Resume
Singapore Institute of Technology / Ensign Infosecurity
Education
Bachelor of Engineering with Honours in Information Security
2020 - 2024
Singapore Institute of Technology, Singapore
Software Engineering / Secure Software Development & Programming: HTML • CSS • JS • PHP • Python • React • Flask • Bootstrap • Tailwind • C • Java • AGILE • CI/CD
Mobile Application Security: Java • Kotlin • Android Studio
RSA NetWitness (Security Information Events Management) Configurations / Setup
Enterprise Network Setup: Switches • Routers • Firewalls • Honey Pots • Web Server
Ethical Hacking / Penetration Testing: White Box • Black Box • Grey Box • Nmap • Burp Suite • Metasploit
Malware Analysis: Static Analysis • Dynamic Analysis • Reverse Engineering • IDA Pro • WinDbg • HxD • Immuniity Debugger
Digital Forensics: FTK imager • Autopsy • Volatility
Machine Learning (ML) / Artificial Intelligence (AI)
Security Governance, Risk Management & Compliance: Table Top Excercises • Business Continuity Plan (BCP) • Disaster Recovery Plan (DRP)
Highlights
Developed a IoT-Enhanced, light-weight remote assessment and proctoring tool utilizing malware approaches and techniques. Featured:
- Black Hat Middle East and Africa 2022 Briefings
(Remote Assessment Proctoring using Intelligent Devices) - Black Hat Europe 2022 Arsenal
(Remote Assessment Proctoring using Intelligent Devices) - 35th IEEE International Conference on Software Engineering Education and Training
(IoT-Enhanced Remote Proctoring: A New Paradigm for Remote Assessment Integrity) - Black Hat Europe 2023 Arsenal
(Malicious NFTs)
Awarded the Terra Systems Book Prize for Integrative Team Project
Diploma in Cyber & Digital Securiy
2015 - 2018
Temasek Polytechnic, Singapore
Digital Forensics: FTK Imager • Autopsy • Hex Workshop
Secure E-Commerce Web Application Development: OWASP Top 10 Web Vulnerabilites • HTML • CSS • JS • PHP
Server Administration & Auditing: Red Hat Certified System Administrator (RHCSA)
Ethical Hacking / Penetration Testing: Metasploit • Aircrack • Airodump • Nmap • Burp Suite
Enterprise Network Setup: Switches • Routers • Firewalls • Web Server
API Developments: REST
Software Developments / Programming: C++ • Python + PHP • Java
Highlights
Class Vice Chairman for 2017 and 2018
Awarded the AkarakA Scholarship for exceptional academics performance
'O' Levels Certification
2010 - 2014
Bedok Green Secondary School, Singapore
Notable Achievements
2013 'N' Levels Top Scorer
Top Student for Normal Academic's Cohort in 2014
Co-Curricular Activities : Outdoor Adventure Club
Completed NYP Climb Run 2011 and 2012
Conquered Mt Kinabalu in 2012
Completed Milo Triathlon 2012
Attained Kayaking Personal Skills Award - 2 Stars
Attained NYAA Bronze Award
Competitions
Numen CTF 2023
Smart Contract Security CTF organized by Numen Cyber Labs
Solana Builders League - Summer 2023
Solana Blockchain Hackathon organized by Metacamp
Ranked: 3rd Place [Renewable Energy Token]
Created a pioneering initiative leveraging the Solana Blockchain and diverse web3 libraries to mint and facilitate token transactions aimed at promoting sustainable energy.
SEETF 2023
Annual flagship event and CTF organized by Social Engineering Experts
Ranked: 41st Place (Singapore Division)
BrainHack 2023 Cyber Defenders Discovery Camp
Annual flagship event and CTF organized by Defence Science and Technology Agency
Qualifiers: 19th / > 500 (University Category)
Finals: 23rd / 36 (University Category)
Critical Infrastructure Security Showdown 2023 (CISS 2023)
Critical Infrastructure Security Showdown 2023 (CISS 2023) is a premier and one-of-its-kind cyber exercise in operational technology. CISS 2023 is organized by iTrust, sponsored by the Cyber Security Agency of Singapore and co-organised with the Ministry of Defence, Singapore.
