 |
 |
 |
||||||
 |
 |
|||||||
 |
 |
|||||||
 |
 |
 |
A member of CREST with a pool of CREST and OSCP certified security pentesters. Unparalleled skills, services and commitment in how we serve our customers coupled with our breadth of experience and knowledge enables us to better securing customers’ environment.
Over 10 years of vast experience in providing IT and cyber security services to government, including servicing in various industry sectors such as financial and banking, telecommunications, ecommerce, healthcare, high-tech manufacturing, travel and aviation, media publishing and advertising, fintech, cloud, energy, insurance, and education.
Forefront experience and exceptional knowledge in web applications security and secure coding, enable us to develop capabilities and help many customers to enhance their overall application security through application self-defence and better management of secure software development life cycle.
Practical Security – we are committed to provide practical security recommendations and yet inline with industry best practices to our customers to achieve operational balance and meeting their IT security needs.
Service Excellence – it is in us to deliver projects with efficiency, quality and with utmost customer satisfaction.
Nurture and Contribute - as part of the local cyber security commmunity and a social enterprise, we are here to nurture talents and build a workforce that is professional and contributes back to the society.
Consecutively 5th time awarded as provider to perform IT Security Services to Government Ministries, Statutory Boards and Agencies
Consecutively 4th time awarded as provider to perform IT Security Services to Government Ministries, Statutory Boards and Agencies
CREST Membership
Consecutively 3rd time awarded as provider to perform IT Security Services to Government Ministries, Statutory Boards and Agencies
Re-awarded as provider to perform IT Security Services to Government Ministries, Statutory Boards and Agencies
Invited Guest Speaker in Cisco Security TechByte Seminar
Founded.
Exclusive partner in consortium to perform IT Security Services to Government Ministries, Statutory Boards and Agencies
RV, a true practitioner of management by objective and a pragmatic leader who leads by example, with a proven record in the IT security industry. An active participant in Ironman and 100 km marathons, he demonstrates and promotes extreme sports mindsets—persistence, discipline, and decisiveness—and he inculcates and inspires the team to constantly strive for the next height. Being a Founding Partner and member of the core management, he constantly contributes and delivers organic growth of the company resources, revenues, and profits. He has created and executed strings of strategic plans to position the company as the leader in the security industry. All these come with close to 30 years of extensive experience, strong knowledge, sharp instincts, and determination to succeed.
Bachelor of Applied Science (Computer Engineering)
Nanyang Technology University (NTU), Singapore
CISSP, CISA, CISM, PCI QPASA, PCI QSA, FSA, CCSE, CCNP, CCDP, MCT, MCSE+I
Managing & Founding Partner – Kenny is an entrepreneur and keen leader in motivating his team to break through and bring out their best performances. He is responsible for setting the vision and business strategies for the company; he builds and goals the team for innovation and excellence. Kenny has a total of 3 decades of IT experience with over 25 years of working in management and start-ups. He has 17 years of experience in security operations, over 8 years in security products and R&D innovation as a co-founder for security product startups, and over 20 years in IT security consultancy services. Being a qualified CISSP, Kenny has experience in both security implementation and consultancy. He plays an active role in IT security solution architecting, quality control, and cybersecurity advisory in key projects.
Bachelor of Applied Science (Computer Engineering)
Nanyang Technology University (NTU), Singapore
CISSP
Sean is a talent, and he attracts talents. He is a keen learner, constantly staying abreast of security technologies and trends. He is sharp and critical on assessments. As a natural leader, he takes good care of team resources and needs and hence earns high respect from all. His service attitude is superb and hence is always utmost customer-oriented. Sean has over 25 years of experience in the IT industry, with a good foundation in IT infrastructure, including systems, networks, and security. A member of core management, Sean is responsible for nurturing resources and talent development for the company. He is also accountable for delivery assurances and consultancy technical and practice management.
