Wayne huang, PhD
Cybersecurity expert, entrepreneur, angel investor,
Co-Founder & CEO of XREX
About
Dr. Wayne Huang is the Co-Founder and CEO of XREX Inc. He is an internationally-recognized cybersecurity expert instrumental in developing innovative blockchain-based solutions currently used in several emerging markets.
Before XREX, Wayne served as VP Engineering to Proofpoint (NASDAQ: PFPT), where he spent 5 years building and growing TAP (Targeted Attack Protection) from 0 to $400M+ in ARR (annual recurring revenue), servicing 9 of the top 10 US banks, and 56 of Fortune 100.
Prior to Proofpoint, Wayne was Co-Founder and CEO of Armorize Technologies, which was successfully acquired by Proofpoint in 2013.
Wayne frequently speaks at cybersecurity and blockchain conferences, including Chain-in 2018, BLOCKConscious Summit 2018, SecTor 2018, Blockchain Technology Conference 2018, Swiss Cyber Storm 2018, BlackHat US 2010, BlackHat APAC 2017, DEFCON 2010, RSA USA 2007, 2010, 2015, 2016, RSA APAC 2015, Hack in Paris 2017, Troopers 2016, AusCERT 2016, Virus Bulletin 2016, SteelCon 2016, Hack.lu 2016, HackFest 2016, SyScan Taiwan 2008, 2009, OWASP Asia 2007, 2008, Hacks in Taiwan 2006, 2007, WWW 2003, 2004, and PHP 2007.
A diligent blogger about cyber threats, Wayne’s research has received worldwide media coverage, including reports in Reuters, Forbes, IDG, USA Today, Wired, Dark Reading, The Register, The Hacker News, SC Magazine, eWeek, Threat Post, CSO, and Krebs on Security.Wayne first-authored 5 well-cited, peer-reviewed papers published by ACM and IEEE, and 3 US-issued patents.
A hobbyist angel investor, Wayne invested in 7 startups: DCard, BuzzOrange (TechOrange), Deepblu, 17Fit, Niceday, and Pamily (Trigger/MobiusBobs).
Wayne received a Ph.D. in Electrical Engineering, Computer Science Group from National Taiwan University, and a BS and an MS in Computer Science from National Chiao Tung University.
In his spare time, Wayne enjoys mountaineering, trekking, and studying history and economics.experience
XREX
Aug 2018 - present | Taipei
Co-Founder & CEO
XREX is a neo-fintech leveling the playing field by partnering with banks, regulators, and verified individuals to redefine banking together. Its blockchain-driven solutions create a collective financial system that empowers all to participate and contribute to the global economy.Founded in 2018 and headquartered in Taipei, XREX comprises a team of world-leading experts in cybersecurity, fintech, compliance, and cryptocurrency to offer a full suite of innovative products such as BitCheck, XREX Clubs, Risk Level Detector to solve the dollar-liquidity shortage issues faced by cross-border merchants in emerging economies.
XREX is backed by public companies, banks, and prominent VCs, including:
- Taiwan National Development Fund
- SBI Investment (TYO:8473)
- CDIB Capital Group (TWSE:2883)
- E.Sun Financial Holding (TWSE:2884)
- ThreeD Capital (CSE:IDK)
- Systex (TWSE:6214)
- Global Founders Capital
- Metaplanet Holdings
- Seraph Group
- AppWorks
- WI Harper Group
- Black Marble Capital Management
- New Economy Ventures
- BitoEx
- Toivo Annus
Proofpoint (NASDAQ: PFPT)
Aug 2013 - Jun 2018 | Sunnyvale CA
VP Engineering
Proofpoint is a leading cybersecurity company that provides the most effective cybersecurity and compliance solutions to protect people on every channel, including email, the web, the cloud, social media, and mobile messaging.
Armorize Technologies
Jan 2006 - Aug 2013 | San Francisco & Taipei
Co-Founder & CEO / CTO
Armorize Technologies (acquired by Proofpoint (NASDAQ: PFPT)) is a leading cybersecurity company offering Web application security and malware detection solutions. Armorize specializes in the detection and prevention of advanced, targeted threats.Institute of Information Science, Academia Sinica
1999 - 2005 | Taipei
Research Engineer
As a part of a 4-year mandatory military service term.
Researched and developed defense technologies against advanced persistent threats (APTs) against Taiwan's government, military, and intelligence infrastructure.
First-authored multiple peer-reviewed papers that each has 750+ citations according to Google Scholar. Acquired 2 US patents.
education
National Taiwan University NTU
Ph.D., Electrical Engineering, Computer Science Group
2004-2012
First-authored multiple peer-reviewed cybersecurity papers that each has 750+ citations according to Google Scholar.
National Chiao-Tung University NCTUMasters, Computer Science
1997-1999
National Chiao-Tung University NCTUBachelors, Computer Science
1993-1997
Papers & patents
First-authored, peer-reviewed academic papers
"Web application security assessment by fault injection and behavior monitoring."
Yao-Wen (Wayne) Huang, Shih-Kun Huang, Tsung-Po Lin, Chung-Hung Tsai.
In Proceedings of the 2003 ACM International Conference on the World Wide Web, 2003, . pp. 148-159."Securing web application code by static analysis and runtime protection."
Yao-Wen (Wayne) Huang, Fang Yu, Christian Hang, Chung-Hung Tsai, Der-Tsai (D.T.) Lee, Sy-Yen Kuo.
In Proceedings of the 2004 ACM International Conference on the World Wide Web, 2004, . pp. 40-52."Verifying Web Applications Using Bounded Model Checking."
Yao-Wen (Wayne) Huang, Fang Yu, Christian Hang, Chung-Hung Tsai, Der-Tsai (D.T.) Lee, Sy-Yen Kuo.
In Proceedings of the IEEE 2004 International Conference on Dependable Systems and Networks (IEEE DSN 2004), pages 199-208, Florence, Italy, Jun 28-Jul 1, 2004."Non-detrimental Web application security scanning."
Yao-Wen (Wayne) Huang, Chung-Hung Tsai, Der-Tsai (D.T.) Lee, Sy-Yen Kuo.
In 15th IEEE International Symposium on Software Reliability Engineering (ISSRE 2004), Saint-Malo, France, Nov 2-5, 2004."A testing framework for Web application security assessment."
Yao-Wen Huang, Chung-Hung Tsai, Tsung-Po Lin, Shih-Kun Huang, D.T. Lee, Sy-Yen Kuo.
Journal of Computer Networks 48(5), pp. 739-761, Feb 12, 2005.
First-authored, US-issued patents
"System and method for securing web application code and verifying correctness of software."
Yao-Wen Huang, Fang Yu, Chung-Hung Tsai, Christian Hang, Der-Tsai Lee, Sy-Yen Kuo
US Patent 8555269, Issued Oct 3, 2013"System and method for securing web application code and verifying correctness of software."
Yao-Wen Huang, Fang Yu, Chung-Hung Tsai, Christian Hang, Der-Tsai Lee, Sy-Yen Kuo
US Patent 7779399, Issued Aug 17, 2010"Behavior profiling for malware detection."
