions. I have spoken at various conferences, including AWS Summits, sharing insights on cybersecurity trends, best practices, and security automation. My goal is to explore AI/ML applications in security, identify vulnerabilities across platforms, and contribute to the cybersecurity community.
在當前的 DevOps 環境中,自動化既是生產力的加速器,也是潛在的安全隱患。隨著 AI 技術的進步,攻擊者已經能夠利用 AI 進行高度自動化的滲透測試與攻擊,而防禦端則面臨更大的挑戰。
DevOps 自動化雖然提升了開發效率,但也帶來了新的安全風險。傳統的安全審查流程難以跟上快速迭代的 DevOps 速度,使得 CI/CD 配置錯誤、基礎設施漏洞、以及程式碼安全問題成為攻擊者的突破點。而 AI 技術的進步,讓攻擊者可以更高效地發現並利用這些漏洞,企業如何應對這樣的挑戰?
本研究開發了一套 AI 驅動的 DevOps 攻防與安全顧問系統,結合 OLLAMA AI 來:
我們將現場演示 AI 如何從攻擊到防禦的完整流程,並開源我們的研究成果,讓企業與 DevOps 團隊可以自由使用與改進。我們的目標是透過這次分享,讓 DevOps 團隊更深入理解 AI 在安全領域的潛力,並有效應對未來可能的 AI 驅動攻擊。
本次分享將展示我們開發的開源工具,並透過現場 DEMO,呈現 AI 如何從攻擊者轉變為 DevOps 安全顧問,協助開發與運維團隊加強防禦能力。
聽眾收穫: