Richard Lam, CD
Senior SecOps Engineer at Procurify- Claim this Profile
Click to upgrade to our gold package
for the full feature experience.
-
English Native or bilingual proficiency
Topline Score
Bio
0
/5.0 / Based on 0 ratingsFilter reviews by:
Credentials
-
Certified Information Security Manager (CISM)
ISACAJul, 2017- Sep, 2024 -
Certified Information Systems Security Professional (CISSP)
(ISC)²May, 2016- Sep, 2024 -
GIAC Python Coder (GPYC)
GIAC CertificationsJan, 2021- Sep, 2024 -
AWS Certified Solutions Architect – Associate
Amazon Web Services (AWS)Oct, 2021- Sep, 2024 -
AWS Certified Cloud Practitioner
Amazon Web Services (AWS)Feb, 2021- Sep, 2024 -
Security+
CompTIAJan, 2016- Sep, 2024 -
PRINCE2 Foundation and Practitioner
AXELOS Global Best PracticeJun, 2016- Sep, 2024 -
Secret Level Security Clearance (Level II)
Government of CanadaNov, 2015- Sep, 2024 -
National Lifeguard Service Recert - Pool
Lifesaving Society BC & Yukon BranchSep, 2002- Sep, 2024 -
Lifesaving Instructor Recert
Lifesaving Society BC & Yukon BranchMay, 2002- Sep, 2024 -
Aquatic Emergency Care
Lifesaving Society BC & Yukon BranchJul, 1995- Sep, 2024 -
AppSpider Enterprise / InsightVM / Metasploit Pro
Rapid7 -
Basic and Advanced Amateur Radio Operator
Industry Canada / Industrie Canada -
Bronze Cross
Lifesaving Society BC & Yukon Branch -
Bronze Medallion
Lifesaving Society BC & Yukon Branch -
CompTIA Linux+ (Powered by LPI) Certification
CompTIA -
ITIL v3 Foundation 2011
AXELOS Global Best Practice -
Sumo Logic Fundamentals
Sumo Logic -
Web Application Scanning
Qualys
Experience
-
Procurify
-
Canada
-
Software Development
-
100 - 200 Employee
-
Senior SecOps Engineer
-
Apr 2022 - Present
Implement native AWS Security controls to the Procurify environments. ● Implement AWS Client VPN via Terraform ● Deploy AWS Lambda to exerntal platforms for alerting via CDK ● Develop scripts to automate/scrape dependabot alerts across Github repositories ● Assist with ongoing development of security program via standard Cybersecurity frameworks (NIST/OWASP), best security practices and compliance standards (SOC2) Implement native AWS Security controls to the Procurify environments. ● Implement AWS Client VPN via Terraform ● Deploy AWS Lambda to exerntal platforms for alerting via CDK ● Develop scripts to automate/scrape dependabot alerts across Github repositories ● Assist with ongoing development of security program via standard Cybersecurity frameworks (NIST/OWASP), best security practices and compliance standards (SOC2)
-
-
-
Raymond James Ltd.
-
Canada
-
Financial Services
-
700 & Above Employee
-
Information Security Administrator
-
Oct 2021 - Apr 2022
● Implented test environment in AWS via Terraform. ● Built basic CLI interface to Pagerduty API. ● Maintained Linux Servers via Ansible. - Performed misc Security administration tasks as needed. ● Implented test environment in AWS via Terraform. ● Built basic CLI interface to Pagerduty API. ● Maintained Linux Servers via Ansible. - Performed misc Security administration tasks as needed.
-
-
-
Raymond James
-
United States
-
Financial Services
-
700 & Above Employee
-
Cyber Threat Analyst
-
Aug 2020 - Sep 2021
This section intentionally vague for security purposes. Secure all the things via: ● advise stakeholders of confirmed or potential vulnerabilities and provide remediation action(s) ● maintain observability for some security metrics using Python with Pandas/Plotly modules. Jointly maintain security and administration of deployment server for metrics dashboard ● champion security via process This section intentionally vague for security purposes. Secure all the things via: ● advise stakeholders of confirmed or potential vulnerabilities and provide remediation action(s) ● maintain observability for some security metrics using Python with Pandas/Plotly modules. Jointly maintain security and administration of deployment server for metrics dashboard ● champion security via process
-
-
-
Hootsuite
-
Canada
-
Software Development
-
700 & Above Employee
-
Information Security Developer
-
Jan 2020 - Aug 2020
-
-
-
City of Vancouver
-
Canada
-
Government Administration
-
700 & Above Employee
-
Acting Team Lead, Cybersecurity
-
2019 - 2020
-Prioritize and coordinate tasks for the Cybersecurity Team.-Champion cybersecurity as a culture for the organization.-Collaborate with teams to identify and remediate vulnerabilities within infrastructure.-Plan, budget, and propose new cybersecurity initiatives and training.-Improve overall organizational Cybersecurity score based on NIST CSF.-Assist in deploying a new SIEM platform.-Ensure PCI-DSS compliance is maintained, and security is applied to non-PCI infrastructure-Prepare cloud deployment framework and strategy. Show less
-
-
Cyber Security Analyst
-
2018 - 2019
-Identify critical risk to IT systems and infrastructure; develop and implement remediation action to reduce risk to an acceptable level.-Perform scheduled and ad-hoc vulnerability scanning.-Perform penetration testing and reporting.-Maintain awareness of zero-day vulnerabilities/exploits. Ensure out-of-band patching or alternative mitigation are actioned in a timely manner.-Participate in Incident Response as needed.-Collaborate with Enterprise Architects and PMO for security requirements on new initiatives.-Implement building blocks for an effective and resilient SIEM solution. -Advise on PCI related infrastructure and implementation. Show less
-
-
-
BC Hydro
-
Canada
-
Utilities
-
700 & Above Employee
