A member of CREST with a pool of CREST and OSCP certified security pentesters. Unparalleled skills, services and commitment in how we serve our customers coupled with our breadth of experience and knowledge enables us to better securing customers’ environment.
Over 10 years of vast experience in providing IT and cyber security services to government, including servicing in various industry sectors such as financial and banking, telecommunications, ecommerce, healthcare, high-tech manufacturing, travel and aviation, media publishing and advertising, fintech, cloud, energy, insurance, and education.
Forefront experience and exceptional knowledge in web applications security and secure coding, enable us to develop capabilities and help many customers to enhance their overall application security through application self-defence and better management of secure software development life cycle.
Practical Security – we are committed to provide practical security recommendations and yet inline with industry best practices to our customers to achieve operational balance and meeting their IT security needs.
Service Excellency – it is in us to deliver projects with efficiency, quality and with utmost customer satisfaction.
Nurture and Contribute - as part of the local cyber security commmunity and a social enterprise, we are here to nurture talents and build a workforce that is professional and contributes back to the society.
Consecutively 5th time awarded as provider to perform IT Security Services to Government Ministries, Statutory Boards and Agencies
Consecutively 4th time awarded as provider to perform IT Security Services to Government Ministries, Statutory Boards and Agencies
CREST Membership
Consecutively 3rd time awarded as provider to perform IT Security Services to Government Ministries, Statutory Boards and Agencies
Re-awarded as provider to perform IT Security Services to Government Ministries, Statutory Boards and Agencies
Invited Guest Speaker in Cisco Security TechByte Seminar
Founded.
Exclusive partner in consortium to perform IT Security Services to Government Ministries, Statutory Boards and Agencies
RV, a true practitioner of management-by-objective and a pragmatic leader that leads by example, with a proven record in IT security industry. An active participant in ironman and 100km marathon he demonstrates and promotes extreme sports mindsets - persistence, discipline and decisiveness – he inculcates and inspires the team to constantly strive for the next height. Being a Founding Partner and member of the core management, he constantly contributes and delivers organic growth of the company resources, revenues and profits. He has created and executed strings of strategic plans to position the company as the leader in security industry. All these come with 28 years of extensive experience, strong knowledge and with sharp instincts, and determination to success.
Bachelor of Applied Science (Computer Engineering)
Nanyang Technology University (NTU), Singapore
CISSP, CISA, CISM, PCI QPASA, PCI QSA, FSA, CCSE, CCNP, CCDP, MCT, MCSE+I
Managing & Founding Partner – Kenny is an entrepreneur and keen leader in motivating his team to breakthrough and bring out their best performances. He is responsible for setting vision and business strategies for the company, he builds and goals the team for innovation and excellence. Kenny has a total of 28 years of IT experience with over 25 years in working in management and start-ups. He has 17 years of experience in security operations, over 8 years in security products and R&D innovation as a co-founder for security product startups, and near 20 years in IT security consultancy services. Being a qualified CISSP, Kenny has experience in both security implementation and consultancy. He plays an active role in IT security solution architecting, quality control and cyber security advisory in key projects.
Bachelor of Applied Science (Computer Engineering)
Nanyang Technology University (NTU), Singapore
CISSP
Sean is a talent, and he attracts talents. He is a keen learner, constantly stay abreast with security technologies and trends. He is sharp and critical on assessments. As a naturally leader, he takes good care of team resources and needs, and hence earns high respect from all. His service attitude is superb and hence is always utmost customer orientated. Sean has over 22 years of experience in IT industry, with good foundation in IT infrastructure including systems, networks and security. A member of core management, Sean is responsible for nurturing resources and talent development for the company. He is also accountable for delivery assurances and consultancy technical and practice management.
Bachelor’s Degree in IT major in Data-Comm
Western Sydney University (UWS), Australia
CISSP, CISA, CRISC, CCNA
Howie is a persistent beacon. He grants daily ‘good morning’ inspiration notes and encouragements to kickstart and light up everyone’s day without fail. In group marathon, he played a ‘pacer’ role to gear, train and drive the team; and in daily life, for over two decades, he drives industry professionalism and excellency by inspired, encouraged and guided, or even ‘paced’ many peers and juniors relentlessly on their paths to CISA, CISSP, and other security professional certifications. He earns industry respect from many as he shared work-life experiences, while concurrently never short of stories and ideas to link and inject lively experiences to dry topics or works. He has more than 20 years of experience in the IT industry, with expertise in IT systems areas of architecture, networks, applications and security. He started his career as an IT Developer, then moved on to IT Security (Governance & Operations) in the public sector before landing on consultancy services. He is a practitioner in operationalising IT policies such as IM8 and ISO.
