Sign in

Information Security Project

Irvine, CA
June 27, 2018

Contact this candidate


Hiroyuki Ochi POBox ****, Laguna Hills, CA 92654 949-***-****

Professional Competencies:

Software/System Engr Specialist

Cyber-Security & Physical Security

TQM, Toyota Way, Kaizen, Lean

SOX, PII, ISO, NIST Compliance


Unique Project Mgt


Risk Mgt, IT Auditing, Privacy

Global Business Development

Global Business/IT Solution

Enterprise (Security) Architecture

Software/System Quality Metrics

Integrated Data/System Mgt

Requirements Analysis

Software Localization

Global Teaching/Training

Global Strategic Plan

DR, Business Resiliency


1.First in the World (Combination of the Enterprise Architecture and Systems/Software Quality Metrics Measurement from the Requirements Analysis Phase on since 1981 ): Keys are to identify goals, risks and requirements and to define what the enterprise business (as-is and to-be) architectures, information systems (as-is and to-be) architectures, technology (as-is and to-be) architectures and security (as-is and to-be) architectures from business, IT, security, risk, compliance and governance perspectives accurately first before determining how to solve the issues and to achieve the goals with the most suitable technology solution(s) and with the appropriate strategic plan and the tactical plans for transformation, integration, consolidation, modernization and globalization initiatives in order to reduce resources requirements, time frame, laws, regulations, industry standards and various risks.

2.Discussed information security subject with senior executives of Toyota Motor, and many high-tech firms, services and manufacturing firms for their global, long-term strategies including current telematics and IoT applications since middle of 1980s. Then, managed enterprise security (as-is and to-be) architectures development and IAM (Identity and Access Method) projects management experience from 1995, an adviser to Cylab of Carnegie Mellon University, IPA (Japanese counterparts of US DARPA), Japan Information Security Association, auto industries, NTT Data, NRI Security, etc. for all security domains for 20 years. I also advised and helped established information security group within IT department in many large organization since early 1990 and helped operated it well.

3.Management Consultant since early 1980s when I became an adviser/consultant to president of Toyota Motor, US headquarters and then senior executives (chairmen, presidents, CxOs, VPs, Directors) of many large high-tech, manufacturing and service organizations and governmental agencies in the US and Japan. I advised in the business and IT operational strategies, transformation, consolidation, integration, and globalization initiatives of various large organizations as well as compliance, governance, security risks and other risk management areas by training IT executives and other professionals from various perspectives, and by helping them run these groups within their IT, legal and/or senior manager’s office/department with appropriate policies, standards and guidelines as well as industry standards as needed. My uniqueness is to define and measure quality metrics to make sure that the artifacts meet the project goals properly.

4.I taught top-down systems approach, systems/software quality metrics measurement, project management, information security, “compliance, governance and risk management” subjects as well as differences of Japanese and American business practices in various organizations, universities and professional conferences and seminars and helped establish the group and implement “know-how” in many large organizations globally for the past 30 years.

5.I have many influential contacts in many large organizations in the US, Japan and some globally to establish the appropriate combination of security products and services to reduce risks. I helped large organizations set up the best combination of the security and safety protection measures by persuading the top executives, CIO, CISO, etc. I also helped fill the gaps among CEO, Chairman of the Board, COO, CFO, CMO, etc. and CIO, CISO and other technologists to coordinate and collaborate the area of technology solutions, safety, security, compliance and governance activities for the best interest of the firms.


The enterprise current business status and the future business goals were accurately and clearly identified, that both business units, cybersecurity, risk management and IT services could focus on achievement of the same enterprise goals jointly with clear understanding of strategic direction, options and risks as well as fair and objective assessment of the “content” and efforts to achieve the goals from the initial phase on to insure the quality artifacts for the senior executives from business, IT, security and risk perspectives. These are some key differences from everyone else in which almost all projects lack accurate definition and metrics measurement from initial phase. Then, I assigned the appropriate priorities, designed and implemented the strategic and tactical plans within the specified scope under the given conditions throughout the project lifecycle. In other words, additional advantage over the competitors has been to define and measure quality metrics from the initial phase on, in order to assess and correct deviation for the quality project progress from initial phase on, as well as the quality end-artifacts’ content at the end of the project to satisfy senior executives, project sponsors and stakeholders. I trained this method, applied it in their pilot project(s), established the group and implemented it to solve their outstanding issues with appropriate strategies and to achieve the goals. The project includes IT, security, safety and all kinds of strategic business projects for senior executives.

