~ About Us ~

the IT security consulting company

A member of CREST with a pool of CREST and OSCP certified security pentesters. Unparalleled skills, services and commitment in how we serve our customers coupled with our breadth of experience and knowledge enables us to better securing customers’ environment.

Over 10 years of vast experience in providing IT and cyber security services to government, including servicing in various industry sectors such as financial and banking, telecommunications, ecommerce, healthcare, high-tech manufacturing, travel and aviation, media publishing and advertising, fintech, cloud, energy, insurance, and education.

Forefront experience and exceptional knowledge in web applications security and secure coding, enable us to develop capabilities and help many customers to enhance their overall application security through application self-defence and better management of secure software development life cycle.

~ Our Core Values ~

govern our company mission and operations

Practical Security – we are committed to provide practical security recommendations and yet inline with industry best practices to our customers to achieve operational balance and meeting their IT security needs.

Service Excellence – it is in us to deliver projects with efficiency, quality and with utmost customer satisfaction.

Nurture and Contribute - as part of the local cyber security community and a social enterprise, we are here to nurture talents and build a workforce that is professional and contributes back to the society.

~ Our Journey ~

our story defines us, shapes us

  • 2021

    Consecutively 5th time awarded as provider to perform IT Security Services to Government Ministries, Statutory Boards and Agencies

  • 2017

    Consecutively 4th time awarded as provider to perform IT Security Services to Government Ministries, Statutory Boards and Agencies

  • 2017

    CREST Membership

  • 2013

    Consecutively 3rd time awarded as provider to perform IT Security Services to Government Ministries, Statutory Boards and Agencies

  • 2010

    Re-awarded as provider to perform IT Security Services to Government Ministries, Statutory Boards and Agencies

  • 2009

    Invited Guest Speaker in Cisco Security TechByte Seminar

  • 2008

    Founded.
    Exclusive partner in consortium to perform IT Security Services to Government Ministries, Statutory Boards and Agencies

 528999 Hours of Security Work

 >16 Years of Experience

 300 Unique Customers Served

 2036 Projects Served

~ Our Team ~

here is our consultant family, our assets

100%

IT Degree

90%

3 and More Security Certifications

90%

CISSP / CISA Certification

100%

OSCE3 / OSCP / CREST Certification

100%

Singaporean or PR

RV Chng

Founding Partner

About Him

RV, a true practitioner of management by objective and a pragmatic leader who leads by example, with a proven record in the IT security industry. An active participant in Ironman and 100 km marathons, he demonstrates and promotes extreme sports mindsets—persistence, discipline, and decisiveness—and he inculcates and inspires the team to constantly strive for the next height. Being a Founding Partner and member of the core management, he constantly contributes and delivers organic growth of the company resources, revenues, and profits. He has created and executed strings of strategic plans to position the company as the leader in the security industry. All these come with close to 30 years of extensive experience, strong knowledge, sharp instincts, and determination to succeed.


Qualifications & Certifications

Bachelor of Applied Science (Computer Engineering)
Nanyang Technology University (NTU), Singapore

CISSP, CISA, CISM, PCI QPASA, PCI QSA, FSA, CCSE, CCNP, CCDP, MCT, MCSE+I

 

Kenny Tan

Managing Partner

About Him

Managing & Founding Partner – Kenny is an entrepreneur and keen leader in motivating his team to break through and bring out their best performances. He is responsible for setting the vision and business strategies for the company; he builds and goals the team for innovation and excellence. Kenny has a total of 3 decades of IT experience with over 25 years of working in management and start-ups. He has 17 years of experience in security operations, over 8 years in security products and R&D innovation as a co-founder for security product startups, and over 20 years in IT security consultancy services. Being a qualified CISSP, Kenny has experience in both security implementation and consultancy. He plays an active role in IT security solution architecting, quality control, and cybersecurity advisory in key projects.


Qualifications & Certifications

Bachelor of Applied Science (Computer Engineering)
Nanyang Technology University (NTU), Singapore

CISSP

 

Sean Yeow

Director

About Him

Sean is a talent, and he attracts talents. He is a keen learner, constantly staying abreast of security technologies and trends. He is sharp and critical on assessments. As a natural leader, he takes good care of team resources and needs and hence earns high respect from all. His service attitude is superb and hence is always utmost customer-oriented. Sean has over 25 years of experience in the IT industry, with a good foundation in IT infrastructure, including systems, networks, and security. A member of core management, Sean is responsible for nurturing resources and talent development for the company. He is also accountable for delivery assurances and consultancy technical and practice management.


