Jubilian Ho - Cybersecurity Consultant

Resume

Singapore Institute of Technology / Ensign Infosecurity

Education

Bachelor of Engineering with Honours in Information Security

2020 - 2024

Singapore Institute of Technology, Singapore

Software Engineering / Secure Software Development & Programming: HTML • CSS • JS • PHP • Python • React • Flask • Bootstrap • Tailwind • C • Java • AGILE • CI/CD

Mobile Application Security: Java • Kotlin • Android Studio

RSA NetWitness (Security Information Events Management) Configurations / Setup

Enterprise Network Setup: Switches • Routers • Firewalls • Honey Pots • Web Server

Ethical Hacking / Penetration Testing: White Box • Black Box • Grey Box • Nmap • Burp Suite • Metasploit

Malware Analysis: Static Analysis • Dynamic Analysis • Reverse Engineering • IDA Pro • WinDbg • HxD • Immuniity Debugger

Digital Forensics: FTK imager • Autopsy • Volatility

Machine Learning (ML) / Artificial Intelligence (AI)

Security Governance, Risk Management & Compliance: Table Top Excercises • Business Continuity Plan (BCP) • Disaster Recovery Plan (DRP)

Highlights

Developed a IoT-Enhanced, light-weight remote assessment and proctoring tool utilizing malware approaches and techniques. Featured:

Black Hat Middle East and Africa 2022 Briefings
(Remote Assessment Proctoring using Intelligent Devices)
Black Hat Europe 2022 Arsenal
(Remote Assessment Proctoring using Intelligent Devices)
35^th IEEE International Conference on Software Engineering Education and Training
(IoT-Enhanced Remote Proctoring: A New Paradigm for Remote Assessment Integrity)
Black Hat Europe 2023 Arsenal
(Malicious NFTs)

Awarded the Terra Systems Book Prize for Integrative Team Project

Diploma in Cyber & Digital Securiy

2015 - 2018

Temasek Polytechnic, Singapore

Digital Forensics: FTK Imager • Autopsy • Hex Workshop

Secure E-Commerce Web Application Development: OWASP Top 10 Web Vulnerabilites • HTML • CSS • JS • PHP

Server Administration & Auditing: Red Hat Certified System Administrator (RHCSA)

Ethical Hacking / Penetration Testing: Metasploit • Aircrack • Airodump • Nmap • Burp Suite

Enterprise Network Setup: Switches • Routers • Firewalls • Web Server

API Developments: REST

Software Developments / Programming: C++ • Python + PHP • Java

Highlights

Class Vice Chairman for 2017 and 2018

Awarded the AkarakA Scholarship for exceptional academics performance

'O' Levels Certification

2010 - 2014

Bedok Green Secondary School, Singapore

Notable Achievements

2013 'N' Levels Top Scorer

Top Student for Normal Academic's Cohort in 2014

Co-Curricular Activities : Outdoor Adventure Club

Completed NYP Climb Run 2011 and 2012

Conquered Mt Kinabalu in 2012

Completed Milo Triathlon 2012

Attained Kayaking Personal Skills Award - 2 Stars

Attained NYAA Bronze Award

Competitions

Numen CTF 2023

Smart Contract Security CTF organized by Numen Cyber Labs

Solana Builders League - Summer 2023

Solana Blockchain Hackathon organized by Metacamp

Ranked: 3^rd Place [Renewable Energy Token]

Created a pioneering initiative leveraging the Solana Blockchain and diverse web3 libraries to mint and facilitate token transactions aimed at promoting sustainable energy.

SEETF 2023

Annual flagship event and CTF organized by Social Engineering Experts

Ranked: 41^st Place (Singapore Division)

BrainHack 2023 Cyber Defenders Discovery Camp

Annual flagship event and CTF organized by Defence Science and Technology Agency

Qualifiers: 19^th / > 500 (University Category)

Finals: 23^rd / 36 (University Category)

Critical Infrastructure Security Showdown 2023 (CISS 2023)

Critical Infrastructure Security Showdown 2023 (CISS 2023) is a premier and one-of-its-kind cyber exercise in operational technology. CISS 2023 is organized by iTrust, sponsored by the Cyber Security Agency of Singapore and co-organised with the Ministry of Defence, Singapore.

