Experience

Senior Manager, Cyber Operations at Bitdefender APAC, Apr 2021 – Present

Responsible for managing all offensive security consultants in Singapore

Performed over 100 technical assessments on websites, mobile applications, thick clients, source code, architecture and processes for clients in energy, investment, banking, financial services, fintech & government industries
Managed ten member team providing security testing services, with three direct reports
Provide direction on development of technical capability in service at the regional level across teams
Drive offering new variations of services and/or existing services in new regions
Work across multiple teams (e.g. legal, marketing) to refine and develop processes to meet SOC2 audit requirements

Senior CyberSecurity Specialist at GovTech, June 2019 – Mar 2021

Responsible for Triage operations for Bug Bounty and Vulnerability disclosure

Performed vulnerability triage and cross-agency support within required metrics (for reproducibility, CVSS score assessment, etc.)
Managed multiple cross-organizational teams, with direct oversight of a base team of 3 people (up to 14 when augmented)
Provide insight on results of vulnerability disclosure program, such as management updates and security advisories

Senior Manager (Application Security & Testing) at Lazada, July 2017 – June 2019

Responsible for providing security testing of Lazada systems

Performed web & mobile penetration testing and network vulnerability scans for Lazada, its subsidiaries and its clients
Responded & Triaged alerts from Bug Bounty Program within SLAs
Develop and deliver training to staff regarding security testing
Manage testing processes (e.g. procedure documents, scheduling) for junior testers

Lead Consultant at NCS, March 2015 – June 2017

Responsible for providing assessment of information security of client and internal systems

Performed web and mobile penetration testing for clients in industries such as Real Estate and Government
Performed Network Architecture Review with reference to SANS CIS Critical Security Controls
Led interns to develop automation for Windows configuration extraction and analysis
Deliver security guidance to regional clients on vendor security risk based on Partner’s sinkhole sampling
Experienced in security tools such as HP WebInspect, Core Impact, Metasploit, Nessus and Burp Suite.

Senior Associate at KPMG, November 2012 – March 2015

Responsible for providing technical assessment of information security of client systems

Led and performed annual penetration test for internet facing system for Singapore bank per MAS guidelines
Developed secure coding guidelines for local bank
Led and developed OS hardening baselines for US retail chain on systems such as Linux, VMWare and POSReady
Presented at a company security conference on rapid first level security testing for Android applications
Provided advice to improve IT security of local retail chain in areas such as patch management, network and wireless security
Reported vulnerability to vendor of a content management system (CVE-2014-2729)
Reported authorization control bypass flaw to POS vendor (CVE-2015-2210)

Software Engineer at ST Electronics (Info-software Systems), May 2010- Nov 2012

Responsible for software development for clients

Identified vulnerabilities through automated security scans as a subsystem lead using Parasoft Jtest
Produced monitoring and control solution for suspected malware using Powershell CLI, C# and VMWare Development APIs

Certificates

Bachelor of Computing in Electronic Commerce (Hons.), National University of Singapore, 2010

GIAC Open Source Intelligence (GOSI), Global Information Assurance Certification, July 2024
Certified Threat Modeling Professional (CTMP), Practical DevSecOps, Feb 2024
OffSec Web Expert (OSWE), OffSec, Aug 2023
Certified Cloud Security Professional (CCSP), (ISC)², Dec 2022
Amazon Web Services Solutions Architect Associate, AWS, May 2022
GIAC Cloud Penetration Tester, Global Information Assurance Certification, November 2021
CREST Registered Penetration Tester (CRT), CREST, June 2021-May 2024
OffSec Certified Professional (OSCP), OffSec, Jan 2021
GIAC Certified Web Application Defender (GWEB), Global Information Assurance Certification, November 2020
Hanyu Shuiping Kaoshi (HSK) Level 5, Hanban, 2020
GIAC Penetration Tester (GPEN), Global Information Assurance Certification,2019
GIAC Mobile Device Security Analyst (GMOB), Global Information Assurance Certification,2019
Comptia Pentest+, Comptia, 2018-2021
CREST Practitioner Security Analyst, CREST, 2017-2024
Certified Information Systems Security Professional (CISSP), (ISC)², 2016
Qualified Information Security Professional, Association of Information Security Professionals, 2011
Certified Ethical Hacker, EC-Council,2012-2018
Oracle Certified Professional Java Programmer, Oracle, 2011
SAP Certified Business Associate in SAP ERP 6.0, SAP AG, 2010