Qualifications & Certifications

Bachelor’s Degree in IT major in Data-Comm
Western Sydney University (UWS), Australia

CISSP, CISA, CRISC, CCNA

 

Howie Chew

Head, GRC & IT Audit

About Him

Howie is a persistent beacon. He grants daily ‘good morning’ inspiration notes and encouragements to kickstart and light up everyone’s day without fail. In group marathons, he played a ‘pacer’ role to gear, train, and drive the team; and in daily life, for over two decades, he has driven industry professionalism and excellence by inspiring, encouraging, and guiding, or even ‘pacing,’ many peers and juniors relentlessly on their paths to CISA, CISSP, and other security professional certifications. He earns industry respect from many as he shares work-life experiences while concurrently never short of stories and ideas to link and inject lively experiences into dry topics or works. He has 30 years of experience in the IT industry, with expertise in IT systems areas of architecture, networks, applications, and security. He started his career as an IT Developer, then moved on to IT Security (Governance & Operations) in the public sector before landing on consultancy services. He is a practitioner in operationalising IT policies such as IM8 and ISO.

He designed and managed IT security outreach programs, which included Cyber Range training, Security Incident Response exercises, awareness training of staff to organisation management executives, and carried out phishing tests to assess the level of staff awareness.

He is an avid sports enthusiast with a particular passion for badminton, jogging, swimming, and cycling. He enjoys traveling and exploring new places, as well as learning foreign languages to broaden his understanding of different cultures and perspectives.


Qualifications & Certifications

Bachelor of Applied Science (Computer Engineering)
Nanyang Technology University (NTU), Singapore

Specialist Diploma in Cybersecurity
Nanyang Polytechnic

CISSP, CISA, CISM, CGEIT, CRISC, CDPSE, ACLP

 

Ho Zhi Hao

Technical Director

About Him

An admirer of the Japanese culture, Zhi Hao is deeply influenced by their work ethics and mindset. He replicates many good and valuable elements of the Japanese culture in his work, especially in ensuring customer satisfaction, taking pride in their work, professionalism, and the drive to perfect their craft.

He is also a strong believer in Kaizen, or continuous improvement of oneself. He has a strong passion for constantly pursuing new knowledge and improving on his current skill set. Kaizen also means constantly taking in feedback, not just from colleagues but also from customers, and improving on the services rendered.

Zhi Hao has coming to 2 decades of experience in the IT industry. Starting out with low-level programming and writing system code, he has built up extensive knowledge in IT system security. Through the course of his work, Zhi Hao has been involved in code reviews, application design, and database design in IT systems. He is also able to create good rapport with customers and is very patient in helping customers secure their systems.


Qualifications & Certifications

Master of Science (Information Systems)
Bachelor of Engineering (Computer Engineering)
Nanyang Technological University, Singapore

CREST CPSA, CREST CRT (Pen),
OSCE3, OSED, OSEP, OSWE,
OSCP, OSWA, OSWP,
CISSP, CISA, GWAPT

 

Charles Chew

Technical Director

About Him

Charles has strong charisma and is always able to establish rapport with customers. He is passionate about IT Security, ever since discovering the myriad ways in which one can make a cause system behave in manners it was not designed for. His natural curiosity drives many of his pursuits and leans itself well in this exciting field of IT Security. He possesses strong project management skills and is able to handle demanding projects. Customers are left with a strong and positive impression upon completion, often citing his ability to be sensitive to their needs and meet project objectives within challenging timelines.

He has over 18 years in the IT industry, with a good foundation in application-related security. His previous role and work provided him extensive experience in Web Application Development, Software Development Life Cycle, Secure Code Review, Web Application Penetration testing, and course trainer for Secure Coding.


Qualifications & Certifications

Bachelor in Engineering (Computer Engineering) Honours
Nanyang Technological University (NTU), Singapore

CREST CPSA, CREST CRT (Pen),
OSCE3, OSED, OSEP, OSWE
OSCP, OSWA, OSWP,
KLCP, GWAPT, GPEN,
CISSP, CCSP
Member of GIAC Advisory Board

 

Ching Xiao Ting

Principal Consultant

About Her

Anyone who knows Ching Xiao Ting knows they are dealing with reliability and great trust. She is responsible and sensible and will always radiate with cheerful and positive energy. Xiao Ting has over 12 years of working experience in Information Technology (IT) Audit and Audit Assurance in various industries, including government entities, spanning across Singapore, Malaysia, China, and the United States. Her key areas of expertise include IT risk and security assessment, host review, and business processes review. She is also well-versed in the Sarbanes-Oxley Act (SOX), the Monetary Authority of Singapore (MAS), and the IM8 process audit review.

She spearheaded the setup of an IT audit function for a multinational company and exercised whistleblowing to investigate wrongdoings prior to joining PulseSecure. She is well respected for training hundreds of IT auditors for the industry and leading an army of them for the successful execution of complex, widescale projects in the government space.

Xiao Ting is passionate about her work and always goes the extra mile to meet client requirements and expectations. She enjoys coaching and always believes knowledge sharing helps her connect, perform better, and become stronger as a professional.