Wayne Huang, M. James Idle
US Patent 10102372, Issued Oct 16, 2018
BLOG POSTS
XREX Medium, 2020 Oct 15
First suspicious Bitcoin transaction series detectedHacker Noon, 2020 Nov 7
Exposing the Nigerian Crypto Scam Group - "Operation N-Fiverr"
media coverage
Cybersecurity-related
Wired, 2010-12-10 by Kim Zetter
Google DoubleClick Caught Serving Malicious AdForbes.com, 2010-08-16 by Andy Greenberg
Record Five Million Sites Were Likely Infected By Hacked Web WidgetUSA TODAY, 2011-08-11 by Byron Acohido
Millions of Web pages are hacker landminesThe Verge, 2014-10-07 by Russel Brandom
Inside a Russian malware scheme that hijacked 500,000 computersMIT Technology Review, 2014-10-15 by Mike Orcutt
Windows XP Is Still a Favorite Among HackersThe Register, 2011-08-13 by Dan Goodin
Attack targeting open-source web app keeps growingThe Register, 2011-08-02 by Dan Goodin
Malware attack spreads to 5 million pages (and counting)The Register, 2011-04-19 by John Leyden
Flash cache exploit debuts in Amnesty attackThe Register, 2010-12-13 by Dan Goodin
Ad networks owned by Google, Microsoft serve malwareIDG News, 2010-12-11 by Robert McMillan
Google, Microsoft Ad Networks Briefly Hit With MalwareIDG News, 2010-7-15 by Robert McMillan
Talk on China Cyber Army pulled after pressureIDG News, 2008-12-09 by Robert McMillan
Update: New Web attack exploits unpatched IE flawIDG News, 2008-5-19 by Sumner Lemon
Mass SQL Injection Attack Targets Chinese Web SitesIDG News, 2007-11-15 by Robert McMillan
With Web 2.0, a New Breed of Malware EvolvesBankInfoSecurity, 2014-10-9 by Mathew J. Schwartz
Hackers Grab 800,000 Banking CredentialsPYMNTS.com, 2014-10-10
How Cyberthieves Were Able To Steal 500,000 Bank CredentialseWeek, 2010-12-10 by Brian Prince
Google DoubleClick Found Serving Malicious AdeWeek, 2010-08-16 by Brian Prince
Infected Widget Compromises Parked DomainseWeek, 2009-09-22 by Jim Rapoza
Live at DEMOfall 2009: Getting Secure and Getting PaidCNET, 2011-09-26 by Elinor Mills
Hacked MySQL.com used to serve Windows malwareCNET, 2010-05-26 by Elinor Mills
Firms tackle virus-laden Web sites, adsDark Reading, 2011-08-09 by Tim Wilson
'Willysy' osCommerce Injection Attack Affects More Than 8 Million PagesDark Reading, 2010-08-18 by Mathew J. Schwartz
Malware Spewing Widget Hacks 500,000 WebsitesDark Reading, 2010-08-17 by Kelly Jackson Higgins
Mass Drive-By Attack Used Web WidgetThreat Post, 2014-10-23 by Chris Brook
Malvertising Campaign on Yahoo, AOL, Triggers CryptoWall InfectionsThreat Post, 2011-08-04 by Brian Donohue
Massive Injection Campaign Affecting More Than Six Million PagesThreat Post, 2011-07-26 by Brian Donohue
Massive iFrame Attack Hits More than 90,000 PagesThreatPost, 2010-12-12 by Dennis Fisher
Major Ad Networks Found Serving Malicious AdsThreatPost, 2010-08-16 by Paul Roberts
Network Solutions Malicious Widget May Date to JanuaryKrebs on Security, 2011-08-05 by Brian Krebs
Is That a Virus in Your Shopping Cart?KrebsOnSecurity, 2010-08-16 by Brian Krebs
NetworkSolutions Sites Hacked By Wicked WidgetSlashdot, 2010-08-16
5 Million Domains Serving Malware Via Network SolutionsMashable, 2009-09-22 by Ben Parr
HackAlert: Web Apps Finally Get Secure
Venture Beat, 2009-09-22 by Dean Takahashi
DEMO: Armorize’s HackAlert notifies you if your web site is under attackTechCrunch, 2009-06-16
Armorize Lands More Funding For Web App Security TechnologyCSO, 2014-10-08 by Antone Gonsalves
An inside look at Russian cybercriminalsCSO, 2011-07-28 by Ellen Messmer
E-Commerce Sites Based on Open Source Code Under AttackCSO, 2011-07-26 by Bill Brenner
Drive-by download infects more than 90,000 sites, Armorize warnsPC Magazine, 2011-08-08
Millions of e-commerce Sites Hacked to Serve MalwarePC Magazine, 2010-08-16
Innocuous Network Solutions Web Widget Served MalwareSC Media, 2014-10-07
Group infects more than 500K systems, targets banking credentials in U.S.SC Media, 2011-08-01
Mass injection campaign affects 3.8 million pagesSC Media, 2010-08-16
Up to five million parked domains served malware widgetCRN, 2011-07-29 by Stefanie Hoffman
iFrame Attack Infects More Than 300,000 osCommerce SitesPCWorld, 2011-08-06 by John P. Mello Jr.