Strategic Plans:

Since the method is so flexible and adaptable to take care of different problems and issues, it was used to develop the national IT human resources strategic planning, national IT strategic planning, national information security strategic planning and eGovernment project issues for Japanese government. I also developed various business visions and goals of large global organization, the global IT strategic planning and tactical planning and then define the enterprise security (as-is and to-be) architectures from the enterprise security perspective and various reference (as-is and to-be) architectures accurately as the basis for transformation, integration, consolidation, modernization, update and other initiatives/projects. Since I introduced many emerging technologies, standards to large organizations since 1980s, I helped organize and operate the new groups within the IT department for taking care of compliance, safety, governance, risk, security, other new technology products and services, lean, Kaizen and other continuous improvement programs well.

Highlight in Information Security

Acquired unique combination of the leading US software engineering technologies and Japanese manufacturing environment from Toyota Motor, high-tech firms, and others; very flexible, versatile, business, IT and security quality assurance skills were applied to solve senior executives’ global business, IT, compliance and security issues.

Advised and guided board members and senior executives of large organizations and governmental agencies to understand and be prepared for the enterprise to protect assets of the organizations by establishing and enforcing the corporate security and compliance policies, standards and guidelines as well as information security, risk management and assurance activities. Chaired the corporate Executive Security Steering Committee on behalf of the top executive; the committee is responsible for establishing guidance, priorities, and funding of all major security and other risk initiatives.

Many years of experience with the very large corporations across multiple industries (60% manufacturing 35% service industries 5% others): 25 years of information security, 30+ years of enterprise architecture, compliance, governance and risk management and 35 years of unique program/project management with quality metrics measurement. Largest project had 5,000 IT professionals working on nation-wide telecom software development for 3 years as a “shadow” project director/advisor. Managed up to $40M budget security and compliance project and staffs up to 125.

Superior execution of cyber security vision “in action” by defining the enterprise security (as-is and to-be) architecture framework and astute awareness of what is current in the cyber security realm and applying that knowledge to many large organizations thru executable strategic and tactical plans for 20 years to achieve the security protection as much as possible for Japanese government and other large organizations.

Significant and diverse experience within a full range of industries in the areas of design & implement information security and compliance programs in start-up, evolving & mature operational modes while managing or mentoring diverse global teams in the US, Asia and Europe in large global organizations.

Advised, mentored and led the internal and external business partners in security, compliance, governance and other risk prioritization decisions and implementations. Lead highly skilled business partners with strong business operational leadership and strategic program management experience in IT, compliance, risk and security test and security auditing.

Led several, large global IT risk, compliance and security improvement programs with budget of $20M to$40M and staffs up to 60 professionals.

Positioned security as an essential business driver for global business operational investment for large organizations with standardized security processes for across all functions of the business; Encouraged and helped obtain ISO 27001 compliance and Certification with appropriate strategies as well as Japanese rigid privacy laws in addition to PCI, PII, COSO, COBIT, GLBA, NIST, ISO, SOX, HIPAA compliance.

Advised and implemented “secure” software to Japanese high-tech firms and many large firms; Advised and helped implement various cyber-security tools for large to medium size companies in Japan including APT, IDS/IPS, log diagnosis, authentication/authorization, vulnerability/penetration testing, and forensics, real-time behavior monitor, etc., hardware, software and services.

Keep track of latest cyber-security situation (Protect from Advanced Persistent Threat, clouds, big data and analytics environment) globally by advising large organizations what/how to protect themselves.

Implemented Japanese and Korean security products including software protection tools of SSL cracking malware, biometrics (palm blood vein, retina, facial shape and features, and other biometrics) access methods, single-sign-on identity and access management, etc.

Promoted US and Israel behavioral, real-time intelligent monitoring systems, protection systems of “Bring Your Own Devices” with appropriate security policies and standards.

Earned “TRUST” from top executives to adopt ISO 27000 (17799) series and/or NIST information security standards in their organization proactively, and obtained ISMS certificate with HTTPS as a minimum environment.

Advised and managed to implement the retina, facial, blood vein pattern, voice, etc. recognition embedded software as well as physical and logical security products (smartcard, etc.) and services (PaaS, SaaS, etc.) as the global security standards for large organizations; i.e., implemented various multi-layered authentication and authorization systems.

Current advices: Use smartcard, two-factor authentication, Transport Security Layer instead of SSL, lattice based cryptography, HTTPS, pervasive identification and authentication, appropriate event log volume system, and appropriate privacy and compliance features and functions to avoid security technology obsolescence.