Qualifications & Certifications

Bachelor of Accountancy Information System (Hons.)
Universiti Utara Malaysia

Specialist Diploma in Cloud Security

CISA, CISM

 

Yansen Osman

Principal Consultant

About Him

Yansen, the “Doraemon” of the team, is a quiet yet high achiever who never stops astonishing clients with his extensive knowledge and service deliverables. He is always listening and analysing, paying attention to details, and resourceful and creative in assignments. With more than 18 years in the IT industry and a robust fundamental understanding of wide areas of work, including web applications, systems, and network security, he is able to perform various spectrums of security services. These include security architecture review, system and network reviews and testing, and developing deep skills in forensics, wireless, zero-day exploits, mobile devices, OT/IoT, and SCADA security assessment.

We can always count on Yansen as if he possesses a 4-dimensional pocket, like Doraemon, from which he can acquire various kinds of futuristic tools, gadgets, and playthings from a future department store. Despite his popularity and intelligence, he is shy, quiet, and humble.


Qualifications & Certifications

Master of Information Technology (Networking), James Cook University (JCU) Singapore
Bachelor of Computer Science, Bina Nusantara University

CREST CPSA, CREST CRT (Pen),
OSCE3, OSED, OSEP, OSWE,
OSCP, OSWA, OSWP, OSDA,
OSMR, BSCP, KLCP, GWAPT

 

Liew Zhen Yee

Principal Consultant

About Him

A security fanatic at work—Liew, a curious character, is often obsessed with new developments and technologies (and at times in pursuit of bleeding-edge technology). His perseverance has earned him a deep understanding of various industry solutions, their technology applications, and usages. This is where he further applied his ability and curiosity to uncover obscure security weaknesses in these implementations. Cumulating these experiences and project exposures have made Liew even more thrilled and confident to take on any technically demanding assignments and are determined to deliver them with utmost quality. He is fun, innovative, and is always electrified by new ventures.

Liew has over 13 years of IT programming, operations, and security experience.


Qualifications & Certifications

Bachelor of Information Technology (Security Technology), First Class Hons
Multimedia University, Malaysia

CREST CPSA, CREST CRT (Pen),
OSCE3, OSED, OSEP, OSWE,
OSCP, OSWA, OSWP, OSDA,
KLCP, GWAPT, GPEN, AWS CSA-A
Member of GIAC Advisory Board

 

Thinesh Kanaga Rajan

Senior Consultant

About Him

Thinesh entered the IT industry after a long stint in the Ministry of Defence as an intelligence specialist. There he gained his desire for cyber and digital defence and always being prepared for adverse situations. Amidst various appointments that included defence relations, research, and collection, he also held an appointment in managing Information Systems for the Army. Eventually, he decided to move into the private sector to explore new grounds while maintaining his desire for defense. He transited to PulseSecure and started translating his vast knowledge from the Ministry of Defence to cybersecurity.

Thinesh loves to travel and has visited up to 21 countries and counting. This passion of his keeps him moving, seeking adrenaline, and peaks his interest in understanding the countries’ culture. With that experience, he always comes back to translate them into learning experiences for himself and the portfolio he manages at work.

In PulseSecure, Thinesh maintains his physical fitness and upholds the high pride of a soldier—never losing touch with his readiness from his intense combat leadership training. He drives incident response preparedness of our clients, evaluates and assesses incident management and response process and readiness, as well as conducts incident management exercise planning and facilitation. On top of that, he manages projects that involve risk assessment, review of IT security and controls, and conducts several IT security awareness workshops for IT incident responders and senior management staff. He continuously looks forward to engaging clients, finding opportunities to ensure their cyber resilience is high, and providing his inputs from the experiences he has gained.


Qualifications & Certifications

Bachelor of Engineering (Hons) in Information and Communications Technology (Information Security)
Singapore Institute of Technology (SIT)

CISSP, CISM, CISA, CEH

 

Tianne Chu

Principal Consultant / Business Development

About Her

Tianne, is a determined and outstanding cybersecurity lady practitioner—a gem, way ahead of her time. After she topped the UEC, literally number 1 in that year at the national level of East Malaysia (an equivalent of GCE A-Level), she continued to pursue her passion in a niche UK degree in Forensic Computing and graduated with First-Class Honors! And imagine, over 10 years ago, when the field of cybersecurity had little or near-zero lady in penetration testing, she was utmost determined to break in.

As part of her journey, Tianne was among the pioneering batch to attain the prestigious OSCP certification and later, the advanced OSCE3 certification—remarkable achievements that underscore her expertise and dedication to mastering cybersecurity.

In addition to her technical prowess, Tianne has developed good business acumen. She is a driving force in business development at PulseSecure, helping to identify new opportunities, build client relationships, and deliver tailored cybersecurity services. Her understanding of both the technical and strategic aspects of cybersecurity allows her to bridge the gap between complex services and client needs effectively.

Before starting her career, she embraced a variety of international experiences—working holidays in New Zealand, volunteering in Australia, and backpacking across Southeast Asia. These experiences shaped her as a flexible, resilient, and adventurous leader. Tianne’s persistence, illustrated by her repeated applications to PulseSecure despite initial setbacks, ultimately led her to challenge conventions and champion diversity in a male-dominated field.