He designed and managed IT security outreach programmes, which includes Cyber Range training, Security Incident Response exercises, awareness training of staff to organisation management executives and carried out phishing test to assess the level of staff awareness.
He is an avid sports enthusiast with a particular passion for badminton, jogging, swimming, and cycling. He enjoys traveling and exploring new places, as well as learning foreign languages to broaden his understanding of different cultures and perspectives.
Bachelor of Applied Science (Computer Engineering)
Nanyang Technology University (NTU), Singapore
Specialist Diploma in Cybersecurity
Nanyang Polytechnic
CISSP, CISA, CISM, CGEIT, CRISC, CDPSE, ACLP
An admirer of the Japanese culture, Zhi Hao is deeply influence by their work ethics and mindset. He replicates many good and valuable elements of the Japanese culture in his work, especially in ensuring customer satisfaction, taking pride in their work, professionalism and the drive to perfect their craft.
He is also a strong believer in Kaizen, or continuous improvement of oneself. He has a strong passion in constantly pursuing new knowledge, and improving on current skillset. Kaizen also means constantly taking in feedback, not just from colleagues, but also from customers, improving on the services rendered.
Zhi Hao has coming to 18 years of experience in the IT industry. Started out with low level programming, and writing system code, he has built up extensive knowledge in IT system security. Through the course of his work, Zhi Hao has been in involved in code reviews, application design and database design in IT systems. He is also able to create good rapport with customers, and very patient in helping customers secure their systems.
Master of Science (Information Systems)
Bachelor of Engineering (Computer Engineering)
Nanyang Technological University, Singapore
CREST CRT/CPSA, OSCP, CISSP, CISA, GWAPT
Charles has strong charisma and is always able to establish rapport with customers. He is passionate on IT Security, ever since discovering the myriad ways which one can make cause system to behave in manners it was not designed for. His natural curiosity drives many of his pursuits, and leans itself well in this exciting field of IT Security. He possesses strong project management skill and is able to handle demanding projects. Customers are left with a strong and positive impression upon completion, often citing his ability to be sensitive to their needs, and meet project objectives within challenging timelines.
He has over 16 years in IT industry, with good foundation in application related security. His previous role and work provided him extensive experience in Web Application Development, Software Development Life Cycle, Secure Code Review, Web Application Penetration Testing and course trainer for Secure Coding.
Bachelor in Engineering (Computer Engineering) Honours
Nanyang Technological University (NTU), Singapore
CREST CRT/CPSA, OSCP, CISSP, GWAPT, GPEN, CEH
Anyone who knows Ching Xiao Ting, knows they are dealing with reliability and great trust. She is responsible and sensible, and will always radiate with cheerful and positive energy. Xiao Ting has over 12 years of working experience in Information Technology (IT) Audit and Audit Assurance in various industries including government entities spanning across Singapore, Malaysia, China and United States. Her key area of expertise includes IT Risk and Security Assessment, Host Review and Business Processes Review. She is also well-versed in Sarbanes Oxley Act (SOX), Monetary Authority of Singapore (MAS) and IM8 process audit review.
She spearheaded the set-up of an IT Audit function for a multinational company and exercised whistleblowing to investigate wrongdoings, prior to joining PulseSecure. She is well respect for training hundreds of IT Auditors for the industry, and leading an army of them for successful execution of complex widescale project in government space.
Xiao Ting is passionate about her work and always go extra miles to meet client requirements and expectations. She enjoys coaching and always believe knowledge sharing helps her connect, perform better, and become stronger as professionals.
Bachelor of Accountancy Information System (Hons.)
Universiti Utara Malaysia
Specialist Diploma in Cloud Security
CISA, CISM
Yansen, the “Doraemon” of the team, a quiet and yet high achiever that never stop to astonish clients with his extensive knowledge and service deliverables. He is always listening and analysing, paying attention to details, resourceful and creative in assignments. With more than 16 years in IT industry and robust fundamental on wide areas of work including web application, system and network security, he is able to perform various spectrums of security services. These include security architecture review, system and network reviews and testing, down to developing deepskill in forensics, wireless, zero day exploits, mobile device, OT/IoT and SCADA security assessment.