Bachelor’s Degree in IT major in Data-Comm
Western Sydney University (UWS), Australia
CISSP, CISA, CRISC, CCNA
Howie is a persistent beacon. He grants daily ‘good morning’ inspiration notes and encouragements to kickstart and light up everyone’s day without fail. In group marathons, he played a ‘pacer’ role to gear, train, and drive the team; and in daily life, for over two decades, he has driven industry professionalism and excellence by inspiring, encouraging, and guiding, or even ‘pacing,’ many peers and juniors relentlessly on their paths to CISA, CISSP, and other security professional certifications. He earns industry respect from many as he shares work-life experiences while concurrently never short of stories and ideas to link and inject lively experiences into dry topics or works. He has 30 years of experience in the IT industry, with expertise in IT systems areas of architecture, networks, applications, and security. He started his career as an IT Developer, then moved on to IT Security (Governance & Operations) in the public sector before landing on consultancy services. He is a practitioner in operationalising IT policies such as IM8 and ISO.
He designed and managed IT security outreach programs, which included Cyber Range training, Security Incident Response exercises, awareness training of staff to organisation management executives, and carried out phishing tests to assess the level of staff awareness.
He is an avid sports enthusiast with a particular passion for badminton, jogging, swimming, and cycling. He enjoys traveling and exploring new places, as well as learning foreign languages to broaden his understanding of different cultures and perspectives.
Bachelor of Applied Science (Computer Engineering)
Nanyang Technology University (NTU), Singapore
Specialist Diploma in Cybersecurity
Nanyang Polytechnic
CISSP, CISA, CISM, CGEIT, CRISC, CDPSE, ACLP
An admirer of the Japanese culture, Zhi Hao is deeply influenced by their work ethics and mindset. He replicates many good and valuable elements of the Japanese culture in his work, especially in ensuring customer satisfaction, taking pride in their work, professionalism, and the drive to perfect their craft.
He is also a strong believer in Kaizen, or continuous improvement of oneself. He has a strong passion for constantly pursuing new knowledge and improving on his current skill set. Kaizen also means constantly taking in feedback, not just from colleagues but also from customers, and improving on the services rendered.
Zhi Hao has coming to 2 decades of experience in the IT industry. Starting out with low-level programming and writing system code, he has built up extensive knowledge in IT system security. Through the course of his work, Zhi Hao has been involved in code reviews, application design, and database design in IT systems. He is also able to create good rapport with customers and is very patient in helping customers secure their systems.
Master of Science (Information Systems)
Bachelor of Engineering (Computer Engineering)
Nanyang Technological University, Singapore
CREST CPSA, CREST CRT (Pen),
OSCE3, OSED, OSEP, OSWE,
OSCP, OSWA, OSWP,
CISSP, CISA, GWAPT
Charles has strong charisma and is always able to establish rapport with customers. He is passionate about IT Security, ever since discovering the myriad ways in which one can make a cause system behave in manners it was not designed for. His natural curiosity drives many of his pursuits and leans itself well in this exciting field of IT Security. He possesses strong project management skills and is able to handle demanding projects. Customers are left with a strong and positive impression upon completion, often citing his ability to be sensitive to their needs and meet project objectives within challenging timelines.
He has over 18 years in the IT industry, with a good foundation in application-related security. His previous role and work provided him extensive experience in Web Application Development, Software Development Life Cycle, Secure Code Review, Web Application Penetration testing, and course trainer for Secure Coding.
Bachelor in Engineering (Computer Engineering) Honours
Nanyang Technological University (NTU), Singapore
CREST CPSA, CREST CRT (Pen),
OSCE3, OSED, OSEP, OSWE
OSCP, OSWA, OSWP,
KLCP, GWAPT, GPEN,
CISSP, CCSP
Member of GIAC Advisory Board
Anyone who knows Ching Xiao Ting knows they are dealing with reliability and great trust. She is responsible and sensible and will always radiate with cheerful and positive energy. Xiao Ting has over 12 years of working experience in Information Technology (IT) Audit and Audit Assurance in various industries, including government entities, spanning across Singapore, Malaysia, China, and the United States. Her key areas of expertise include IT risk and security assessment, host review, and business processes review. She is also well-versed in the Sarbanes-Oxley Act (SOX), the Monetary Authority of Singapore (MAS), and the IM8 process audit review.