With her unique blend of technical expertise, business development skills, and an unwavering commitment to client satisfaction, Tianne is an inspirational pioneer and an outstanding model for “Women in Cybersecurity”!


Qualifications & Certifications

Bachelor of Information Technology (Forensic Computing), First Class Hons
Staffordshire University, United Kingdom / Asia Pacific University, Malaysia

CREST CPSA, CREST CRT (Pen),
OSCE3, OSED, OSEP, OSWE,
OSCP, OSWA, OSWP, OSDA,
KLCP, GWAPT, GPEN, CEH

 

Shen Wan Qiang

Principal Consultant

About Him

The name 'Wanqiang' means 10,000 strengths in Mandarin. Like his name suggests, he believes he possesses all of the strengths needed to achieve all of his goals in life.

Fresh out of school, he made his foray into the IT industry in 2008, beginning with application development. Equipped with good programming skills, Wanqiang went on to build his experience in system analysis and design as well as software testing before finding his eventual calling in IT security. As a security consultant, Wanqiang leverages off the knowledge previously accumulated to deliver cybersecurity outcomes to his clients in the wide spectrum of security work that he is now involved in. From application penetration testing and vulnerability assessment, to secure code review, system security review and audit, he is able to help clients identify the gaps in their cybersecurity defenses and find solutions that are practical in order to meet the needs of their organisations.

Outside of work, he is an Arsenal fan who looks forward to memorable travels with his family and who enjoys the simple pleasures of catching up with friends over a cup of kopi-poh- siu- dai. He hopes to have a room with an immersive sound experience that he can hole up in and treat his ears to the 80s and 90s Mandopop songs when he retires.


Qualifications & Certifications

Master of Science (Information Systems)
Nanyang Technological University, Singapore

Bachelor of Science (Computing & Information Systems), Second-Class Upper Hons
University of London, UK

CREST CPSA, CREST CRT (Pen),
OSCP, OSEP, OSWP, OSWA,
OSWE, GWAPT, GPEN,
CISA

 

Goh Sin Kang

Principal Consultant

About Him

A lifelong learner, always eager to soak up new knowledge like a sponge, whether it's about the digital assets security or mitigating its risks. He is always up for a challenge and believes that the best way to learn is to roll up your sleeves and dive right in.

SK has over 11 years of professional experience in IT Security, serving particularly in banking and finance, airlines, logistics, retail, and government agencies. His key areas of expertise include web application penetration testing, network vulnerability assessment, mobile application penetration testing, host audit assessment, source code review, and physical security review of buildings and data centres.

Apart from his technical expertise, he is dedicated to ensuring that clear objectives and expectations are consistently communicated and maintained. His focus on effective communication and setting transparent goals complements his technical skills, ensuring that projects run smoothly and expectations are always aligned. And most importantly, keeping clients that he serviced safe and highly satisfied with his work.


Qualifications & Certifications

Bachelor of Information Technology (Security Technology), Second-Class Upper Hons
Multimedia University, Malaysia

CREST CPSA, CREST CRT (Pen),
OSCE3, OSED, OSEP, OSWE,
OSCP, OSWA, OSWP,
KLCP, GWAPT

 

Jonathan Bei

Senior Consultant

About Him

Jonathan Bei brings over 5 years of experience as a penetration tester to the table. Specializing in Web Application Penetration Testing, Secure Code Reviews, API Penetration Testing, and Network & Cloud Vulnerability Assessments, he’s got the expertise to probe and protect from many angles. But what really drives Jonathan is the thrill of taking things apart, figuring out how they work, and making them better—whether it’s a complex piece of code, a new gadget, or an old guitar riff.

When Jonathan isn’t hunting for vulnerabilities, he’s probably buried in some DIY electronics project or hacking together custom solutions just for fun. He’s got a knack for finding creative exploits and innovative fixes, with the same passion he brings to tinkering with tech in his downtime. That relentless curiosity shapes how he approaches cybersecurity—every challenge is a puzzle, every system a playground for exploration. With a blend of deep technical knowledge and a love for all things hands-on, Jonathan is always pushing the boundaries to see what else can be discovered, refined, or reimagined.


Qualifications & Certifications

Bachelor’s Degree, Information Systems Technology and Design (Machine Learning & User Interface Design)
Singapore University of Technology & Design (SUTD) – Magna Cum Laude

CREST CPSA, CREST CRT (Pen),
OSCE3, OSED, OSEP, OSWE,
OSCP, OSWA, OSWP, KLCP

 

Jacky Chng

Consultant

About Him

Prior to graduation, Jacky has achieved a notable milestone by earning the OSCE3 certification during his academic tenure, highlighting his dedication to cybersecurity. This accomplishment underscores his profound commitment to the field, which is a cornerstone of his professional identity. Jacky's passion for cybersecurity transcends career choice; it is integral to his professional ethos. He has invested significant effort in honing his skills and expanding his expertise in this dynamic domain.