Ranked: Top 10
Operational Technology Cybersecurity Expert Panel (OTCEP) Forum CTF 2023
Organized by Schneider Electric for Cyber Security Agency of Singapore (CSA) that focused on exploitation of Operational Technologies (OT) and Industrial Control Systems (ICS).
Ranked: 6th / > 100
The InfoSecurity Challenge 2023 (TISC 2023)
The InfoSecurity Challenge 2023 (TISC 2023) is a two-week online sequential style CTF competition organised by Centre for Strategic Infocomm Technologies (CSIT)
Ranked: 61st / > 1000
CyberBlitz 2023
An introductory Capture The Flag (CTF) organized by SIT NOH4TS for students from Singapore Institute of Technology (SIT).
Milipol Asia-Pacific (MAP) TechXSummit (TXS) 2024 AI - Capture The Flag (AI-CTF)
Organised by HTX (Home Team Science & Technology Agency) and SANS Institute on Day 2 of TechX Summit 2024 that focused on exploitation of Advanced Technologies in Homeland Security like IoTs and AI-enabled devices such as drones, robots, and security cameras.
Ranked: 3rd / 26
Professional Experience
Security Testing & Red Team (STAR Team) / Consulting
Present
Ensign Infosecurity, Singapore
Vulnerability Assessment & Penetration Testing: Web • Mobile • API • Cloud • Network • WiFi • OT • IoT • Web3
Source Code Review / Configurations Review
Solana Builders' League - Blockchain Hackathon [May 2023] (3rd Place: Renewable Energy Tokens)
Critical Infrastructure Security Showdown 2023 (Top 10)
Ensign Open House 2023 CTF Setup
Internal Red Team & Penetration Testing Exercises, Trainings & Lab Setups
Singapore International Cyber Week (SICW 2023) - IoT Hackathon: SpiritCyber 2023
DevSecOps Integrations
Black Hat Europe Arsenal 2023: Malicious NFTs
Experience: Kali Linux • Metasploit • Nmap • Burp Suite • CVE Exploitation & Demonstrations • CTF • CTFd • Raspberry Pi • WiFi Pineapple • Rubber Ducky • Automation • Server Configurations • Python • Flask • Jython • PHP • HTML • CSS • JS • Rust • Typescript • CI/CD • GitLab • GitHub • OT • IoT • Aircrack • Airodump • Hostapd • AWS • VAPT • Elastic Search • Jupyter Notebook • Threat Hunting • Trello • AGILE • Machine Learning
Internal Web3 R&D: Local Trusted Blockchain Bridge • NFT Marketplace • Smart Contract Exploitations
National Service
2018 - 2020
9th Battalion Singapore Infantry Regiment, Singapore Armed Forces
Commanding Officer’s Personal Assistant (COPA)
Planned and arranged Commanding Officer’s personal calendar and schedule to facilitate conferences and meetings with distinguished guests
Logged minutes for meeting and conferences held in the unit to drive plan of actions for the leadership team
Took charge of the Audio Visual Systems during events including, but not limited to Parades, Presentations, Recruits' Enlistment
Unit Corporate IT Officer (UCITO) Assistant
Spearheaded projects that improved the unit’s IT systems to enhance work efficiency
Solved sophisticated technical issues escalated by staff and officers from from the unit
Liaised with UCITOs from other units to resolve technical issues and also work on various IT proejcts
Connected with representatives from National Computer Systems (NCS) for consultation to prepare for systems upgrade, assisted with various projects and ensured that service requests of them were resolved timely
Cyber Security Intern
2017 - 2018
PricewaterhouseCoopers (PwC), Singapore
Resolved escalated security incidents to ensure the safety and integrity of PwC’s internal network
Conducted security penetration testing on PwC’s internal network to improve the firm's security
Configured security settings on all internal firm users’ work phone using MobileIron as part of a pioneering project to increase internal workflow efficiency
Developed a security toolkit for PwC’s IT Helpdesk and cyber security department to quarantine viruses and deter cyber attacks
Organized and facilitated phishing campaigns and education for PwC's staffs
Tier 1 Information Security Analyst / SOC Manager
2017
