Nipon Nachin has over 16 years of working experiences. Prior to joining ACIS, he started his career as a developer in telecommunication industry. He also had experience in system administration. Since 2006, he has joined ACIS during which he has been involved in a number of information security related projects such as penetration testing, computer forensic and ISMS implementation. He is proficient in the areas of information security, penetration testing, forensics, secure software lifecycle, mobile security and industrial control security.
- Master of Science, Chulalongkorn University
- Bachelor of Science, Khonkaen University
- Part-time Lecturer, Chulalongkorn University
- Part-time Lecturer, Rangsit University
- Honorary Advisor, Thailand Information Security Association
- Certified Information Systems Security Professional (CISSP)
- Certified Information Systems Auditor (CISA)
- ITIL Expert Certificate in IT Service Management
- Certified Secure Software Lifecycle Professional (CSSLP)
- Certified Fraud Examiner (CFE)
- GIAC Mobile Device Security Analyst (GMOB)
- GIAC Reverse Engineering Malware (GREM)
- GIAC Web Application Penetration Tester (GWAPT)
- Certified Information Security Manager (CISM)
- Systems Security Certified Practitioner (SSCP)
- Performed penetration testing to evaluate the security and defensive mechanisms of an IT infrastructure which may exist in operating systems, service and application flaws, improper configurations, risky end-user behavior and made pragmatic recommendation for improvement. Areas of testing were typically including servers, endpoints, web applications, wireless networks, network devices, mobile devices and other potential points of exposure.
- Performed forensic in accordance with international standard and leading practice to pertain the evidence in computers and digital storage media to identifying, preserving, recovering, analyzing and presenting facts and opinions about the information. Evidence and audit trail can be used legally in fraud and dispute investigation.
- Established information security management system (ISMS) or part of information security management program in accordance with international standard and leading practice such as ISO 27001 which key components including risk assessment process, risk treatment process, control design and implementation.
- Conducted training to clients in the areas of information security or related (e.g., assurance, cloud computing and big data, forensics, governance risk and compliance, information security, project and program management and software security).