Jacky is a strong advocate of lifelong learning. This philosophy drives him to continuously seek new knowledge and stay abreast of the latest industry advancements, which is crucial for remaining relevant in this rapidly evolving field. And in the journey of learning and absorbing knowledge, Jacky also actively contributes back and participates in cybersecurity community discussions to guide, share, and inspire more enthusiasts.

Beyond his professional endeavors, Jacky is committed to maintaining a healthy and active lifestyle. His dedication to fitness was notably recognized during his army service, where he was distinguished as the best in physical training among the entire cohort. This commitment to physical challenges parallels his approach to cybersecurity, where Jacky is motivated by solving complex problems and staying ahead of emerging threats.

A particularly memorable experience for Jacky was skydiving in Switzerland, an exhilarating adventure that he found both thrilling and inspiring. This experience reinforced his dedication to cybersecurity by emphasizing the excitement and challenges intrinsic to the field. Jacky's adventurous spirit reflects his broader approach to life, blending his professional pursuits with a passion for personal growth and engaging experiences.


Qualifications & Certifications

Bachelor of Engineering in Information and Communications Technology (Information Security)
Singapore Institute of Technology (SIT)

Diploma in information technology, Nanyang Polytechnic

OSCE3, OSED, OSEP, OSWE,
OSCP, OSWA, OSWP, OSDA,
KLCP

 

Tan Zhi Yu

Consultant

About Him

Meet Zhi Yu, our office's very own panda lover! If there were a gold medal for the art of napping and munching, Zhi Yu would be a top contender. Much like the lovable panda, Zhi Yu embodies a perfect blend of relaxation (evident by those really heavy eyebags) and curiosity.

When he’s not channeling his inner panda, Zhi Yu is passionately diving into the world of penetration testing. His mission? To become the ultimate cybersecurity guru and a valuable asset to our team—a panda with a purpose!

Guided by the mantra, "The way to get started is to quit talking and begin doing," from the wise Walt Disney, Zhi Yu is all about transforming dreams into reality through action. He believes that talking about goals is nice, but actually working towards them is where the magic happens.

And let's not forget his epic life goal: to fill an entire wall with Iron Man collectibles and proudly showcase a human-sized Iron Man statue. Because, let’s face it, who wouldn’t want to live in a world where Iron Man is just a step away? – the same altruistic and righteous side of Zhi Yu applying to cybersecurity.

So, if you see Zhi Yu lounging around or engrossed in a new cybersecurity challenge, know that he’s just being his amazing panda self, all while gearing up to become a professional in the tech world.


Qualifications & Certifications

Bachelor of Engineering (Hons with Merit) in Information and Communications Technology (Information Security)
Singapore Institute of Technology (SIT)

Diploma in Information Security & Forensics, Ngee Ann Polytechnic

OSCE3, OSED, OSEP,
OSCP, OSWA, OSWP,
OSWE, OSDA, CEH

 

Willie Tay

Senior Consultant

About Him

When he’s not chasing down a soccer ball or smashing a shuttlecock or tennis ball, you’ll find him exploring new hiking trails or diving into crystal-clear waters. As an avid traveller, he is always looking out for the next opportunity to hike and dive.

Willie brings the same energy and determination from the fields and natures to the world of cybersecurity. His journey from IT to cybersecurity is a true testament to his never-give-up attitude.

In the early stages of his career, he held roles as a Systems and Network Engineer across the private and public sectors. Driven by a strong interest in cybersecurity, he pivoted into the field within the public sector before diving into consultancy. His hands-on experience as a Network Engineer provided him with a deep understanding of IT infrastructure, laying a solid foundation for his expertise in risk management and implementation of comprehensive security solutions for enterprise systems. He now has acquired close to 10 years of IT and cybersecurity industry experience.


Qualifications & Certifications

Bachelor in Engineering (Electrical and Electronic Engineering) (Hons.),
Specialisation: Communications Engineering
Nanyang Technology University (NTU), Singapore

Specialist Diploma in Information Security & Forensics
Temasek Polytechnic

Diploma in Electrical and Electronic Engineering, Specialisation: Aerospace Electronics Engineering
Temasek Polytechnic

CISSP, CRISC, CEH

 

Tan Keng Tiong

Principal Consultant

About Him

“You are braver than you believe, stronger than you seem, and smarter than you think,” - Keng Tiong, the “winnie the pooh” of our team, has been hibernating for years and started his life search more than 14 years back, where he started eat and sleep with security (no honey). With a determined mind, he is today our star, shining high and unleashing his fullest potential, happily enjoying and deploying his skillsets in performing security services.

As the “pooh” always does, he is supportive to team (friends), provides a crying shoulder and offers free and nice hugs.

His previous role and experience provided him with extensive knowledge in project management and secure software lifecycle. He is currently an expert in Secure Code Reviews, Web Application Penetration Testing, Application Security Reviews and Network Vulnerability Assessments and Systems Audit and Review in these amazing short years.