Speedy Malware Infects More than 6 Million Web PagesZDNet, 2014-10-07 by Toby Wolpe
Windows XP: Still big in botnets after all these years?ZDNet, 2011-07-28 by Dancho Danchev
90,000+ pages compromised in mass iFrame injection attackZDNet UK, 2010-08-17 by Elinor Mills
Malicious widget attacks compromise parked domainsComputerworld, 2010-08-16 by Gregg Keizer
Malicious widget hacked millions of Web sitesInfoWorld, 2010-12-10 by Robert Lemos
The DoubleClick attack and the rise of malvertisingInfoWorld, 2010-08-17 by Robert Lemos
Network Solutions versus the wily widgetHelp Net Security, 2010-08-18 by Zeljka Zorz
Mass injection attack compromised 20,000+ domains, delivers fake AVHelp Net Security, 2011-08-01 by Zeljka Zorz,
Mass iFrame injection attack now counts millions of compromised web pagesHelp Net Security, 2011-07-26 by Zeljka Zorz,
90,000+ web pages compromised through iFrame injectionHelp Net Security, 2010-12-13 by Zeljka Zorz,
Malware spread via Google, Microsoft ad networkSoftpedia, 2011-08-17 by Lucian Constantin
New Mass Injection Attack Infects over 20K WebsitesSoftpedia, 2011-08-01 by Lucian Constantin
Number of osCommerce Infected Pages Raises to Millions in Under a WeekSoftpedia, 2010-12-11 by Lucian Constantin
Drive-By Scareware Malvertizements Served by Large Ad NetworksSPAMfighter News, 2011-08-05
Armorize Unleash Massive Iframe Injection AssaultSPAMfighter News, 2014-10-14
Proofpoint Discovers Russian Cyber-Crime Gang, Attacker of Over 500K PCsSPAMfighter News, 2011-07-16
Armorize Unleash Massive Iframe Injection AssaultSPAMfighter News, 2010-08-21,
Millions of Web Websites Hacked by Malicious WidgetSPAMfighter News, 2010-06-07
Around 1000 US Websites Serve MalwareThe H, 2011-08-03
Millions of osCommerce stores hackedThe H, 2011-04-20
Exploit on Amnesty pages tricks AV softwareHK Cert, 2011-08-02
Mass Injection Attacks Targeting osCommerce Vulnerabilities
Talks
(follow the links to watch talk videos)
SecTor 2018, Toronto
25 Techniques to Gather Threat Intel and Track Actors (with Sun Huang)BLOCKConscious 2018, Brisbane
Hacking Blockchain for Fun and Real Profit (with Sun Huang)Chain-in 2018, Lisbon
Hacking Blockchain for Fun and Real Profit (with Sun Huang)Hack in Paris 2017, Paris
25 Techniques to Gather Threat Intel & Track Actors (with Sun Huang)Black Hat APAC 2017, Singapore
24 Techniques to Gather Threat Intel & Track Actors (with Sun Huang)HackFest 2017, Quebec
Unveiling One of the World’s Biggest and Oldest Cybercrime Gangs (with Sun Huang)Hack.lu 2016, Luxembourg
Unveiling the Attack Chain of Russian-Speaking Cybercriminals (with Sun Huang)SteelCon 2016, Sheffield, England
Witness the Russian Attack: Live Demos of Their Steps, Tools, Techniques (with Sun Huang)Virus Bulletin 2016, Denver
Unveiling the Attack Chain of Russian-Speaking CybercriminalsTroopers 2016, Heidelberg
Russian Attack: Live Demos of Their Steps, Tools, Techniques (with Sun Huang)RSA Conference 2016, San Francisco
Witness the Russian Attack: Live Demos of Their Steps, Tools, Techniques (with Sun Huang)RSA APAC & Japan Conference 2015, Singapore
New Ways of Emerging APT Actors: India, South Africa, Nigeria, and Indonesia (with Sun Huang)RSA Conference 2015, San Francisco
Bitcoin’s Future Threats: Expert’s Roundtable based on 150 Case Studies (with Sun Huang)DEF CON 2013, Las Vegas
Drivesploit: Circumventing Both Automated AND Manual Drive-By-Download Detection (with Sun Huang)
"Do, or do not; there's no try."
-- Master Yoda