My advantages over PMP/PMI certificate holders and TOGAF, Zachman Framework, DoDAF, etc. architects:

(a) I define scope, goals, quality metrics and how to measure them from the initial phase to reduce cost, other resources, and risk. (b) I define WHY model, WHAT (as-is and to-be) models first before discussing, evaluating and designing HOW models in order to select the best choice of solving the issues and achieving the project goals. (c) The top down systems approach assures that the business requirements are totally considered before selecting the best technologies used in the project. (d) The top down systems approach can trace all business requirements from the top level image to the bottom level completely and vice verse, the business requirements traceability from the bottom level to the top level are easily managed without changing scope, goals and quality metrics under the given conditions. (e) I can identify all potential risks including business functions, business processes, security, people, technology and data early enough that the project risks can be controlled under the given conditions. (f) I have practiced this method as the best way to manage almost all projects for 30 years.

Liaison Work and Global Project Expert:

Because of global IT and business solution service experience for 30 years, I solved various critical enterprise issues with thorough understanding in pros and cons of Japanese, US and European business environments, business practices, different ways of thinking, culture, behavior, etc. Solved critical local issues and the global issues for senior executives and IT executives of global businesses where the issues are beyond the technical issues with appropriate human-centric, network-centric approach under given risk and security concerns, especially in the area of integration of global operations, M&A, transformation of operations.

Localization Projects Management:

Managed several PC software package localization project to Japanese. The largest localization project budget was $5.5million in which I took over it from corporate project to manage local Japanese vendors to satisfy IBM Japan to sell it after proper localization of software, marketing and sales materials.

Adviser to President, CIOs, CEOs, COOs, CFOs, CMOs, CSOs:

Using the top-down systems approach, I advised, guided the top executives to describe their vision and goals, their subordinates to develop them into more concrete goals and down to the lower level managers who in turn develop their goals that could be converted to more productive business processes, technology, data and people goals under the given conditions. I also helped solve their global business issues such as transformation, integration, consolidation, modernization, etc. I advised CIO, directors of IT to develop their goals in short and medium terms as well as to align IT service activities to expectation, wants and goals of various business units, that are based on the mutually agreed quality metrics measurement for large organizations in the US and Japan as well as I managed about 75 IT professionals as CIO of Corcion LLC to demonstrate my leadership skills and management. I advised what and how of business architecture, information architecture, and technology architecture for over 30+ years, and added the enterprise security architecture, other architectures, and how they could take advantage of this enterprise architecture concept to consider their issues logically and systematically, especially in the area of data breach/leakage and other cyber-security issues in the past 20 years.

Enterprise Architecture with Quality Measurement:

Train and mentor senior executives, IT executives, IT and business professionals to define goals, requirements, assumption and conditions, functions, processes, data, people and technology in the balanced way within the specified scope from the top level “big picture” down to the bottom concrete details to achieve the goals and/or to solve problems.

Define the “true” motives of the project investment with WHY-model first, define vision, goals, requirements within the specified scope under the given conditions to achieve goals with WHAT-model from the business perspective, the system’s perspective, the technology perspective and the security/risk perspective, choose the most suitable technologies to achieve the goals with HOW-model in terms of the strategic plan and the tactical plans including roadmaps, resource allocations.

Define and measure the quality metrics measurements from the initial phase on to keep track of items of concerns by stakeholders and project team jointly for productive project progress and measurement of quality artifacts at the end to insure the successful completion of the project. Almost all projects lack to measure quality content of the project goals as nobody knows what and how to measure them and satisfies with keeping track of resource allocation and expenditure which are only the small part of the “appropriate metrics.” Then, I start the PDCA cycle program to improve the performance continuously to its end of the lifecycle.

Applied to solve various top and senior executives’ critical business issues such as strategic planning, sales and marketing strategies, enterprise resource planning, transformation of the organizations, consolidation of various functions domestically and internationally, integration of multiple organizations and division into consolidated, slim organization, modernization of the business, IT and information security operations, Applied to solve very complex, difficult IT related issues for the global scale and domestic level IT projects for CIOs and CISOs by aligning IT services to business goals, business requirements, wants, expectations and desires, etc. Applied to rescue various troubled SAP, Oracle and other software packages’ implementation projects domestically and internationally such as integration of two separate applications used in two different countries into one consolidated package. Applied to determine the most suitable new technology selection and implementation projects in many different industries.