Qualifications & Certifications

Master of Science (Information Systems)
Bachelor of Engineering (Computer Engineering)
Nanyang Technological University, Singapore

CREST CPSA, CREST CRT (Pen),
OSCP, OSEP, OSWE, OSWA,
CISA, OSWP, GWAPT

 

~ Our Services ~

how can we help you

Assessment

The objective of any assessment is to identify vulnerabilities and risks. Vulnerabilities assessments and penetration testings can be performed to identify such possible vulnerabilities or risks.

Audit and Review

Audit and Security Review on IT infrastructure, IT policies & processes, or systems is to determine if the information systems are safeguarding assets, data integrity are intact, and operations are secure to achieve the organization's IT security goals or control objectives. We adopt guidelines from industry best practices such NIST, CERT, SANS, OWASP, OSSTMM and other leading security advisory groups for IT audit & review such as ISO/IEC, ISACA and ISC2.

Overall Consultation

We provide consultancy on general IT security general controls, system & network security, policies and processes, operations, gap analysis, risk assessment, impact analysis, applications security, secure coding and secure software lifecycle development etc. We provide and guide our clients with the adequate and yet practical security controls and defence-in-depth concepts. We also advise clients or perform compliance review and conformance to relevant standards or security requirements from various authorities or international bodies such as MAS, Government, ISO/IEC, ISACA and ISC2.

Security Incident Response Exercise

Largest provider for the public sector’s incident response exercise since 2021 with the objective to upskill organisational readiness in responding to cybersecurity incidents. We design and formulate current and impactful scenarios, curate to the local agency’s requirement with understanding of cyber threat landscape, utilising the MITRE ATT&CK, Lockheed Martin Cyber Kill Chain and Sectoral Threat Profile (STP). Exercises ranges from Table-top (TTX), Command Post (CPX), Ground Deployment (GDX) to large scale multi-agencies Crisis Management (CMX). Other services include Cyber Range to test execution of practical drills in detection, containment, remediation and recovery of the compromised systems, in concurrence with the participants’ execution of Standing Operating Procedures and Crisis Communication including mock-up press conference to prepare the organisation leaders’ response to media.

Development

Perform gap analysis, updates or development of policies, processes & procedures, standards, practices and architecture designs, in the areas of information security or cyber security.

Red Teaming

Red teaming is a strategy used to identify vulnerabilities and improve defences by simulating adversarial attacks against an organization’s defences, system, or processes. By acting as attackers, red teaming will challenge assumptions, uncover weaknesses, and test security measures. This approach helps organizations enhance their resilience and preparedness, by providing a realistic assessment of their ability to defend against potential threats.

Training

End users are generally the weakest link in any organization. Security Awareness Training is required to make sure that they play a part in their organization’ IT Security. Focus group training is designed to impart in-depth security knowledge to targeted audience on specific area of interests or concerns.

~ Our Works ~

what we are proud of

~ Government ~

Ministries, Statutory Board & Agencies, Institutions, Divisions

Overview

Our company is CREST-approved member for penetration testing. Our consultants have performed numerous IT security assessments on many ministries and government agencies. Amongst them are projects of varying security classifications. Some nationwide infrastructure, big data security projects such as National Authentication Framework (NAF), Command and Control (C&C) systems, Smart Nation and SingPass related projects. Cyber security assessment on such projects has helped to identify and mitigated possible cyber threats and strengthen the resilience of our nation Critical Information Infrastructure (CII) including Banking and Finance, Government, Energy and Infocomm sectors.

Such services includes: System Security Audit & Review, Physical & Environmental Security Audit & Review, Policies Development & Review, Network Vulnerability Assessment and Penetration Testing, Web Application Penetration Testing, Wireless Security Assessment, Secure Architecture Review, Application Security Design Review and Security Training.

We have successfully advised these clients to attend to their weakest security link within their organization with practical advices on risks prioritization, mitigations or remediation needed.

In one particular project, our consultants uncovered an unusual phenomenon in which depite the environment being well protected by a vigilant operation team and had high standards of security practices, they have been applying patch process conscientiously and have conducted many assessments before. However, we uncovered some servers were still affected with many high-risk vulnerabilities. Our consultants were able to help the client investigate and nail down the root cause of this puzzling inconsistency. We made rectification recommendations, brief the management and improved their understanding of the problem, as well as the endorsement of necessary actions.

In some projects involving systems and databases on fund transaction where stringent security have been implemented, our consultants were still able to identify flaws or oversights that may lead to possible unauthorised access to sensitive systems or data from public internet. We have helped education institutions in uncovering and preventing attacks that may lead to exam results database alteration and deletion or leakage of test papers. We have also conducted assessments on ERP and financial systems and prevented crucial information leakage to internal and external public networks.


