Meetup — Managing Security at Scale: Lessons from TikTok’s TMIRI Pillar

⚠️ REGISTRATION IS REQUIRED VIA THIS SIGN UP FORM ⚠️
⚠️ NO WALK-INS, SIGN UP CLOSES ON 28-SEP-2025, 2359 (SGT). ⚠️
*Please keep a look out for our email on the outcome of your registration that will be sent to you at 1-2 day(s) before the session. If you did not receive any updates, please drop us an email at community@div0.sg*

—
AGENDA

• 6.30pm: Registration & Networking (30mins)
• 7.00pm: Introduction & Announcement (10mins)
• 7.10pm: "Insights on Enterprise Security Detection" by Chen Xiaoqiang (20mins)
• 7.30pm: "Peek into our GSO Threat Intelligence Program" by Lucas Tan (30mins)
• 8.00pm: "Patching the Gaps + Insights into our HackerOne Live Hacking Event" by Hui Yi Loke, Zhaohong Liu (30mins)
• 8.30pm: "LLMs: Your Next AppSec Tool, or Your Next Target?" by Robin Hung, Jessie
• Till Late: Networking

SPONSORS

• VENUE and F&B SPONSOR: TikTok
• DIV0 SUSTAINING OFFICIAL SPONSOR: Red Alpha Cybersecurity

ABSTRACTS
The event will feature insights from TikTok's in-house experts, providing a unique look into how a global platform manages its security operations. The presentations will be led by representatives from our TMIRI pillar, specifically from the following teams, TDR, TI and VM.

Insights on Enterprise Security Detection
This presentation explores practical insights into enterprise security detection and defense. It begins with real-world cyber incidents, highlighting global ransomware, APT attacks, and large-scale disruptions. By analyzing a typical intrusion process—from phishing emails to lateral movement and privilege escalation—it reveals how attackers penetrate corporate environments. The slides further explain the MITRE ATT&CK framework and its role in building proactive defenses. Enterprise practices are shared, including big data log collection, expert rules, and machine learning to detect abnormal behaviors across the attack chain. Finally, it emphasizes incident response as the “last mile” of defense, with metrics like MTTD and MTTR guiding continuous improvement. The key takeaway: effective security requires reducing detection and response time to minimize risks and strengthen resilience.

Peek into our GSO Threat Intelligence Program
This presentation aims to introduce Threat Intelligence to newcomers in the field. It explores how the GSO Threat Intelligence team categorizes intelligence into Traditional, Business Risk, and Dark Web categories, and applies these concepts to a real-world case study on Business Risk investigations. Starting with an initial lead from a Telegram ad, we detail the intelligence gathering process, impact analysis, and how Threat Intelligence works can impact an organisation. The presentation concludes with a fun tidbit about the identities behind the Threat Actor.

Patching the Gaps + Insights into our HackerOne Live Hacking Event
This presentation explores the product vulnerability management process in TikTok and provide insights on the experience of setting up public live hacking events (LHE) with HackerOne.

LLMs: Your Next AppSec Tool, or Your Next Target?
Large Language Models (LLMs) are both a massive opportunity and a new risk. So, are they a trustworthy ally or just the next attack surface? This talk dives into both.

First, we'll cover the AppSec perspective: how to use LLMs to supercharge the security toolings and accelerate daily workflows. We'll demonstrate how to move faster on security reviews, pentestings, code reviews, and more. Then, we'll put on our red team hats and introduce an agentic, AI-powered pentesting playbook, with practical guidance and real-world case studies on hacking AI applications.

You'll walk away knowing how to use LLMs for defense and how to guard your applications against this new generation of threats.

BIOS
Chen Xiaoqiang | Xiaoqiang has spent over 13 years in the cybersecurity battlefield, serving at leading companies like ZTE, Tencent, and ByteDance. From shaping DLP strategies to building enterprise-level defense systems, he has always been on the front line against invisible adversaries. At Tencent, he led a 20+ member team in relentless battles, and at ByteDance, he sharpened his expertise in intrusion detection. His dedication and hands-on experience make him a true practitioner of enterprise security.

Lucas Tan | Lucas is a Threat Intelligence Analyst with experience in monitoring the cybercriminal underground and supporting investigations into breaches, phishing campaigns, and data leaks. At TikTok, he continues to build on this foundation by developing new intelligence sources and delivering actionable intelligence assessments to internal stakeholders.

Hui Yi Loke | Just a potato

Zhaohong Liu | Zhaohong is a Vulnerability Management Analyst at TikTok, responsible for managing external bug bounty programs, conducting vulnerability assessments, and driving the vulnerability management lifecycle. Leveraging her technical background and 2 years of experience at TikTok, she effectively coordinates with teams and implements security measures to support the company's security posture.

Robin Hung | Robin is a security engineer at TikTok's application security team in Seattle. He has experience in all things product security related. As a recent addition to the team, his current focus is on building the LLM applications to replace himself in the world of security.

Jessie | Jessie is a security engineer on TikTok's application security team based in Singapore. He has comprehensive experience in product security and is primarily responsible for the LLM-related business line. Currently, he is focused on developing automated systems and scanners to streamline and automate tasks within the team.

IMPORTANT NOTICES

• Code of Conduct: https://www.div0.sg/code-of-conduct
• Terms of Use & Disclaimer Notice: https://www.div0.sg/terms-of-use-disclaimer-notice