She spearheaded the setup of an IT audit function for a multinational company and exercised whistleblowing to investigate wrongdoings prior to joining PulseSecure. She is well respected for training hundreds of IT auditors for the industry and leading an army of them for the successful execution of complex, widescale projects in the government space.
Xiao Ting is passionate about her work and always goes the extra mile to meet client requirements and expectations. She enjoys coaching and always believes knowledge sharing helps her connect, perform better, and become stronger as a professional.
Bachelor of Accountancy Information System (Hons.)
Universiti Utara Malaysia
Specialist Diploma in Cloud Security
CISA, CISM
Yansen, the “Doraemon” of the team, is a quiet yet high achiever who never stops astonishing clients with his extensive knowledge and service deliverables. He is always listening and analysing, paying attention to details, and resourceful and creative in assignments. With more than 18 years in the IT industry and a robust fundamental understanding of wide areas of work, including web applications, systems, and network security, he is able to perform various spectrums of security services. These include security architecture review, system and network reviews and testing, and developing deep skills in forensics, wireless, zero-day exploits, mobile devices, OT/IoT, and SCADA security assessment.
We can always count on Yansen as if he possesses a 4-dimensional pocket, like Doraemon, from which he can acquire various kinds of futuristic tools, gadgets, and playthings from a future department store. Despite his popularity and intelligence, he is shy, quiet, and humble.
Master of Information Technology (Networking), James Cook University (JCU) Singapore
Bachelor of Computer Science, Bina Nusantara University
CREST CPSA, CREST CRT (Pen),
OSCE3, OSED, OSEP, OSWE,
OSCP, OSWA, OSWP, OSDA,
OSMR, BSCP, KLCP, GWAPT
A security fanatic at work—Liew, a curious character, is often obsessed with new developments and technologies (and at times in pursuit of bleeding-edge technology). His perseverance has earned him a deep understanding of various industry solutions, their technology applications, and usages. This is where he further applied his ability and curiosity to uncover obscure security weaknesses in these implementations. Cumulating these experiences and project exposures have made Liew even more thrilled and confident to take on any technically demanding assignments and are determined to deliver them with utmost quality. He is fun, innovative, and is always electrified by new ventures.
Liew has over 13 years of IT programming, operations, and security experience.
Bachelor of Information Technology (Security Technology), First Class Hons
Multimedia University, Malaysia
CREST CPSA, CREST CRT (Pen),
OSCE3, OSED, OSEP, OSWE,
OSCP, OSWA, OSWP, OSDA,
KLCP, GWAPT, GPEN, AWS CSA-A
Member of GIAC Advisory Board
Thinesh entered the IT industry after a long stint in the Ministry of Defence as an intelligence specialist. There he gained his desire for cyber and digital defence and always being prepared for adverse situations. Amidst various appointments that included defence relations, research, and collection, he also held an appointment in managing Information Systems for the Army. Eventually, he decided to move into the private sector to explore new grounds while maintaining his desire for defense. He transited to PulseSecure and started translating his vast knowledge from the Ministry of Defence to cybersecurity.
Thinesh loves to travel and has visited up to 21 countries and counting. This passion of his keeps him moving, seeking adrenaline, and peaks his interest in understanding the countries’ culture. With that experience, he always comes back to translate them into learning experiences for himself and the portfolio he manages at work.
In PulseSecure, Thinesh maintains his physical fitness and upholds the high pride of a soldier—never losing touch with his readiness from his intense combat leadership training. He drives incident response preparedness of our clients, evaluates and assesses incident management and response process and readiness, as well as conducts incident management exercise planning and facilitation. On top of that, he manages projects that involve risk assessment, review of IT security and controls, and conducts several IT security awareness workshops for IT incident responders and senior management staff. He continuously looks forward to engaging clients, finding opportunities to ensure their cyber resilience is high, and providing his inputs from the experiences he has gained.