Highlights


Content

~ FSI ~

Local & Foreign Banks, e-Payment Operator, Fintech, Stock Exchange, Insurance, Investment, Asset & Capital Management Institutions

Overview

Our team has performed numerous IT security assessment projects for the FSI. These assessments includes Internet facing banking systems for both consumer and commercial, forex and trading systems, legacy mainframes and other back-end systems running on commercial leading platforms like BEA Weblogic, IBM Websphere, Sun iPlanet, Oracle e-Business Suite, SAS, Sibels, CRM solutions, SAP solutions, etc. We perform full 3-tiers assessment on web-app-database, and other infrastructure and architecture systems such as firewalls, authentication and single-sign-on, two-FA, network and security devices, wireless and desktop, thick client and citrix based applications, mobile banking applications etc. We have helped organizations comply with MAS TRM (Technology Risk Management) guideline and HK-MAS guideline. For the financial industry, CREST standards is important as; CREST Singapore Chapter – is established to introduce its penetration testing certifications and accreditations to Singapore - an initiative developed in collaboration by MAS, ABS and IDA.

We have successfully secured infrastructure, improved operation practices, and uncovered weakness and vulnerabilities on application and systems over these years. We have conducted audit and review, vulnerability assessment and pen-testing, and we have taken on challenges to further help them identify and mitigate new exploits and threats. We have also performed secure architecture review and secure code review to further help enhance security posture.


Highlights


Content

~ Aviation ~

Premium International & Region Carriers, Airport Operator, Food Solution & Gateway Services, In-Flight Entertainment Providers

Overview

Our team performed airline-industry-related security assessment projects covering policies development and review, network, systems and applications penetration tests, secure architecture reviews, code and process reviews. We are familiar with airline industry ticketing, promotions, booking and membership practices. Our assessment covers Abacus system, credit-cards clearing, complex reservation processing systems and resource booking and planning systems, supply-chain system, partner’s collaboration portals for business order taking, equipment or parts replenishment, games and infotainment systems, and system wide infra and network security. Our consultants are always able to provide new angles of considerations and discuss security operation concerns and possible risk exposure to clients. Through these projects, our consultants have advised on design and implementation flaws relating to inter-systems integration problem that lead to security loop-holes, and have recommended necessary mitigations and controls on these possible abuses.

~ Telecommunication & ISP ~

Multi-national Teleco Corporation (MNC), Internet Service Providers, Nation-wide Wireless Providers

Overview

Our team has performed numerous assessments for complex large-scale networks and backbone networks with developed assessment methodologies suited to our clients’ cyber security requirements. These are repeated clients that engage our services for consecutive years. We provide advisory and investigation to large telecos, wireless providers and ISPs. We have perform security tests on telecom equipment, including satellite equipment. we have also performed both security audit and review and testing for organisation’s enterprise level Wi-Fi networks which includes capturing wireless packets, heat mapping, WEP and network passwords extraction, harvesting connections from rogue access points, man-in-the-middle attacks, attacking networks via Bluetooth or ZigBee.

~ Other Commercial ~

Automotive Manufacturing, Cloud Solution and Providers, Energy, Petrochemical & Marine, Real Estate & Media Industry

Overview

Our team has serviced MNCs covering IT audit for statutory and group financial audit purposes. These audits cover IT General Controls, IT Application Controls and IT Controls relating to Financial Reporting.

We are familiar with the requirements of IT controls relating to compliance with government, ISO and SOX; and are experienced in helping internal audit function or departments perform internal self-assessments on their IT infrastructure.

We have also performed assessment for Supervisory Control and Data Acquisition Systems (SCADA) and Distribution Control Systems (DCS) and penetration testing. Our experience and expertise include review and testing of ROM-based and Programmable Logic Controllers (PLC), Remote Terminal Units (RTU), Intelligent Electrical Device (IED) and other sensors devices.

Our team help secure critical infrastructure focusing on a basic understanding and awareness of real-world threats and vulnerabilities that exist within the industrial automation and control system architectures used in most process industries and manufacturing facilities.

Our team is able to provide new insights into increasing the effectiveness of internal controls given the operation constraints and risk exposures of clients. Through these projects, our team has recommended practical solutions to system design and implementation of IT Controls relating to Financial Reporting.

Frequently, we have reported such findings to System Implementation Teams and worked with them to help ensure compliance and conformance to requirements or industry standards.

~ Education ~

Ministries, Statutory Board & Agencies, Institutes of Higher Learning (IHL), Private Learning Providers

Overview

Both for mainstream government education and for commercial learning providers, our team has performed numerous security assessment, risk assessment and policy compliance, trainings and IT audits to ensure better cyber and IT security in these education environments. We have covered campus wide assessment projects and providing security risk management advisories. We have identified lapses and recommended improvement to their systems and processes. We have performed penetration testing and secure code review for education sector related projects – such as critical and sensitive score systems, scholarship and funding management systems, online elearning and assignments portals, life-long-learning systems, and educational portals with trending new media communications platform on mobile apps, creative and innovative education systems, etc. Across a spectrum of services, we work with customer to build a secure environment and provided trainings on cybersecurity, cyberhygiene, do’s and don’t, security incidents response know-how and personal data protection.