Temasek Polytechnic - RSA Security Operations Centre (TP-RSA SOC), Singapore
Investigated and resolved escalated security incidents to ensure the safety and integrity of TP-RSA SOC’s internal network with RSA Archer and Security Analytics (Currently known as NetWitness)
Collaborated with teammates to conduct informative tours for valued visitors from foreign banks and enterprises at TP-RSA SOC
Developed guidelines and protocols for future interns’ reference to resolve security incidents
Mentored and supervised one batch of junior interns to manage the TP-RSA SOC and investigate advanced security incidents
Audio Visual Specialist Assistant
2017
Singapore International Cyber Week 2017 (SICW), Suntec Singapore International Convention & Exhibition Centre
Assisted with the set up of the Audio Visual Systems as well as mixing of audio at various conferences held at the SICW
Certifications
Black Hat Certified Pentester
BCPen is an ethical hacking certification offered by The SecOps Group only at Black Hat Conferences. This certification endorses an individual’s technical proficiency and in-depth understanding of penetration testing to identify and exploit vulnerabilities amongst the different domains in the ever-changing cybersecurity landscape.
- Certificate Number: 8184800 / Jubilian
Offensive Security Web Expert
OSWE is an ethical hacking certification offered by Offensive Security (OffSec). Holding this certification validates a professional's mastery in exploiting front-facing web applications with white box penetration testing methodologies.
- Certificate Number: OS-AWAE-36950
Offensive Security Certified Professional
OSCP is an ethical hacking certification offered by Offensive Security (OffSec). Holding this certification validates a professional's knowledge of penetration testing methodologies using tools inherent in the Kali Linux distribution.
- Certificate Number: OS-101-33077
Offensive Security Wireless Professional
OSWP is an ethical hacking certification offered by Offensive Security (OffSec). Holding this certification validates a professional's knowledge of wireless network penetration testing to identify and exploit vulnerabilities in 802.11 networks.
- Certificate Number: OS-BWA-11976
Burp Suite Certified Practitioner
The Burp Suite Certified Practitioner (BSCP) is an official certification program designed for web security professionals by the creators of Burp Suite. Earning the BSCP certification demonstrates a thorough understanding of web security vulnerabilities, a strategic approach to exploit them, and the expertise to use Burp Suite Professional.
- Certificate Number: 523A3EC903D55842
- Validity: March 2028
Certified API Security Analyst
CASA is an official certification program offered by APIsec University. Earning the CASA certification demonstrates a professional's broad API security expertise, covering API risks, threats, and best practices across the OWASP API Security Top 10 and more.
- Certificate Number: 4ae2d00d-3f6d-4e7d-bd6c-2784bd4c92d4
API Security Certified Professional
ASCP is an ethical hacking certification offered by APIsec University. Earning the ASCP certification validates a professional's exceptional expertise in identifying and exploiting API vulnerabilities.
- Certificate Number: 8b807100-cbaf-4fab-82c1-2725257a78ff
Red Hat Certified System Administrator
An IT professional who has earned the Red Hat Certified System Administrator (RHCSA®) is able to perform the core system administration skills required in Red Hat Enterprise Linux environments.
- Certificate Number: 170-005-003
- Validity: July 2020
Portfolio
Achievements & Accomplishments
- ALL
- CERTIFICATIONS
- PROJECTS
- COMPETITIONS
Numen Cyber Smart Contract Security CTF
Competition
Singapore International Cyber Week (SICW 2023) - IoT Hackathon: SpiritCyber 2023
Competition
Web Application & Automation with ProPresenter APIs
Project
CyberBlitz 2023 Challenge Creation
Project
Cheat Detection Web Application with GameSense / Skeet.cc
Project