Ranked: Top 10

Operational Technology Cybersecurity Expert Panel (OTCEP) Forum CTF 2023

Organized by Schneider Electric for Cyber Security Agency of Singapore (CSA) that focused on exploitation of Operational Technologies (OT) and Industrial Control Systems (ICS).

Ranked: 6^th / > 100

The InfoSecurity Challenge 2023 (TISC 2023)

The InfoSecurity Challenge 2023 (TISC 2023) is a two-week online sequential style CTF competition organised by Centre for Strategic Infocomm Technologies (CSIT)

Ranked: 61^st / > 1000

CyberBlitz 2023

An introductory Capture The Flag (CTF) organized by SIT NOH4TS for students from Singapore Institute of Technology (SIT).

Milipol Asia-Pacific (MAP) TechXSummit (TXS) 2024 AI - Capture The Flag (AI-CTF)

Organised by HTX (Home Team Science & Technology Agency) and SANS Institute on Day 2 of TechX Summit 2024 that focused on exploitation of Advanced Technologies in Homeland Security like IoTs and AI-enabled devices such as drones, robots, and security cameras.

Ranked: 3^rd / 26

BrainHack 2024 Cyber Defenders Discovery Camp

Annual flagship event and CTF organized by Defence Science and Technology Agency

Qualifiers: 34^th (University Category)

Finals: 13^th (University Category)

Critical Infrastructure Security Showdown 2024 (CISS 2024)

Ranked: 2^nd

Professional Experience

Security Testing & Red Team (STAR Team) / Consulting

Present

Ensign Infosecurity, Singapore

Vulnerability Assessment & Penetration Testing: Web • Mobile • API • Cloud • Network • WiFi • OT • IoT • Web3

Source Code Review / Configurations Review

Solana Builders' League - Blockchain Hackathon [May 2023] (3^rd Place: Renewable Energy Tokens)

Critical Infrastructure Security Showdown 2023 (Top 10)

Ensign Open House 2023 CTF Setup

Internal Red Team & Penetration Testing Exercises, Trainings & Lab Setups

Singapore International Cyber Week (SICW 2023) - IoT Hackathon: SpiritCyber 2023

DevSecOps Integrations

Black Hat Europe Arsenal 2023: Malicious NFTs

Experience: Kali Linux • Metasploit • Nmap • Burp Suite • CVE Exploitation & Demonstrations • CTF • CTFd • Raspberry Pi • WiFi Pineapple • Rubber Ducky • Automation • Server Configurations • Python • Flask • Jython • PHP • HTML • CSS • JS • Rust • Typescript • CI/CD • GitLab • GitHub • OT • IoT • Aircrack • Airodump • Hostapd • AWS • VAPT • Elastic Search • Jupyter Notebook • Threat Hunting • Trello • AGILE • Machine Learning

Internal Web3 R&D: Local Trusted Blockchain Bridge • NFT Marketplace • Smart Contract Exploitations

National Service

2018 - 2020

9th Battalion Singapore Infantry Regiment, Singapore Armed Forces

Commanding Officer’s Personal Assistant (COPA)

Planned and arranged Commanding Officer’s personal calendar and schedule to facilitate conferences and meetings with distinguished guests

Logged minutes for meeting and conferences held in the unit to drive plan of actions for the leadership team

Took charge of the Audio Visual Systems during events including, but not limited to Parades, Presentations, Recruits' Enlistment

Unit Corporate IT Officer (UCITO) Assistant

Spearheaded projects that improved the unit’s IT systems to enhance work efficiency

Solved sophisticated technical issues escalated by staff and officers from from the unit

Liaised with UCITOs from other units to resolve technical issues and also work on various IT proejcts