~ Our Certifications ~

~ Our Partners ~

~ Recruitment ~

who are we looking for

~ Consultant / Senior Consultant (IT Audit) ~


The Consultant will conduct and deliver IT Audit and Review Consultancy Services. The Consultant has to possess technical skills across multiple IT domains and consulting disciplines.

Job Description:

  • Performing Security Audit and Review
  • Performing Risk Assessment and Consultation
  • Performing Incident Response Readiness Exercise
  • Performing Outreach Program - Security Awareness Training, Phishing Campaigns
  • Perform Security Architecture Review
  • Project Management and Delivery

Skills & Experience:

  • Degree in Computer Science/ IT or equivalent
  • Have exposure in IT Audit / Compliance / Governance / Security
  • Have exposure in the implementation, maintenance and operations of IT systems / Operational Technology (OT) systems
  • Added advantage if you possess one or more of the following skills:
    • Familiar with information technology governance standards and industry best practices (i.e., ISO 17799/ ISO 27002/ Singapore Government IM8, NIST, ITIL, CIS, etc.) and other IT methodologies.
    • Familiar with PDPA
    • Familiar with Server, Middleware, Database, Network Device, Security Appliances
    • Familiar with commercial Cloud platform (AWS, Azure, GCP)
    • Familiar with OT (SCADA, utilities, transport, aviation, etc)
    • Familiar with IoT and Sensors
  • Posses CISSP, CISA, CISM, CRISC will be an advantage
  • Able to work independently and as a team player
  • Strong verbal and written communication skills in English
  • Strong analytical and problem-solving skills
  • Proactive self-starter with an analytical and creative mind
  • Result and customer oriented with multi-tasking capabilities
  • Demonstrate good project management and people skills
  • Good organizational multi-tasking, and time-management skills
  • Must be Singaporean or Singapore PR
  • On-the-Job-Training will be provided

Interested candidates, please send full CV with current and expected salary via email to HR

#TeSA #TMCA

~ Consultant / Senior Consultant (Cyber Security) ~


For applicant whom seeking a flexible work-hour and work-from-home environment.

The Consultant will conduct and deliver IT Security Consultancy Services. The Consultant has to possess technical skills across multiple security assessment and consulting disciplines.

Job Description:

  • Perform Web Application Pennetration Test
  • Perform Network Penetration Test
  • Perform Security Audit and Review
  • Perform Secure Code Review
  • Project Management and Delivery

Skills & Experience:

  • Degree or Diploma in Computer Science/IT or equivalent
  • Must be Singaporean or Singapore PR
  • 1 to 3 years relevant Web Application Penetration Testing experience is preferred
  • Possess OSCP, CREST, GWAPT, OSWE will be an advantage
  • Knowledge and experience with Python, ASP.NET, C#, VB, PHP, JAVA, SQL databases, and/or web technology
  • Knowledge and experience and good understanding of application security
  • Knowledge on system and network security will be an added advantage
  • Web and mobile programming background will be an added advantage
  • Able to work independently and as a team player
  • Strong verbal and written communication skills in English
  • Strong analytical and problem-solving skills
  • Proactive self-starter with an analytical and creative mind
  • Result oriented and customer oriented
  • Demonstrate good project management and people skills
  • Good organisational, multi-tasking and time-management skills
  • Passionate freshmen, early-career or mid-career candidates with security / programming / IT knowledge are welcome
  • On-the-Job-Training will be provided

Interested candidates, please send full CV and state your current and expected salary via email to HR

#TeSA #CLT

~ Consultant / Senior Consultant (Red Teaming) ~


For applicant whom seeking a flexible work-hour and work-from-home environment.

The Consultant will conduct and deliver IT Security Consultancy Services. The Consultant has to possess technical skills across multiple security assessment and consulting disciplines.

Job Description:

  • Perform Red Teaming projects (Adversarial Simulation, Exploit Development, Social Engineering and Reconnaissance)
  • Perform Web Application Penetration Test
  • Perform Network Penetration Test
  • Perform Cloud Penetration Test
  • Perform Mobile Penetration Test

Skills & Experience:

  • Degree or Diploma in Computer Science/IT or equivalent
  • Must be Singaporean or Singapore PR
  • At Least 2 years relevant experience in performing Red Teaming projects
  • Possess CREST Certified Simulated Attack Specialist (CCSAS), CREST Certified Simulated Attack Manager (CCSAM
  • Possess Offensive Security Specialist Profession (OSED), GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), Offensive Security Exploitation Expert (OSEE) or Social Engineering PenTesting Professional (SEPP) will be added bonus
  • Able to work independently and as a team player
  • Strong verbal and written communication skills in English
  • Strong analytical and problem-solving skills
  • Proactive self-starter with an analytical and creative mind for security research
  • Result oriented and customer oriented
  • On-the-Job-Training on unfamiliar area will be provided

Interested candidates, please send full CV with current and expected salary via email to HR

~ Contact Us ~

find us here

36 Armenian Street
#04-12 Singapore 179934