Jihoon Gong

Name: How a Solo Startup Security Officer Builds ISMS with Minimal Cost & Maximum Efficiency
Start: 2025-12
Location: 29th Hacking Prevention Workshop

Security Compliance Engineer

Building pragmatic information security frameworks in Cloud Native environments

View Portfolio Get in Touch

About

Experienced information security professional across specialized firms, government agencies, financial institutions, e-commerce, and startups. Committed to building pragmatic security frameworks that consider service, operations, and development holistically.

Continuously researching AWS and Kubernetes security, aiming to become a leading Security Compliance Engineer.

As the sole security officer at a Series B startup with 300 employees operating an e-commerce platform in a Cloud Native environment, I prepared and achieved ISMS/27001/27701 initial audits from scratch without consulting — with particular strengths in building information security management systems tailored for AWS and Kubernetes.

ISMSISO 27001CompliancePolicy AutomationAWS SecurityKubernetes

Experience

Rapo Labs

Security Engineer

Information Security TeamMar 2023 — Present

Built and operated information security management system
Implemented personal data protection regulatory measures
Prepared and achieved ISMS initial audit certification
AWS / EC2 vulnerability assessment
Introduced and operated security solutions

ISMSAWSK8sCompliance

Greenlabs

Security Engineer

Information Security TeamSep 2022 — Mar 2023

Built and operated information security management system
Implemented personal data protection regulatory measures
Prepared ISMS initial audit

ISMSCompliance

KakaoBank

Manager

IT Self-Audit TeamJun 2022 — Sep 2022

Established big data utilization standards
Third-party deployment verification
Ledger change management

AuditFinTech

Financial Security Institute

Assistant Manager

FinTech Evaluation TeamSep 2019 — Jun 2022

Open banking fintech security inspection
Robo-advisor system security assessment
Fintech new technology security evaluation

FinTechSecurity Assessment

KISA

Researcher

Security Operations CenterJun 2018 — Aug 2019

Security monitoring and malicious traffic detection for private enterprises
Organized security operations council
Dark web analysis

SOCThreat Intelligence

SK Infosec

Engineer

Network SE TeamSep 2011 — Sep 2012

Firewall (Cisco, Juniper) and IPS (IBM) deployment
Incident troubleshooting

Network SecurityInfrastructure

Portfolio

Overview

I have experience building an entire enterprise security framework from scratch — from achieving security certifications (ISMS/27001/27701) to establishing policies, compliance response, security solution deployment, and automation — and embedding it as organizational culture. Through a pragmatic approach and communication-based collaboration, I designed security to be a foundation for growth rather than an obstacle.

Key Achievements

ISMS / 27001 / 27701 Initial Audit Preparation & Certification

Achieved ISMS initial certification within 15 months as sole security officer
Passed with only 6 minor findings; received MSIT Information Security Commendation
All certifications obtained independently without external consulting

Information Security Policy Development & Operations

Established and applied 17 information security policies and guidelines company-wide
Built AWS IAM permission matrix and management framework
Enhanced security posture and employee satisfaction through pragmatic policy design

Compliance Response

Met legal requirements while maintaining service conversion funnels
Resolved ICT Network Act violation with zero penalties and built prevention systems
Derived practical improvements through regulatory authority consultations

Service Security Review Systematization

Established pre-deployment security review process for features and infrastructure changes
Cultivated a culture where POs and engineers proactively consult the security team
Built security checklists based on compliance standards, CIS benchmarks, and CSP best practices

Security Compliance Engineering

Built zero-trust architecture using GWS and Keycloak
Built automated system access block/unblock for non-compliant endpoints
Automated onboarding/offboarding security workflows using Python

Cloud & Infrastructure Vulnerability Management

Managed AWS vulnerabilities via Prowler and Security Hub
Automated vulnerability scanning and remediation across hundreds of EC2 instances using SSM Run Command
Built cloud security monitoring system using Cloud Custodian

Security Tool Development with Open Source & Vibe Coding

Managed GitHub secret leaks using TruffleHog
Self-developed compliance tools leveraging AI

Self-Developed Tools

AWS Security Group Review Dashboard
GWS Spam Email Cleanup Tool
AWS Security Vulnerability Scanner for ISMS Compliance
GitHub Org & Member Public Repo Scanner
Google Sheets Sharing & Access Permission Scanner/Remediation Tool

Core Competencies

End-to-end security policy, certification, and compliance managementCompany-wide security culture evangelism and process internalizationHands-on experience in building security frameworks and automationLeadership grounded in collaboration and communication skills

See the Full Story

Explore the background, role, results and lessons behind each project.