Bachelor of Engineering (Hons) in Information and Communications Technology (Information Security)
Singapore Institute of Technology (SIT)
CISSP, CISM, CISA, CEH
Tianne, is a determined and outstanding cybersecurity lady practitioner—a gem, way ahead of her time. After she topped the UEC, literally number 1 in that year at the national level of East Malaysia (an equivalent of GCE A-Level), she continued to pursue her passion in a niche UK degree in Forensic Computing and graduated with First-Class Honors! And imagine, over 10 years ago, when the field of cybersecurity had little or near-zero lady in penetration testing, she was utmost determined to break in.
As part of her journey, Tianne was among the pioneering batch to attain the prestigious OSCP certification and later, the advanced OSCE3 certification—remarkable achievements that underscore her expertise and dedication to mastering cybersecurity.
In addition to her technical prowess, Tianne has developed good business acumen. She is a driving force in business development at PulseSecure, helping to identify new opportunities, build client relationships, and deliver tailored cybersecurity services. Her understanding of both the technical and strategic aspects of cybersecurity allows her to bridge the gap between complex services and client needs effectively.
Before starting her career, she embraced a variety of international experiences—working holidays in New Zealand, volunteering in Australia, and backpacking across Southeast Asia. These experiences shaped her as a flexible, resilient, and adventurous leader. Tianne’s persistence, illustrated by her repeated applications to PulseSecure despite initial setbacks, ultimately led her to challenge conventions and champion diversity in a male-dominated field.
With her unique blend of technical expertise, business development skills, and an unwavering commitment to client satisfaction, Tianne is an inspirational pioneer and an outstanding model for “Women in Cybersecurity”!
Bachelor of Information Technology (Forensic Computing), First Class Hons
Staffordshire University, United Kingdom / Asia Pacific University, Malaysia
CREST CPSA, CREST CRT (Pen),
OSCE3, OSED, OSEP, OSWE,
OSCP, OSWA, OSWP, OSDA,
KLCP, GWAPT, GPEN, CEH
The name 'Wanqiang' means 10,000 strengths in Mandarin. Like his name suggests, he believes he possesses all of the strengths needed to achieve all of his goals in life.
Fresh out of school, he made his foray into the IT industry in 2008, beginning with application development. Equipped with good programming skills, Wanqiang went on to build his experience in system analysis and design as well as software testing before finding his eventual calling in IT security. As a security consultant, Wanqiang leverages off the knowledge previously accumulated to deliver cybersecurity outcomes to his clients in the wide spectrum of security work that he is now involved in. From application penetration testing and vulnerability assessment, to secure code review, system security review and audit, he is able to help clients identify the gaps in their cybersecurity defenses and find solutions that are practical in order to meet the needs of their organisations.
Outside of work, he is an Arsenal fan who looks forward to memorable travels with his family and who enjoys the simple pleasures of catching up with friends over a cup of kopi-poh- siu- dai. He hopes to have a room with an immersive sound experience that he can hole up in and treat his ears to the 80s and 90s Mandopop songs when he retires.
Master of Science (Information Systems)
Nanyang Technological University, Singapore
Bachelor of Science (Computing & Information Systems), Second-Class Upper Hons
University of London, UK
CREST CPSA, CREST CRT (Pen),
OSCP, OSEP, OSWP, OSWA,
OSWE, GWAPT, GPEN,
CISA
A lifelong learner, always eager to soak up new knowledge like a sponge, whether it's about the digital assets security or mitigating its risks. He is always up for a challenge and believes that the best way to learn is to roll up your sleeves and dive right in.
SK has over 11 years of professional experience in IT Security, serving particularly in banking and finance, airlines, logistics, retail, and government agencies. His key areas of expertise include web application penetration testing, network vulnerability assessment, mobile application penetration testing, host audit assessment, source code review, and physical security review of buildings and data centres.
Apart from his technical expertise, he is dedicated to ensuring that clear objectives and expectations are consistently communicated and maintained. His focus on effective communication and setting transparent goals complements his technical skills, ensuring that projects run smoothly and expectations are always aligned. And most importantly, keeping clients that he serviced safe and highly satisfied with his work.
