Profiles search
Shun Yang
Information Security Associate @ BOC | MSSI @ JHU 22'
New York, NY, United States
Details
Experience:
2023 : Present
Bank of China
Information Security Associate
· Worked under Dr. Avi Rubin and Dr. Mike Rushanan
· Supported ECG-analysis medical platform on AWS certificate FDA Pre-market Approval following FDA guidance. Managed Cloud Security by performing threat modeling and cybersecurity threat assessments with AWS CLI, Scout Suite and S3scanner.
· Protected PHI/PII stored on AWS following HIPAA compliance. Provided Data Security by setting up back up, encryption solution etc. in AWS Config file and fixing more than 10 healthcare data leakages and privacy threats.
· Designed and executed over 50 cybersecurity test cases on IoT medical devices to improve IoT Security posture. Analyzed IoT network protocols with Brup Proxy, Nmap, and Netstat for penetration testing, fuzzing, and SAST/DAST; Analyzed OS, firmware and data files with Lynis, binwalk, Ghidra, Nessus and OWSAP dependency track by performing code review, reverse engineering and software composition analysis; Mitigation proposed for every failed case based on CVSS scores.
2022 : 2022
Harbor Labs
Network Security Engineer
At Cyber Security Research Center :
· Designed Secure REST APIs by implementing data encryption and signatures using TLS (Transport Layer Security), and implemented secure web application with Springboot to handle 1000+ users simultaneously.
2020 : 2021
Harbin Institute of Technology
Software Engineer
· Mitigated one encryption risk issue to support TEE (Trusted execution environment) to secure phone’s Operating System. Performed black box penetration tests on iTrustee with Lynis and reversed it using Ghirda.
· Performed Vulnerability Research on CVE-2018-11976 to protect phones from Side Channel Attacks. Assessed the effectiveness of EularOS kernel, researched and reproduced vulnerabilities, and produced a security report including detailed attack process, results, and mitigation advice.
2019 : 2019
Huawei
Security Engineer
Bank of China
Information Security Associate
· Worked under Dr. Avi Rubin and Dr. Mike Rushanan
· Supported ECG-analysis medical platform on AWS certificate FDA Pre-market Approval following FDA guidance. Managed Cloud Security by performing threat modeling and cybersecurity threat assessments with AWS CLI, Scout Suite and S3scanner.
· Protected PHI/PII stored on AWS following HIPAA compliance. Provided Data Security by setting up back up, encryption solution etc. in AWS Config file and fixing more than 10 healthcare data leakages and privacy threats.
· Designed and executed over 50 cybersecurity test cases on IoT medical devices to improve IoT Security posture. Analyzed IoT network protocols with Brup Proxy, Nmap, and Netstat for penetration testing, fuzzing, and SAST/DAST; Analyzed OS, firmware and data files with Lynis, binwalk, Ghidra, Nessus and OWSAP dependency track by performing code review, reverse engineering and software composition analysis; Mitigation proposed for every failed case based on CVSS scores.
2022 : 2022
Harbor Labs
Network Security Engineer
At Cyber Security Research Center :
· Designed Secure REST APIs by implementing data encryption and signatures using TLS (Transport Layer Security), and implemented secure web application with Springboot to handle 1000+ users simultaneously.
2020 : 2021
Harbin Institute of Technology
Software Engineer
· Mitigated one encryption risk issue to support TEE (Trusted execution environment) to secure phone’s Operating System. Performed black box penetration tests on iTrustee with Lynis and reversed it using Ghirda.
· Performed Vulnerability Research on CVE-2018-11976 to protect phones from Side Channel Attacks. Assessed the effectiveness of EularOS kernel, researched and reproduced vulnerabilities, and produced a security report including detailed attack process, results, and mitigation advice.
2019 : 2019
Huawei
Security Engineer
Company:
Bank of China
Spoken Language:
Chinese, English
About
- Information Security Associate at Bank of China, NY
- M.S. in Security Informatics at Johns Hopkins University
- B.E. in Information Security at Harbin Institute of Technology
Profile Photo