View Details

Speaking & Community

Talks & Lectures

How a Solo Startup Security Officer Builds ISMS with Minimal Cost & Maximum Efficiency

2025.12.29th Hacking Prevention Workshop

Slides

Security Compliance Engineer: Real-World Startup Security Certification

2025.09.OWASP Seoul Chapter

Slides Watch Video

How to Successfully Achieve ISMS Certification Using Open Source in Cloud Native Environments

2025.03.AWS Unicorn Day 2025

Watch Video

Security Group Review Dashboard: Development & Usage

2026.02.AWSKRUG Security Meetup

Slides

ISMS Certification with Open Source in Cloud Native (Extended)

2025.03.AWSKRUG Security Meetup

Slides

A Security Compliance Engineer's Kubestronaut Journey

2024.11.AWSKRUG Security Meetup

Slides

Zero Trust Endpoint Architecture on a Minimal Budget

2024.06.AWSKRUG Security Meetup

Slides

Web Hacking Theory & Hands-on Lecture

2015.04.Hanse Cybersecurity High School

Challenge Design & Competition Management

2014.12.Hack The Packet

Network Security Theory Lecture

2014.02.Securityplus Union Academy (SUA)

Packet Analysis Know-How Presentation

2013.11.KUCIS (Korea University InfoSec Club Alliance)

Community

AWSKRUG Security Meetup

Organizer

Mar 2025 — Present

Active

KITRI White Hat School

Mentor

Aug 2023 — Present

Active

Certified

Certifications

security

ISMS-P Auditor

KISA

2024.12.

Information Security Engineer

HRD Korea

2018.06.

IT Security Product Evaluator

KISA

2015.07.

CPPG (Certified Privacy Protection General)

Korea CPO Forum

2014.05.

CISSP Associate

(ISC)²

2012.10.

kubernetes

Kubestronaut

CNCF

2024.09.

Kubernetes and Cloud Native Security Associate

CNCF

2024.09.

Kubernetes and Cloud Native Associate

CNCF

2024.08.

Certified Kubernetes Security Specialist

CNCF

2024.05.

Certified Kubernetes Application Developer

CNCF

2023.09.

Certified Kubernetes Administrator

CNCF

2022.12.

general

AWS Certified Solutions Architect Associate

Amazon Web Services

2022.05.

Information Processing Engineer

HRD Korea

2018.05.

CCNA

Cisco

2012.07.

Awards

Information Security Merit Award

Ministry of Science and ICT

2024.12.

White Hat School Appreciation Award

KITRI

2024.03.

Army Cyber Defense Competition Excellence Award

ROK Army HQ

2016.04.

Best of the Best 3rd Cohort — Top 30

KITRI

2015.02.

Projects

Contact

Feel free to reach out for collaboration, speaking, or opportunities.

LinkedIn Blog GitHub Email

Jihoon Gong

About

Experience

Rapo Labs

Greenlabs

KakaoBank

Financial Security Institute

KISA

SK Infosec

Portfolio

Overview

Key Achievements

ISMS / 27001 / 27701 Initial Audit Preparation & Certification

Information Security Policy Development & Operations

Compliance Response

Service Security Review Systematization

Security Compliance Engineering

Cloud & Infrastructure Vulnerability Management

Security Tool Development with Open Source & Vibe Coding

Core Competencies

See the Full Story

Speaking & Community

Talks & Lectures

How a Solo Startup Security Officer Builds ISMS with Minimal Cost & Maximum Efficiency

Security Compliance Engineer: Real-World Startup Security Certification

How to Successfully Achieve ISMS Certification Using Open Source in Cloud Native Environments

Security Group Review Dashboard: Development & Usage

ISMS Certification with Open Source in Cloud Native (Extended)

A Security Compliance Engineer's Kubestronaut Journey

Zero Trust Endpoint Architecture on a Minimal Budget

Web Hacking Theory & Hands-on Lecture

Challenge Design & Competition Management

Network Security Theory Lecture

Packet Analysis Know-How Presentation

Community

AWSKRUG Security Meetup

KITRI White Hat School

Certified

Certifications

ISMS-P Auditor

Information Security Engineer

IT Security Product Evaluator

CPPG (Certified Privacy Protection General)

CISSP Associate

Kubestronaut

Kubernetes and Cloud Native Security Associate

Kubernetes and Cloud Native Associate

Certified Kubernetes Security Specialist

Certified Kubernetes Application Developer

Certified Kubernetes Administrator

AWS Certified Solutions Architect Associate

Information Processing Engineer

CCNA

Awards

Information Security Merit Award

White Hat School Appreciation Award

Army Cyber Defense Competition Excellence Award

Best of the Best 3rd Cohort — Top 30

Projects

AWS Security Assessment & Configuration Guide

Contact