We can always count on Yansen as if he possesses a 4-dimensional pocket, like Doraemon, from which he can acquire various kinds of futuristic tools, gadgets, and playthings from a future department store. Despite his popularity and intelligent, he is shy, quiet and humble.
Master of Information Technology (Networking), James Cook University (JCU) Singapore
Bachelor of Computer Science, Bina Nusantara University
CREST CRT/CPSA, OSCE3, OSED, OSEP, OSWE,
OSCP, OSWA, OSWP, OSDA, BSCP, GWAPT
A security fanatic at work - Liew, a curious character is often obsessed with new developments and technologies (and at times in pursuit of bleeding edge technology). His perseverance has earned him a deep understanding on various industry solutions, their technology applications and usages. This is where he further applied his ability and curiosity to uncover obscure security weaknesses on these implementations. Cumulating these experiences and project exposures, Liew is now even more thrilled and confident to take on any technically demanding assignments, and is determined to deliver them with utmost quality. He is fun, innovative, and is always electrify on new ventures.
Bachelor of Information Technology (Security Technology), First Class Hons
Multimedia University, Malaysia
CREST CRT/CPSA, OSCP, OSWE,
OSWA, OSWP, GWAPT, GPEN,
GIAC Advisory Board Member
Thinesh entered the IT industry after a long stint in the Ministry of Defence as an Intelligence specialist. There he gained his desire for cyber and digital defence and always being prepared for adverse situation. Amidst various appointments that included defence relations, research and collection, he also held an appointment in managing Information Systems for the Army. Eventually, he decided to move into the private sector to explore new grounds while maintaining his desire for defence. He transited to PulseSecure and started translating his vast knowledge from the Ministry of Defence to cybersecurity.
Thinesh loves to travel and has visited up to 21 countries and counting. This passion of his, keeps him moving, seeking adrenaline and peaks his interest of understanding the countries’ culture. With that experience, he always comes back to translate them into learning experiences for himself and the portfolio he manages at work.
In PulseSecure, Thinesh maintains his physical fitness and upholds high pride of a soldier – never losing touch of his readiness from his intense combat leadership training - he drives incident response preparedness of our clients, evaluates, and assesses incident management and response process and readiness, as well as conduct incident management exercise planning and facilitation. On top of that, he manages projects that involve risk assessment, review of IT security and controls, and conducts several IT security awareness workshops for IT incident responders and senior management staff. He continuously looks forward to engaging clients, finding opportunities to ensure their cyber resilience is high, and provide his inputs from the experiences he has gained.
Bachelor of Engineering (Hons) in Information and Communications Technology (Information Security)
Singapore Institute of Technology (SIT)
CISSP, CISM, CISA, CEH
Tianne, is a determine and outstanding cybersecurity lady practitioner - a gem, way ahead of her time. After she topped the UEC, literally number 1 in that year national level of East Malaysia (an equivalent of GCE A-Level), she continued to pursuit her passion in niche UK degree on Forensic Computing and graduated with a First Class Honors! And imagine, over 10 years ago, when the field of Cybersecurity had little or near zero lady in penetration testing, she was utmost determined to break in.
Before starting her career, she has done working holiday in New Zealand, doing volunteer work in Australia and backpacking around South East Asia. With this experience, it enables her to break the mold of “normal”. Persistently, she repeatedly sent her CV to PulseSecure. Despite several ‘rejection and ignoring’, she was still determined and challenged the hiring manager to try her out – defying all norms in a field that mostly dominated by male counterparts.
Flexible, resilient, courageous, open-minded, and adventurous, these are the positive values she possesses which aid in meeting project objectives and putting customer service and satisfaction with great priority. Tianne, with her positive character, fostered passion, exceptional working attitude will always shine bright as a pioneer and leading model of “Women in Cybersecurity”!
Bachelor of Information Technology (Forensic Computing), First Class Hons
Staffordshire University, United Kingdom / Asia Pacific University, Malaysia
CREST CRT/CPSA, OSWE, OSCP, OSWA, OSWP, GPEN, GWAPT, CEH
“You are braver than you believe, stronger than you seem, and smarter than you think,” - Keng Tiong, the “winnie the pooh” of our team, has been hibernating for years and started his life search more than 12 years back, where he started eat and sleep with security (no honey). With a determined mind, he is today our star, shining high and unleashing his fullest potential, happily enjoying and deploying his skillsets in performing security services.