Organization Compliance, Governance and Risk:

Managed to integrate two entirely different manufacturing systems used in the US and Japan into one common system which is compliant to SOX, J-SOX, PCI, PII, GLBA, ISO, NIST, COSO, COBIT, HIPAA, etc.; Advised personal liability issues of SOX to top executives of large organizations and helped comply with various regulations (SOX, HIPAA, GLBA, PCI, PII, FISMA, ISO, NIST, etc.) and helped resolve risks involved in many IT system procedures and business processes. Discussions of HIPAA, GLBA, PCI, and PII impacts over the interstate hospital and financial institution operations and risk management for privacy and other issues involved with compliance and law specialists. Top-down Systems Approach helps top or senior executives’ critical management information disseminated to the lowest level accurately and completely with the business architecture for governance and risk management; The method helps management identifies, analyzes, decides and responds to various risks (technology, financial, security, compliance, infrastructure, vendors, contractors, etc.) for risk management; The method helps identify the compliance to laws, regulations, contracts, strategies, enterprise policies, standards and guidelines, as well as potential costs of non-compliance, etc., for all different industries because of accurate and clear definition of the business operations to achieve the business goals.

Industries Experience in some details:


Knowledge/Experience of Pros and Cons of US and Japanese TQM business practices to perform, JIT, Kanban, lean, Kaizen, empowerment, the best practices with PDCA cycles for the best transformation activities in US, Japan and Korean automobile industries. Keep track of latest cyber-security situation (Protect from Advanced Persistent Threat) globally by advising automobile firms what/how to protect themselves; Advised to adopt the best possible Japanese and Korean “identity access management” security products including software protection tools of SSL cracking malware, blood vein, retina, facial shape and feature, and other biometrics systems, single-sign-on, etc., for automobile use. I advised and recommended to adopt certain project management, software engineering methods, software products (3D tools, master records repository, etc.) and services to the Toyota group, Nissan, Mitsubishi Motor, Hyundai Motor, etc. I also advised GM, Ford, Chrysler to adopt the Toyota Way with the top-down systems approach. Since I worked on integration of various cyber-security and RFID application area, I was involved in Internet of Things for telematics and security applications research and advised potential business opportunities.

I helped Denso, Tokai Rika and Toyota acquire and learn some aspects of project management and applications development approaches as they asked my advices for their issues and concerns. I was an adviser to Mr. Togo, president of Toyota Motor Car Sales, USA Inc. in mid-1980s, and advised various business and IT related issues and his US business vision and concerns. In addition, I discussed/advised some technology and American/Japanese business practices, cultural and people issues with Honda executives (Mr. Irimajiri and IT executives), and Nissan (Mr. Kurihara, CIO, etc.), and senior executives of Isuzu, Mazda, Fuji Heavy Industries, Kawasaki Heavy Industries, Suzuki, Mitsubishi Motor, GM, Ford, Chrysler, etc. in the US and Japan.

I researched automobile security and safety using the latest IT telematics applications including Internet of Things for various communication channels within automobile and with outside communications, since mid-1980s when wireless telecom applications to an automobile were considered. Car entry, wired automobile commands and controls system based on the warship concepts, telecom safety and security to/from outside, safety and communication between an automobile to/from outside environmental entities ( GPS, roads, people, building, weather, infrastructure, rules and regulations, others, etc.), on an off as I received a special assignment from high-tech and automotive companies.

Other high-tech, consumer-goods and other manufacturing:

Since I introduced two leading Department of Defense software engineering technologies to Japan upon mastering them at Northrop as a project manager of the integrated manufacturing system and at another firm where I developed the software quality metrics measurement method, many large to medium size manufacturing firms including as Toyota Motor, Honda, Nissan, NEC, Hitachi, Toshiba, Panasonic, Mitsubishi Electric, Sony, Hyundai, LG, their Tier-1 and Tier-2 manufacturers asked my advices, training, implementation of emerging technologies and supported them to adopt these and other technologies. I helped them transform, consolidate, integrate, modernize their expanding manufacturing, distributing, and selling their products and services globally with expanding their various application systems from mainframe to the latest software tools, products and services in various platforms using Top-down Systems (Enterprise Architecture) Approach as well as protecting the enterprise assets from cyber-attacks and cyber-criminals.