Bachelor of Information Technology (Security Technology), Second-Class Upper Hons
Multimedia University, Malaysia
CREST CPSA, CREST CRT (Pen),
OSCE3, OSED, OSEP, OSWE,
OSCP, OSWA, OSWP,
KLCP, GWAPT
Jonathan Bei brings over 5 years of experience as a penetration tester to the table. Specializing in Web Application Penetration Testing, Secure Code Reviews, API Penetration Testing, and Network & Cloud Vulnerability Assessments, he’s got the expertise to probe and protect from many angles. But what really drives Jonathan is the thrill of taking things apart, figuring out how they work, and making them better—whether it’s a complex piece of code, a new gadget, or an old guitar riff.
When Jonathan isn’t hunting for vulnerabilities, he’s probably buried in some DIY electronics project or hacking together custom solutions just for fun. He’s got a knack for finding creative exploits and innovative fixes, with the same passion he brings to tinkering with tech in his downtime. That relentless curiosity shapes how he approaches cybersecurity—every challenge is a puzzle, every system a playground for exploration. With a blend of deep technical knowledge and a love for all things hands-on, Jonathan is always pushing the boundaries to see what else can be discovered, refined, or reimagined.
Bachelor’s Degree, Information Systems Technology and Design (Machine Learning & User Interface Design)
Singapore University of Technology & Design (SUTD) – Magna Cum Laude
CREST CPSA, CREST CRT (Pen),
OSCE3, OSED, OSEP, OSWE,
OSCP, OSWA, OSWP, KLCP
Prior to graduation, Jacky has achieved a notable milestone by earning the OSCE3 certification during his academic tenure, highlighting his dedication to cybersecurity. This accomplishment underscores his profound commitment to the field, which is a cornerstone of his professional identity. Jacky's passion for cybersecurity transcends career choice; it is integral to his professional ethos. He has invested significant effort in honing his skills and expanding his expertise in this dynamic domain.
Jacky is a strong advocate of lifelong learning. This philosophy drives him to continuously seek new knowledge and stay abreast of the latest industry advancements, which is crucial for remaining relevant in this rapidly evolving field. And in the journey of learning and absorbing knowledge, Jacky also actively contributes back and participates in cybersecurity community discussions to guide, share, and inspire more enthusiasts.
Beyond his professional endeavors, Jacky is committed to maintaining a healthy and active lifestyle. His dedication to fitness was notably recognized during his army service, where he was distinguished as the best in physical training among the entire cohort. This commitment to physical challenges parallels his approach to cybersecurity, where Jacky is motivated by solving complex problems and staying ahead of emerging threats.
A particularly memorable experience for Jacky was skydiving in Switzerland, an exhilarating adventure that he found both thrilling and inspiring. This experience reinforced his dedication to cybersecurity by emphasizing the excitement and challenges intrinsic to the field. Jacky's adventurous spirit reflects his broader approach to life, blending his professional pursuits with a passion for personal growth and engaging experiences.
Bachelor of Engineering in Information and Communications Technology (Information Security)
Singapore Institute of Technology (SIT)
Diploma in information technology, Nanyang Polytechnic
OSCE3, OSED, OSEP, OSWE,
OSCP, OSWA, OSWP, OSDA,
KLCP
Meet Zhi Yu, our office's very own panda lover! If there were a gold medal for the art of napping and munching, Zhi Yu would be a top contender. Much like the lovable panda, Zhi Yu embodies a perfect blend of relaxation (evident by those really heavy eyebags) and curiosity.
When he’s not channeling his inner panda, Zhi Yu is passionately diving into the world of penetration testing. His mission? To become the ultimate cybersecurity guru and a valuable asset to our team—a panda with a purpose!
Guided by the mantra, "The way to get started is to quit talking and begin doing," from the wise Walt Disney, Zhi Yu is all about transforming dreams into reality through action. He believes that talking about goals is nice, but actually working towards them is where the magic happens.
And let's not forget his epic life goal: to fill an entire wall with Iron Man collectibles and proudly showcase a human-sized Iron Man statue. Because, let’s face it, who wouldn’t want to live in a world where Iron Man is just a step away? – the same altruistic and righteous side of Zhi Yu applying to cybersecurity.
