With frequent childhood moves, Hao-Wei Chen had to learn how to adapt from an early age. He frequently experienced culture shock while attending different schools to accommodate his father’s career shifts, having to learn new languages alongside his regular studies.

Chen’s introduction to the security field came when he was 17. Working as a developer and security tester, he launched the educational website Hacker.org.tw in Taiwan. Chen would ethically inform organizations of bugs located on their websites.

“There was one nonprofit organization that didn’t know how to fix the bug I reported. I consulted with them through phone calls, emails for a couple of weeks,” Chen says. The consultation landed Chen in a bit of trouble, as the organization doubted his original intentions of looking into the website. Once it was proven that Chen was attempting to do a good deed, the scrutiny went away and paved the path for him to pursue cybersecurity as a career.

BUILDING A SECURITY TEAM FROM THE GROUND UP

Chen moved to the U.S. to study cybersecurity at Carnegie Mellon University (CMU). Following graduation, Chen joined Amazon in 2014 as an Incident Response Engineer. Chen’s role included working within the “blue team” to protect the company from threats. Chen then switched to attack and research, and then moved to product security and investigations.

While working at Amazon, Chen advocated for creating a bug bounty program. Based on his own struggles from ethical hacking, Chen wanted to create a safe space for people to report security issues without fear of persecution. It was a challenge especially during the inception stage as Chen lacked resources. Chen conducted in-depth research and created data-driven justification to promote his idea. He relayed his pitch across leadership positions, eventually gaining access to funding to begin building out a team.

“When we eventually got the green light from a retail CEO, I built out a team from one to 10 people and then to launch Amazon’s first public bug bounty program. I didn't give up because that was something I really wanted to do. It was not only for the company, or company’s customers, but the global security community,” Chen says.

Chen currently serves as the Director of Information Security at Audible, a position he took in August of 2023. Chen found that his previous Amazon positions provided him with the necessary skills to thrive. His role involves protecting company and consumer data. This includes building security best practices as well as incorporating security into the products themselves. In addition to prevention, Chen’s role involves responding to incidents and creating plans to avoid them in the future.

“Our job is to safeguard customer data, and ensure the trust customers put in us. We wanted to ensure that customers could use our products securely, and they’re confident in our websites and our products,” Chen says. This management includes dozens of devices, including those owned by subsidiaries. Chen emphasizes the importance of understanding the scope of his work and the threats he needs to be aware of.

THE IMPORTANCE OF MULTINATIONAL SECURITY PARTNERSHIPS

Chen holds a lot of pride for his home of Taiwan, using his knowledge and skills to collaborate with public and government.

“I learned security because of the geopolitical cyberattacks I was witnessing. I was actively participating on the advisory roles for public sectors in Taiwan. I was their cyber advisor for the Ministry of National Defense from 2021 to 2023, which is the ministry equivalent to the DOD. I also contributed to the National Security Council. There, I gathered experts from overseas to help consult on security-related issues, research, policy analysis and even technical reviews for the top decision-maker of the Taiwan government,” Chen says.

In addition to government partnerships, Chen also works closely with nonprofits. One organization he works with is the NEX Foundation, a nonprofit established in Seattle and Taipei. Chen worked to secure funding, build online products to provide mentorship and education opportunities. The organization provides career advice for students, including cybersecurity study groups for prospective security leaders.

One organization Chen is incredibly proud of is the Taiwan International Foundation based in D.C. The organization is focused on sharing Taiwanese culture and history with the public.

“I feel that there are a lot of gaps in terms of global understanding of Taiwan. Eventually, the Foundation’s goal is to establish the first ever physical museum in D.C., with Taiwan as the focus. I wanted to take on some security issues through different angles, such as education, and cultural attempts,” Chen says.

Looking to the future, Chen advises security leaders to continue to make threat actors’ lives harder. Cyberattacks aren’t 100% avoidable, but security leaders can work to continue to reduce the chances of an attack.

“I would say one difficult part of being in this industry is that we need to advance ourselves as well. We need to understand the latest threats, the attack surface, what tactics and procedures are leveraged by actors. We need to understand their motivations and the latest kind of technologies that they may be using. We need to be able to innovate or enact countermeasures in order to raise the bar,” Chen says.