As the “pooh” always does, he is supportive to team (friends), provides a crying shoulder and offers free and nice hugs.
His previous role and experience provided him with extensive knowledge in project management and secure software lifecycle. He is currently an expert in Secure Code Reviews, Web Application Penetration Testing, Application Security Reviews and Network Vulnerability Assessments and Systems Audit and Review in these amazing short years.
Master of Science (Information Systems)
Bachelor of Engineering (Computer Engineering)
Nanyang Technological University, Singapore
CREST CRT/CPSA, OSCP, GWAPT
Audit and Security Review on IT infrastructure, IT policies & processes, or systems is to determine if the information systems are safeguarding assets, data integrity are intact, and operations are secure to achieve the organization's IT security goals or control objectives. We adopt guidelines from industry best practices such NIST, CERT, SANS, OWASP, OSSTMM and other leading security advisory groups for IT audit & review such as ISO/IEC, ISACA and ISC2.
We provide consultancy on general IT security general controls, system & network security, policies and processes, operations, gap analysis, risk assessment, impact analysis, applications security, secure coding and secure software lifecycle development etc. We provide and guide our clients with the adequate and yet practical security controls and defence-in-depth concepts. We also advise clients or perform compliance review and conformance to relevant standards or security requirements from various authorities or international bodies such as MAS, Government, ISO/IEC, ISACA and ISC2.
The objective of any assessment is to identify vulnerabilities and risks. Vulnerabilities assessments and penetration testings can be performed to identify such possible vulnerabilities or risks.
Perform gap analysis, updates or development of policies, processes & procedures, standards, practices and architecture designs, in the areas of information security or cyber security.
End users are generally the weakest link in any organization. Security Awareness Training is required to make sure that they play a part in their organization’ IT Security. Focus group training is designed to impart in-depth security knowledge to targeted audience on specific area of interests or concerns.
Our company is CREST-approved member for penetration testing. Our consultants have performed numerous IT security assessments on many ministries and government agencies. Amongst them are projects of varying security classifications. Some nationwide infrastructure, big data security projects such as National Authentication Framework (NAF), Command and Control (C&C) systems, Smart Nation and SingPass related projects. Cyber security assessment on such projects has helped to identify and mitigated possible cyber threats and strengthen the resilience of our nation Critical Information Infrastructure (CII) including Banking and Finance, Government, Energy and Infocomm sectors.
Such services includes: System Security Audit & Review, Physical & Environmental Security Audit & Review, Policies Development & Review, Network Vulnerability Assessment and Penetration Testing, Web Application Penetration Testing, Wireless Security Assessment, Secure Architecture Review, Application Security Design Review and Security Training.
We have successfully advised these clients to attend to their weakest security link within their organization with practical advices on risks prioritization, mitigations or remediation needed.
In one particular project, our consultants uncovered an unusual phenomenon in which depite the environment being well protected by a vigilant operation team and had high standards of security practices, they have been applying patch process conscientiously and have conducted many assessments before. However, we uncovered some servers were still affected with many high-risk vulnerabilities. Our consultants were able to help the client investigate and nail down the root cause of this puzzling inconsistency. We made rectification recommendations, brief the management and improved their understanding of the problem, as well as the endorsement of necessary actions.
In some projects involving systems and databases on fund transaction where stringent security have been implemented, our consultants were still able to identify flaws or oversights that may lead to possible unauthorised access to sensitive systems or data from public internet. We have helped education institutions in uncovering and preventing attacks that may lead to exam results database alteration and deletion or leakage of test papers. We have also conducted assessments on ERP and financial systems and prevented crucial information leakage to internal and external public networks.
Our team has performed numerous IT security assessment projects for the FSI. These assessments includes Internet facing banking systems for both consumer and commercial, forex and trading systems, legacy mainframes and other back-end systems running on commercial leading platforms like BEA Weblogic, IBM Websphere, Sun iPlanet, Oracle e-Business Suite, SAS, Sibels, CRM solutions, SAP solutions, etc. We perform full 3-tiers assessment on web-app-database, and other infrastructure and architecture systems such as firewalls, authentication and single-sign-on, two-FA, network and security devices, wireless and desktop, thick client and citrix based applications, mobile banking applications etc. We have helped organizations comply with MAS TRM (Technology Risk Management) guideline and HK-MAS guideline. For the financial industry, CREST standards is important as; CREST Singapore Chapter – is established to introduce its penetration testing certifications and accreditations to Singapore - an initiative developed in collaboration by MAS, ABS and IDA.