So, if you see Zhi Yu lounging around or engrossed in a new cybersecurity challenge, know that he’s just being his amazing panda self, all while gearing up to become a professional in the tech world.
Bachelor of Engineering (Hons with Merit) in Information and Communications Technology (Information Security)
Singapore Institute of Technology (SIT)
Diploma in Information Security & Forensics, Ngee Ann Polytechnic
OSCE3, OSED, OSEP,
OSCP, OSWA, OSWP,
OSWE, OSDA, CEH
When he’s not chasing down a soccer ball or smashing a shuttlecock or tennis ball, you’ll find him exploring new hiking trails or diving into crystal-clear waters. As an avid traveller, he is always looking out for the next opportunity to hike and dive.
Willie brings the same energy and determination from the fields and natures to the world of cybersecurity. His journey from IT to cybersecurity is a true testament to his never-give-up attitude.
In the early stages of his career, he held roles as a Systems and Network Engineer across the private and public sectors. Driven by a strong interest in cybersecurity, he pivoted into the field within the public sector before diving into consultancy. His hands-on experience as a Network Engineer provided him with a deep understanding of IT infrastructure, laying a solid foundation for his expertise in risk management and implementation of comprehensive security solutions for enterprise systems. He now has acquired close to 10 years of IT and cybersecurity industry experience.
Bachelor in Engineering (Electrical and Electronic Engineering) (Hons.),
Specialisation: Communications Engineering
Nanyang Technology University (NTU), Singapore
Specialist Diploma in Information Security & Forensics
Temasek Polytechnic
Diploma in Electrical and Electronic Engineering, Specialisation: Aerospace Electronics Engineering
Temasek Polytechnic
CISSP, CRISC, CEH
“You are braver than you believe, stronger than you seem, and smarter than you think,” - Keng Tiong, the “winnie the pooh” of our team, has been hibernating for years and started his life search more than 14 years back, where he started eat and sleep with security (no honey). With a determined mind, he is today our star, shining high and unleashing his fullest potential, happily enjoying and deploying his skillsets in performing security services.
As the “pooh” always does, he is supportive to team (friends), provides a crying shoulder and offers free and nice hugs.
His previous role and experience provided him with extensive knowledge in project management and secure software lifecycle. He is currently an expert in Secure Code Reviews, Web Application Penetration Testing, Application Security Reviews and Network Vulnerability Assessments and Systems Audit and Review in these amazing short years.
Master of Science (Information Systems)
Bachelor of Engineering (Computer Engineering)
Nanyang Technological University, Singapore
CREST CPSA, CREST CRT (Pen),
OSCP, OSEP, OSWE, OSWA,
CISA, OSWP, GWAPT
The objective of any assessment is to identify vulnerabilities and risks. Vulnerabilities assessments and penetration testings can be performed to identify such possible vulnerabilities or risks.
Audit and Security Review on IT infrastructure, IT policies & processes, or systems is to determine if the information systems are safeguarding assets, data integrity are intact, and operations are secure to achieve the organization's IT security goals or control objectives. We adopt guidelines from industry best practices such NIST, CERT, SANS, OWASP, OSSTMM and other leading security advisory groups for IT audit & review such as ISO/IEC, ISACA and ISC2.
We provide consultancy on general IT security general controls, system & network security, policies and processes, operations, gap analysis, risk assessment, impact analysis, applications security, secure coding and secure software lifecycle development etc. We provide and guide our clients with the adequate and yet practical security controls and defence-in-depth concepts. We also advise clients or perform compliance review and conformance to relevant standards or security requirements from various authorities or international bodies such as MAS, Government, ISO/IEC, ISACA and ISC2.