Financial area:

I applied this top-down systems approach to improve subsidiary IT organizations of banks, mortgage bank and other financial institutions, insurance, etc. by transforming the way to manage various projects using outside contractors and vendors staff with minimum risks by disciplined, logical, systematic, top-down approach to analyze and reduce potential risky functions, processes and information processing. I rescued the troubled SAP, Oracle financial system implementation projects by redefining the scope, goals that corporate financial department wanted and needed to consolidated data from various division activities where various silo financial systems were used globally. The key issues were how to interface the local systems that must be balanced with the needs and wants of the headquarters and the local departments without major complexity. Therefore, I assisted to transform the old financial systems more customer-centric and network-centric order, fulfillment, payment, credit, warranty, customer satisfaction based system, and the enterprise-centric information with appropriate integration of financial data from the corporate lean, Kaizen perspective. For Tokyo Stock Exchange stoppage case, I advised to clearly define the accurate, timely scope, interfaces and goals each major vendor was expected to accomplish so that the better control of stock exchange transaction processing could be accomplished after identifying the major critical interfaces, potential risky area, and boundaries of responsibility/accountability issues. I worked on American Express, Sumitomo Bank and Sanwa Bank projects under IBM mainframe and clients-server platforms, primarily the customer relationship systems, loan, and financial account transactions area to make sure that the customers were happy with minimum risks to the firms and the customers. I also made sure that appropriate, GLBA, SOX, PCI-DSS and PII factors are properly designed and implemented in various financial systems to reduce the privacy risks and to protect the enterprise assets as much as possible. I managed remediation project of GLBA violation by one of the largest banks in the US as a project manager.

Logistics and Warehouse Control Management:

I worked on Mitsui Shipping, couple transport carriers, distributors, and logistics systems for large manufacturing firms. In addition, I helped improve logistics, warehouse control management and delivery system vendor which installed JIT delivery system for the largest convenient store chain (Seven Eleven) in Japan. In addition, I advised another logistics and warehouse control management vendor whose product was used by several large manufacturers, to improve their transportation and products warehouse control management operations, in Japan.

Educational area:

Since I started training SADT (which became IDEFn) in 1979, and systems/software quality metrics measurement in 1982, lean, Kaizen principles and the Top-down Systems Approach in latter part of 1980s and Top-down Systems (Enterprise Architecture) Approach by adding compliance, governance, security, and other risk management factors in the technologies in 1990s at various firms and universities globally, I trained many IT executives and professionals and graduate engineering and business students. When I taught the top-down system’s approach to graduate engineering students at University of Kobe, Japan, Japanese Ministry of Education granted the graduate engineering credit for students. Since I was also an advisor/consultant to two deans (including Cylab) of Carnegie Mellon University, the board members of several Japanese universities since latter part of 1990s, I am somewhat familiar with university environment. I also participated in advancement of software engineering course curriculum research and implementation projects sponsored by NSF in the US and Japanese government. I also trained unique project/program management, database design, multi-vendor network, risk management, business continuity, disaster recovery, information security, global business, etc. in the US and Japan and occasionally in Europe in the past 30 years. I was responsible for establishment of graduate information security school in Kobe, Japan on behalf of Cylab, Carnegie Mellon University in spring, 2005 and I was asked to head its operation. I was also an adviser/consultant to several universities in Japan because of my expertise in the software engineering, information security and international business curriculum research and study globally. For instance, when I was an interpreter for CMU computer science professors in the information security area, they could not respond to audience questions in three or four occasions in the open public lecture, I responded for them because of my specialty of information security and quality metrics combination issues. I taught Management 205 (MIS) to graduate business school at University of California at Riverside as a lecturer at present on a part-time basis to educate them to fill the gaps between business units and IT services including information security in Fall Quarter, 2015 and plan to teach Database Management course in Winter Quarter.

Network and Telecom area:

Sold and serviced network management middleware software (OSS and network monitor tool) to NEC, Hitachi and Toshiba as an OEM deal for Vertel; Sold and serviced telecom software maintenance tools of Viasoft to NTT Data, NTT Software, KDDI (now, Softbank), NEC, Fujitsu, Hitachi, Toshiba, etc.; Advised system development technologies to NTT group companies (NTT DoCoMo, NEL, NTT Comm., etc.), NEC, Hitachi, Panasonic, Toshiba, Mitsubishi Electric, Oki, Fujitsu and major systems integrators in Japan. Advised how to develop embedded software for wireless devices to high-tech manufacturers in Japan. I was a “Shadow” Project Director for telecom application software development which had over 5,000 IT professionals for 3 years and another one which had 2,500 IT professionals for couple years for NTT. Adviser to top and senior executives to the project level managers of NTT Data, the largest systems integrator in Japan and sixth largest systems integrator in the world to introduce the emerging technologies, to solve their troubled projects and to advise any other business and IT issues.

Life Insurance and other insurance applications:

Meiji Life

Contact this candidate