Summary
Overview
Work History
Education
Skills
Affiliations
Certification
Websites
Timeline
Generic

Donlakarn Premthong

Aveley,WA

Summary

I'm a permanent resident of Australia with full work rights, currently working remotely from Bangkok, and planning to return to Perth permanently.

I have 9 years of experience in cybersecurity, with a strong foundation in penetration testing and vulnerability assessment. Over time, I’ve transitioned into governance, risk, and compliance (GRC) to broaden my impact at the management level. My technical background allows me to provide practical, business-aligned security advice, support policy development, and help bridge the gap between technical teams and business units.

Overview

9
9
years of professional experience
1
1
Certification

Work History

Senior GRC Cybersecurity Specialist

Central Retail Corporation Public Company Limited
Bangkok
03.2025 - Current
  • Develop security controls and programs that align with regulatory requirements and business objectives.
  • Document and report control failures, risks, and compliance gaps to stakeholders.
  • Present GRC areas to management, including detailed reports on risk posture, compliance status, and security initiatives.
  • Provide expert security consultation for new and ongoing projects across the organization.
  • Conduct security reviews and risk assessments for proposed projects and initiatives.
  • Offer guidance on implementing appropriate security controls and measures.
  • Collaborate with project teams to ensure security is integrated from the early stages of development.
  • Advise on security best practices and industry standards relevant to specific projects.
  • Provide security expertise during incident response and post-incident analysis.
  • Consult on the implementation of security controls for new technologies and systems.
  • Offer recommendations for enhancing the overall security posture in line with business objectives.
  • Follow up on security recommendations to ensure they are implemented correctly and effectively.

Senior Penetration Tester

Central Retail Corporation Public Company Limited
Bangkok
04.2023 - Current
  • Conducted manual and automated vulnerability assessments using industry standard tools.
  • Performed network, application, system and mobile penetration testing across company's product suite.
  • Participated in regular internal audits for identifying areas that need improvement or require additional controls.
  • Provided technical guidance to development teams during the software development life cycle.
  • Introduced process efficiencies into existing methodologies and recommended improvements to testing workflows.
  • Communicated findings and strategy to stakeholders, technical staff and executive leadership.

Penetration Tester Team Lead

Reconix Pty Ltd
Perth
04.2022 - 01.2023
  • Conducted security assessment for clients, including network and application penetration testing to identify vulnerabilities and recommend remediation steps.
  • Maintained up-to-date knowledge of industry standards, such as OWASP, to ensure best practices were followed during testing engagements.
  • Consulted with customers on how to improve security posture and delivered follow-up support during implementation.
  • Directed teams of security professionals to deliver security consultancy for clients.

Senior Consultant

Satalyst Pty Ltd
Perth
03.2021 - 03.2022
  • Led and provided quality assurance for technical engagements including Red Team Assessments, Penetration Testing, Application Security Assessments.
  • Provided subject matter expert level input into Cyber Security Advisory engagements such as secure architecture assessments.
  • Provided input into the development and training plan for the team as well as providing on the job training to juniors.
  • Represented Satalyst's Cyber Defence capabilities in the industry as a subject matter expert.

Application Security Engineer

aCommerce Co., Ltd
Bangkok
05.2020 - 03.2021
  • Performed penetration testing on internal and external applications.
  • Developed secure coding guidelines.
  • Delivered web application security training to developers.
  • Acted as a security subject matter expert, providing prompt responses to internal security engineering inquiries and requests.

Senior Consultant, Advisory Services

KPMG Phoomchai Business Advisory Ltd.
Bangkok
12.2016 - 04.2020
  • Performed vulnerability assessment and reviewed information security management for the client in various industry.
  • Performed network infrastructure penetration testing including system and network devices. The majority of systems that I have tested related to the financial industry such as top three banks in Thailand.
  • Performed web application penetration testing follow OWASP testing guide.
  • Conducted mobile application penetration testing over 30 applications both Android and iOS.
  • Performed penetration testing on Point-of Sale Systems and network infrastructure for a major petrochemical company.
  • Performed penetration testing on ATM systems including physical and logical security assessment for a major bank in Thailand.
  • Collaborated with a team to conduct the KPMG Cyber Security Challenge 2018 (CTF) which was held in Thailand (Prelimination round) and Malaysia (Final round).

Education

Bachelor of Science - Information Technology For Business

Chulalongkorn University
Bangkok, Thailand
06.2015

Skills

  • Penetration testing
  • Vulnerability assessment
  • Application security
  • Regulatory compliance
  • Security consultation
  • Project management
  • Security best practices
  • Security architecture
  • Ethical hacking techniques
  • Software vulnerability scanning
  • Web application security
  • Open source security tools
  • Information security policies

Affiliations

Thailand Network Security Contest 2016

  • Honorable Mention Award, the competition was to complete vulnerability assessment and penetration testing solution including achieving new vulnerability analysis and preventing penetration testing solutions.

CAT Cyfense

  • Finalist, the task was to investigate and conduct digital forensic the Cyber World Tower, BKK.

Certification

  • CISSP – Certified Information Systems Security Professional
  • OSCP – Offensive Security Certified Professional
  • CCSK - Certificate of Cloud Security Knowledge
  • eMAPT – eLearnSecurity Mobile Application Penetration Tester
  • CC – Certified in Cybersecurity
  • CEH – Certified Ethical Hacker
  • MS-500 – Microsoft 365 Certified: Security Administrator Associate
  • AZ-500 – Microsoft Certified: Azure Security Engineer Associate
  • SC-200 – Microsoft Certified: Microsoft Security Operations Analyst

Timeline

Senior GRC Cybersecurity Specialist

Central Retail Corporation Public Company Limited
03.2025 - Current

Senior Penetration Tester

Central Retail Corporation Public Company Limited
04.2023 - Current

Penetration Tester Team Lead

Reconix Pty Ltd
04.2022 - 01.2023

Senior Consultant

Satalyst Pty Ltd
03.2021 - 03.2022

Application Security Engineer

aCommerce Co., Ltd
05.2020 - 03.2021

Senior Consultant, Advisory Services

KPMG Phoomchai Business Advisory Ltd.
12.2016 - 04.2020

Bachelor of Science - Information Technology For Business

Chulalongkorn University
Donlakarn Premthong