Largest provider for the public sector’s incident response exercise since 2021 with the objective to upskill organisational readiness in responding to cybersecurity incidents. We design and formulate current and impactful scenarios, curate to the local agency’s requirement with understanding of cyber threat landscape, utilising the MITRE ATT&CK, Lockheed Martin Cyber Kill Chain and Sectoral Threat Profile (STP). Exercises ranges from Table-top (TTX), Command Post (CPX), Ground Deployment (GDX) to large scale multi-agencies Crisis Management (CMX). Other services include Cyber Range to test execution of practical drills in detection, containment, remediation and recovery of the compromised systems, in concurrence with the participants’ execution of Standing Operating Procedures and Crisis Communication including mock-up press conference to prepare the organisation leaders’ response to media.
Perform gap analysis, updates or development of policies, processes & procedures, standards, practices and architecture designs, in the areas of information security or cyber security.
Red teaming is a strategy used to identify vulnerabilities and improve defences by simulating adversarial attacks against an organization’s defences, system, or processes. By acting as attackers, red teaming will challenge assumptions, uncover weaknesses, and test security measures. This approach helps organizations enhance their resilience and preparedness, by providing a realistic assessment of their ability to defend against potential threats.
End users are generally the weakest link in any organization. Security Awareness Training is required to make sure that they play a part in their organization’ IT Security. Focus group training is designed to impart in-depth security knowledge to targeted audience on specific area of interests or concerns.
Our company is CREST-approved member for penetration testing. Our consultants have performed numerous IT security assessments on many ministries and government agencies. Amongst them are projects of varying security classifications. Some nationwide infrastructure, big data security projects such as National Authentication Framework (NAF), Command and Control (C&C) systems, Smart Nation and SingPass related projects. Cyber security assessment on such projects has helped to identify and mitigated possible cyber threats and strengthen the resilience of our nation Critical Information Infrastructure (CII) including Banking and Finance, Government, Energy and Infocomm sectors.
Such services includes: System Security Audit & Review, Physical & Environmental Security Audit & Review, Policies Development & Review, Network Vulnerability Assessment and Penetration Testing, Web Application Penetration Testing, Wireless Security Assessment, Secure Architecture Review, Application Security Design Review and Security Training.
We have successfully advised these clients to attend to their weakest security link within their organization with practical advices on risks prioritization, mitigations or remediation needed.
In one particular project, our consultants uncovered an unusual phenomenon in which depite the environment being well protected by a vigilant operation team and had high standards of security practices, they have been applying patch process conscientiously and have conducted many assessments before. However, we uncovered some servers were still affected with many high-risk vulnerabilities. Our consultants were able to help the client investigate and nail down the root cause of this puzzling inconsistency. We made rectification recommendations, brief the management and improved their understanding of the problem, as well as the endorsement of necessary actions.
In some projects involving systems and databases on fund transaction where stringent security have been implemented, our consultants were still able to identify flaws or oversights that may lead to possible unauthorised access to sensitive systems or data from public internet. We have helped education institutions in uncovering and preventing attacks that may lead to exam results database alteration and deletion or leakage of test papers. We have also conducted assessments on ERP and financial systems and prevented crucial information leakage to internal and external public networks.
Our team has performed numerous IT security assessment projects for the FSI. These assessments includes Internet facing banking systems for both consumer and commercial, forex and trading systems, legacy mainframes and other back-end systems running on commercial leading platforms like BEA Weblogic, IBM Websphere, Sun iPlanet, Oracle e-Business Suite, SAS, Sibels, CRM solutions, SAP solutions, etc. We perform full 3-tiers assessment on web-app-database, and other infrastructure and architecture systems such as firewalls, authentication and single-sign-on, two-FA, network and security devices, wireless and desktop, thick client and citrix based applications, mobile banking applications etc. We have helped organizations comply with MAS TRM (Technology Risk Management) guideline and HK-MAS guideline. For the financial industry, CREST standards is important as; CREST Singapore Chapter – is established to introduce its penetration testing certifications and accreditations to Singapore - an initiative developed in collaboration by MAS, ABS and IDA.
We have successfully secured infrastructure, improved operation practices, and uncovered weakness and vulnerabilities on application and systems over these years. We have conducted audit and review, vulnerability assessment and pen-testing, and we have taken on challenges to further help them identify and mitigate new exploits and threats. We have also performed secure architecture review and secure code review to further help enhance security posture.