Connected with representatives from National Computer Systems (NCS) for consultation to prepare for systems upgrade, assisted with various projects and ensured that service requests of them were resolved timely

Cyber Security Intern

2017 - 2018

PricewaterhouseCoopers (PwC), Singapore

Resolved escalated security incidents to ensure the safety and integrity of PwC’s internal network

Conducted security penetration testing on PwC’s internal network to improve the firm's security

Configured security settings on all internal firm users’ work phone using MobileIron as part of a pioneering project to increase internal workflow efficiency

Developed a security toolkit for PwC’s IT Helpdesk and cyber security department to quarantine viruses and deter cyber attacks

Organized and facilitated phishing campaigns and education for PwC's staffs

Tier 1 Information Security Analyst / SOC Manager

2017

Temasek Polytechnic - RSA Security Operations Centre (TP-RSA SOC), Singapore

Investigated and resolved escalated security incidents to ensure the safety and integrity of TP-RSA SOC’s internal network with RSA Archer and Security Analytics (Currently known as NetWitness)

Collaborated with teammates to conduct informative tours for valued visitors from foreign banks and enterprises at TP-RSA SOC

Developed guidelines and protocols for future interns’ reference to resolve security incidents

Mentored and supervised one batch of junior interns to manage the TP-RSA SOC and investigate advanced security incidents

Audio Visual Specialist Assistant

2017

Singapore International Cyber Week 2017 (SICW), Suntec Singapore International Convention & Exhibition Centre

Assisted with the set up of the Audio Visual Systems as well as mixing of audio at various conferences held at the SICW

Certifications

Black Hat Certified Pentester

BCPen is an ethical hacking certification offered by The SecOps Group only at Black Hat Conferences. This certification endorses an individual’s technical proficiency and in-depth understanding of penetration testing to identify and exploit vulnerabilities amongst the different domains in the ever-changing cybersecurity landscape.

Certificate Number: 8184800 / Jubilian

Offensive Security Web Expert

OSWE is an ethical hacking certification offered by Offensive Security (OffSec). Holding this certification validates a professional's mastery in exploiting front-facing web applications with white box penetration testing methodologies.

Certificate Number: OS-AWAE-36950

Offensive Security Certified Professional

OSCP is an ethical hacking certification offered by Offensive Security (OffSec). Holding this certification validates a professional's knowledge of penetration testing methodologies using tools inherent in the Kali Linux distribution.

Certificate Number: OS-101-33077

Offensive Security Wireless Professional

OSWP is an ethical hacking certification offered by Offensive Security (OffSec). Holding this certification validates a professional's knowledge of wireless network penetration testing to identify and exploit vulnerabilities in 802.11 networks.

Certificate Number: OS-BWA-11976

Burp Suite Certified Practitioner

The Burp Suite Certified Practitioner (BSCP) is an official certification program designed for web security professionals by the creators of Burp Suite. Earning the BSCP certification demonstrates a thorough understanding of web security vulnerabilities, a strategic approach to exploit them, and the expertise to use Burp Suite Professional.

Certificate Number: 523A3EC903D55842
Validity: March 2028

Certified API Security Analyst

CASA is an official certification program offered by APIsec University. Earning the CASA certification demonstrates a professional's broad API security expertise, covering API risks, threats, and best practices across the OWASP API Security Top 10 and more.

Certificate Number: 4ae2d00d-3f6d-4e7d-bd6c-2784bd4c92d4

API Security Certified Professional

ASCP is an ethical hacking certification offered by APIsec University. Earning the ASCP certification validates a professional's exceptional expertise in identifying and exploiting API vulnerabilities.

Certificate Number: 8b807100-cbaf-4fab-82c1-2725257a78ff

Red Hat Certified System Administrator

An IT professional who has earned the Red Hat Certified System Administrator (RHCSA®) is able to perform the core system administration skills required in Red Hat Enterprise Linux environments.

Certificate Number: 170-005-003
Validity: July 2020

Portfolio

Achievements & Accomplishments

ALL
CERTIFICATIONS
PROJECTS
COMPETITIONS