-
IT Advisor, Cybersecurity
-
2018 - 2018
-Provide risk assessments for internal IT projects, applying thread models to identify potential gaps in security controls and recommending remedial actions or mitigations as necessary -Support NERC CIP compliance duties -Streamline workflows of various tasks through scripting solutions (perl/python/powershell) or third party software -Identify and implement corrective actions for current IT vulnerabilities across all business units as discovered -Identify critical risk IT systems and infrastructure to develop, implement, and maintain an on-going security test plan -Plan and coordinate on-going Security Testing program, which includes vulnerability management, vulnerability assessments and penetration testing Show less
-
-
-
PayByPhone
-
Canada
-
Technology, Information and Media
-
100 - 200 Employee
-
Security Engineer
-
2017 - 2018
-Perform internal network penetration and web application penetration testing -Maintain existing security infrastructure, as well as research & recommend new security initiatives including anti-virus, file integrity monitoring, SIEM, firewalls, IDS/IPS, email protection, and security awareness training -Maintain PCI-DSS compliance and identify steps to streamline the process -Actively maintain awareness of bleeding edge cyber attacks/vulnerabilities that may impact PayByPhone -Participate in security incidents as necessary -Write Perl and/or BASH scripts to perform daily security related tasks -Maintain internal security policies and procedures -Communicate information security technologies and trends to non-technical users within the organization Show less
-
-
-
KPMG Canada
-
Canada
-
Financial Services
-
700 & Above Employee
-
Consultant, Cybersecurity
-
2016 - 2017
-Internal / external network penetration testing and vulnerability assessments -Network and general IT security assessments and implementations, both physical and electronic -Provide cyber awareness training and education -PCI-DSS audit review -Forensic data analysis -Cyber Maturity Assessement -Python, BASH, Sed & Awk scripting for data analysis (regex) -Internal / external network penetration testing and vulnerability assessments -Network and general IT security assessments and implementations, both physical and electronic -Provide cyber awareness training and education -PCI-DSS audit review -Forensic data analysis -Cyber Maturity Assessement -Python, BASH, Sed & Awk scripting for data analysis (regex)
-
-
-
Canadian Armed Forces | Forces armées canadiennes
-
Canada
-
Armed Forces
-
700 & Above Employee
-
Army Communication and Information Systems Specialist (Reserve)
-
2002 - 2017
Primary Responsibilities: -Setup and maintain communications (HF/VHF/Satellite/Phone/Computer) -Maintain basic infantry battle standards, weapons handling, security protocols, chemical/biological/radiation attack prevention, and continue high level of personal physical fitness Additional Responsibilities: -Coordinate training schedule between unit training and members under my direct command -Liaise communication between the chain of command and to my subordinates -Mentor new members to the 39 Signals Regiment/Squadron as needed Show less
-
-
-
University of British Columbia
-
Canada
-
Health, Wellness & Fitness
-
Engineering Technician IV
-
2003 - 2016
-Electronics design via Altium Designer (schematic entry, multi-layer PCB layout, BOM) -Coordinate project scheduling, parts ordering, and testing between faculty and electronics lab -Provide guidance to students and faculty on basic electronics design, packaging, and parts procurement -Repair lab and test equipment -Setup, install, test various linux distributions as needed in the laboratory. ( Slackware, Fedora/CentOS and Ubuntu/Debian/Kali) -Maintain samba file server and ntp server -Maintain basic network security and DHCP server with pfsense firewall distribution to administer IP sharing for a network approximately 25 ethernet capable devices. (PC's, Test Equipment, Embedded Development Boards) -Remain current with latest embedded development boards, including Raspberry Pi, Embedded Arm Boards, and assorted microcontroller development platforms Show less
-
-
-
-
Lifeguard / Swim Instructor
-
1995 - 2004
-Taught Red Cross and Lifesaving Society Swimming Lessons to all age groups -Supervised and ensured safety of swimming patrons -Coordinated and communicated with with emergency personnel as needed -Documented incident reports as necessary for City of Vancouver records -Taught Red Cross and Lifesaving Society Swimming Lessons to all age groups -Supervised and ensured safety of swimming patrons -Coordinated and communicated with with emergency personnel as needed -Documented incident reports as necessary for City of Vancouver records
-
-
-
NxtPhase T&D Corp
-
Appliances, Electrical, and Electronics Manufacturing
-
1 - 100 Employee
-
Electronics Technologist
-
2002 - 2003
-
-
-
Norsat International
-
Canada
-
Telecommunications
-
1 - 100 Employee
-
RF Technician
-
2001 - 2002
-
-
-
PMC-Sierra
-
Semiconductor Manufacturing
-
300 - 400 Employee
-
Electronics Design Technologist
-
2001 - 2001
-
-
-
VTech Technologies Canada Ltd.
-
Canada
-
Computers and Electronics Manufacturing
-
1 - 100 Employee
-
ESD/EMC Technician
-
1997 - 1998
-
-
Education
-
British Columbia Institute of Technology
Electronics Engineering Technology - Diploma, Telecommunications Option w/ Co-op Option -
Vancouver Community College
Electronics Common Core & Telecom Option (Defunct)