Our team performed airline-industry-related security assessment projects covering policies development and review, network, systems and applications penetration tests, secure architecture reviews, code and process reviews. We are familiar with airline industry ticketing, promotions, booking and membership practices. Our assessment covers Abacus system, credit-cards clearing, complex reservation processing systems and resource booking and planning systems, supply-chain system, partner’s collaboration portals for business order taking, equipment or parts replenishment, games and infotainment systems, and system wide infra and network security. Our consultants are always able to provide new angles of considerations and discuss security operation concerns and possible risk exposure to clients. Through these projects, our consultants have advised on design and implementation flaws relating to inter-systems integration problem that lead to security loop-holes, and have recommended necessary mitigations and controls on these possible abuses.
Our team has performed numerous assessments for complex large-scale networks and backbone networks with developed assessment methodologies suited to our clients’ cyber security requirements. These are repeated clients that engage our services for consecutive years. We provide advisory and investigation to large telecos, wireless providers and ISPs. We have perform security tests on telecom equipment, including satellite equipment. we have also performed both security audit and review and testing for organisation’s enterprise level Wi-Fi networks which includes capturing wireless packets, heat mapping, WEP and network passwords extraction, harvesting connections from rogue access points, man-in-the-middle attacks, attacking networks via Bluetooth or ZigBee.
Our team has serviced MNCs covering IT audit for statutory and group financial audit purposes. These audits cover IT General Controls, IT Application Controls and IT Controls relating to Financial Reporting.
We are familiar with the requirements of IT controls relating to compliance with government, ISO and SOX; and are experienced in helping internal audit function or departments perform internal self-assessments on their IT infrastructure.
We have also performed assessment for Supervisory Control and Data Acquisition Systems (SCADA) and Distribution Control Systems (DCS) and penetration testing. Our experience and expertise include review and testing of ROM-based and Programmable Logic Controllers (PLC), Remote Terminal Units (RTU), Intelligent Electrical Device (IED) and other sensors devices.
Our team help secure critical infrastructure focusing on a basic understanding and awareness of real-world threats and vulnerabilities that exist within the industrial automation and control system architectures used in most process industries and manufacturing facilities.
Our team is able to provide new insights into increasing the effectiveness of internal controls given the operation constraints and risk exposures of clients. Through these projects, our team has recommended practical solutions to system design and implementation of IT Controls relating to Financial Reporting.
Frequently, we have reported such findings to System Implementation Teams and worked with them to help ensure compliance and conformance to requirements or industry standards.
Both for mainstream government education and for commercial learning providers, our team has performed numerous security assessment, risk assessment and policy compliance, trainings and IT audits to ensure better cyber and IT security in these education environments. We have covered campus wide assessment projects and providing security risk management advisories. We have identified lapses and recommended improvement to their systems and processes. We have performed penetration testing and secure code review for education sector related projects – such as critical and sensitive score systems, scholarship and funding management systems, online elearning and assignments portals, life-long-learning systems, and educational portals with trending new media communications platform on mobile apps, creative and innovative education systems, etc. Across a spectrum of services, we work with customer to build a secure environment and provided trainings on cybersecurity, cyberhygiene, do’s and don’t, security incidents response know-how and personal data protection.
The Consultant will conduct and deliver IT Audit and Review Consultancy Services. The Consultant has to possess technical skills across multiple IT domains and consulting disciplines.
Interested candidates, please send full CV with current and expected salary via email to
#TeSA #TMCA
For applicant whom seeking a flexible work-hour and work-from-home environment.
The Consultant will conduct and deliver IT Security Consultancy Services. The Consultant has to possess technical skills across multiple security assessment and consulting disciplines.
Interested candidates, please send full CV and state your current and expected salary via email to
#TeSA #CLT
For applicant whom seeking a flexible work-hour and work-from-home environment.
The Consultant will conduct and deliver IT Security Consultancy Services. The Consultant has to possess technical skills across multiple security assessment and consulting disciplines.
Interested candidates, please send full CV with current and expected salary via email to
