In addition to possessing deep knowledge regarding the region’s diverse geopolitical and cultural complexities, Paul has developed a highly nuanced view of global cyber security challenges from working with organizations such as Interpol, the U.S. Secret Service’s Electronic Task Force, and Microsoft’s Digital Crimes Consortium.
Paul started his career with the Hong Kong Police Force, and over 22 years, he rose through the ranks to become Chief Inspector and Head of the IT Forensics Practice, Investigation Team, and Training in the force’s Technology Crime Division. In this role, he led multiple teams of cyber investigators, computer forensics examiners, and police college trainers, and was policy manager for digital evidence for the entire police force of 27,000 members. His accomplishments included overseeing the design and construction of a multimillion-dollar project to build the IT forensic laboratory and all associated IT security infrastructure; heading an internal “think tank” that provided top-level police management with strategic planning and policies relating to technology crime trends and IT security matters; leading the government incident response capability against cyber threats to critical infrastructure during major events such as the Olympics, WTO meeting, ITU Conference, and East Asian Games; and implementing an innovative incident response methodology for live (compromised) system analysis, which was ultimately adopted by Interpol and police forces worldwide.
During his tenure, Paul was also appointed by Interpol as course director for the Asia-Pacific Region to develop and deliver IT investigation and forensics training to law enforcement. His design and management of an advanced training facility for the HKPF was later used as a template by Interpol and the Korean Police University. Paul brought to these training efforts a wide range of practical, frontline experience from his earlier roles as Head of the Computer Security Unit in the Crime Prevention Bureau, Head of the Telecommunications Liaison Office in the Criminal Intelligence Bureau, and a uniformed officer for eight years.
After leaving the HKPF in 2010, Paul became APAC Head of Fraud and High Tech Investigations for JP Morgan Chase Bank, and from 2012-2014, he relocated to New York where he served as the bank’s Global Head of High-Tech/Cyber Investigations. In this role, Paul managed a global team of cyber investigators and responders throughout the United States, Europe, and Asia, focused on addressing the pressing needs of managing the evolving threats faced by a global financial institution. Executing on these objectives involved, among other efforts, redesigning global cyber laboratories and introducing new forensic technologies to enhance the efficiency and capacity of the team. In addition to serving as a strategy leader, Paul personally conducted numerous investigations, successfully resolving several major incidents that included, among others, a well-publicized breach, data exposure, reputational issues, employee misconduct, insider threat, and electronic fraud.
Prior to joining Kroll, Paul was APAC Managing Director for Stroz Friedberg. In this role, Paul developed several of the firm’s products and services with an APAC focus, and personally led client engagements in cyber security assessments, C-level cyber incident table-top exercises, and data breach investigations. He also served as a thought leader and represented the firm in numerous venues, forums, and major public events.
Selected Media Appearances and Speaking Engagements
- Cyber expert to Hong Kong Radio, with a regular weekly contribution.
- International Bar Association (IBA 2017), Sydney
- Euromoney/ Standard Chartered Webinar: “The fight against cyber crime in financial services: How prepared are you?”
- Morgan Stanley 16th Annual Asia Pacific Summit, Singapore
- HK Stock Exchange: Cyber Security Town Hall Event
- Information Security Summit, Hong Kong
Education and Certifications
- Graduate Diploma, Computer Forensics, University of Science and Technology (Hong Kong)
- Professional Diploma, Computer Forensics, University of Science and Technology (Hong Kong)
- Bachelor of Engineering (Hons.), Engineering Science and Industrial Management, University of Liverpool
- SANS Certified Forensic Analyst (GCFE)
Affiliations and Membership
- Hong Kong Computer Society, Information Security Special Interest Group
- University of Defence, Science and Technology, Beijing
- China Computer Forensics Research Centre
- Network Security Professionals (NSP) Group
- International Organization on Computer Evidence
- High Technology Crime Investigation Association
- Microsoft Digital Crimes Consortium