We have successfully secured infrastructure, improved operation practices, and uncovered weakness and vulnerabilities on application and systems over these years. We have conducted audit and review, vulnerability assessment and pen-testing, and we have taken on challenges to further help them identify and mitigate new exploits and threats. We have also performed secure architecture review and secure code review to further help enhance security posture.
Our team performed airline-industry-related security assessment projects covering policies development and review, network, systems and applications penetration tests, secure architecture reviews, code and process reviews. We are familiar with airline industry ticketing, promotions, booking and membership practices. Our assessment covers Abacus system, credit-cards clearing, complex reservation processing systems and resource booking and planning systems, supply-chain system, partner’s collaboration portals for business order taking, equipment or parts replenishment, games and infotainment systems, and system wide infra and network security. Our consultants are always able to provide new angles of considerations and discuss security operation concerns and possible risk exposure to clients. Through these projects, our consultants have advised on design and implementation flaws relating to inter-systems integration problem that lead to security loop-holes, and have recommended necessary mitigations and controls on these possible abuses.
Our team has performed numerous assessments for complex large-scale networks and backbone networks with developed assessment methodologies suited to our clients’ cyber security requirements. These are repeated clients that engage our services for consecutive years. We provide advisory and investigation to large telecos, wireless providers and ISPs. We have perform security tests on telecom equipment, including satellite equipment. we have also performed both security audit and review and testing for organisation’s enterprise level Wi-Fi networks which includes capturing wireless packets, heat mapping, WEP and network passwords extraction, harvesting connections from rogue access points, man-in-the-middle attacks, attacking networks via Bluetooth or ZigBee.
Our team has serviced MNCs covering IT audit for statutory and group financial audit purposes. These audits cover IT General Controls, IT Application Controls and IT Controls relating to Financial Reporting.
We are familiar with the requirements of IT controls relating to compliance with government, ISO and SOX; and are experienced in helping internal audit function or departments perform internal self-assessments on their IT infrastructure.
We have also performed assessment for Supervisory Control and Data Acquisition Systems (SCADA) and Distribution Control Systems (DCS) and penetration testing. Our experience and expertise include review and testing of ROM-based and Programmable Logic Controllers (PLC), Remote Terminal Units (RTU), Intelligent Electrical Device (IED) and other sensors devices.
Our team help secure critical infrastructure focusing on a basic understanding and awareness of real-world threats and vulnerabilities that exist within the industrial automation and control system architectures used in most process industries and manufacturing facilities.
Our team is able to provide new insights into increasing the effectiveness of internal controls given the operation constraints and risk exposures of clients. Through these projects, our team has recommended practical solutions to system design and implementation of IT Controls relating to Financial Reporting.
Frequently, we have reported such findings to System Implementation Teams and worked with them to help ensure compliance and conformance to requirements or industry standards.
Both for mainstream government education and for commercial learning providers, our team has performed numerous security assessment, risk assessment and policy compliance, trainings and IT audits to ensure better cyber and IT security in these education environments. We have covered campus wide assessment projects and providing security risk management advisories. We have identified lapses and recommended improvement to their systems and processes. We have performed penetration testing and secure code review for education sector related projects – such as critical and sensitive score systems, scholarship and funding management systems, online elearning and assignments portals, life-long-learning systems, and educational portals with trending new media communications platform on mobile apps, creative and innovative education systems, etc. Across a spectrum of services, we work with customer to build a secure environment and provided trainings on cybersecurity, cyberhygiene, do’s and don’t, security incidents response know-how and personal data protection.
The Consultant will conduct and deliver IT Audit and Review Consultancy Services. The Consultant has to possess technical skills across multiple IT domains and consulting disciplines.
Interested candidates, please send full CV with current and expected salary via email to
#TeSA #TMCA
For applicant whom seeking a flexible work-hour and work-from-home environment.
The Consultant will conduct and deliver IT Security Consultancy Services. The Consultant has to possess technical skills across multiple security assessment and consulting disciplines.
Interested candidates, please send full CV and state your current and expected salary via email to
#TeSA #CLT
Interested candidates, please send full CV with current and expected salary via email to
