~ About Us ~

the IT security consulting company

A member of CREST with a pool of CREST and OSCP certified security pentesters. Unparalleled skills, services and commitment in how we serve our customers coupled with our breadth of experience and knowledge enables us to better securing customers’ environment.

10 years of vast experience in providing IT and cyber security services to government, including servicing in various industry sectors such as financial and banking, telecommunications, ecommerce, healthcare, high-tech manufacturing, travel and aviation, media publishing and advertising, fintech, cloud, energy, insurance and education.

Forefront experience and exceptional knowledge in web applications security and secure coding, enable us to develop capabilities and help many customers to enhance their overall application security through application self-defence and better management of secure software development life cycle.

~ Our Core Values ~

govern our company mission and operations

Practical Security – we are committed to provide practical security recommendations and yet inline with industry best practices to our customers to achieve operational balance and meeting their IT security needs.

Service Excellency – it is in us to deliver projects with efficiency, quality and with utmost customer satisfaction.

Nurture and Contribute - as part of the local cyber security commmunity and a social enterprise, we are here to nurture talents and build a workforce that is professional and contributes back to the society.

~ Our Journey ~

our story defines us, shapes us

  • 2017

    CREST Membership

  • 2013

    Consecutively 3rd time awarded as provider to perform IT Security Services to Government Ministries, Statutory Boards and Agencies

  • 2010

    Re-awarded as provider to perform IT Security Services to Government Ministries, Statutory Boards and Agencies

  • 2009

    Invited Guest Speaker in Cisco Security TechByte Seminar

  • 2008

    Founded.
    Exclusive partner in consortium to perform IT Security Services to Government Ministries, Statutory Boards and Agencies

 189146 Hours of Security Work

 9 Years of Experience

 159 Unique Customers Served

 825 Projects Served

~ Our Team ~

here is our consultant family, our assets

100%

IT Degree

90%

3 and More Security Certifications

over 90%

GWAPT Certification

90%

OSCP / CREST CRT Certification

100%

Singaporean or PR

RV Chng

Founding Partner

About Him

RV, a true practitioner of management-by-objective and a pragmatic leader that leads by example, with a proven record in IT security industry. An active participant in ironman and 100km marathon he demonstrates and promotes extreme sports mindsets - persistence, discipline and decisiveness – he inculcates and inspires the team to constantly strive for the next height. Being a Founding Partner and member of the core management, he constantly contributes and delivers organic growth of the company resources, revenues and profits. He has created and executed strings of strategic plans to position the company as the leader in security industry. All these come with 22 years of extensive experience, strong knowledge and with sharp instincts, and determination to success.


Qualifications & Certifications

Bachelor of Applied Science (Computer Engineering)
Nanyang Technology University (NTU), Singapore

CISSP, CISA, CISM, PCI QPASA, PCI QSA, FSA, CCSE, CCNP, CCDP, MCT, MCSE+I

 

Kenny Tan

Managing Partner

About Him

Managing & Founding Partner – Kenny is an entrepreneur and keen leader in motivating his team to breakthrough and bring out their best performances. He is responsible for setting vision and business strategies for the company, he builds and goals the team for innovation and excellence. Kenny has a total of 22 years of IT experience with close to 20 years in working in management and start-ups. He has 17 years of experience in security operations, over 8 years in security products and R&D innovation as a co-founder for security product startups, and over 13 years in IT security consultancy services. Being a qualified CISSP, Kenny has experience in both security implementation and consultancy. He plays an active role in IT security solution architecting, quality control and cyber security advisory in key projects.


Qualifications & Certifications

Bachelor of Applied Science (Computer Engineering)
Nanyang Technology University (NTU), Singapore

CISSP

 

Sean Yeow

Senior Principal Consultant / Technical Director

About Him

Sean is a talent, and he attracts talents. He is a keen learner, constantly stay abreast with security technologies and trends. He is sharp and critical on assessments. As a naturally leader, he takes good care of team resources and needs, and hence earns high respect from all. His service attitude is superb and hence is always utmost customer orientated. Sean has 16 years of experience in IT industry, with good foundation in IT infrastructure including systems, networks and security. A member of core management, Sean is responsible for nurturing resources and talent development for the company. He is also accountable for delivery assurances and consultancy technical and practice management.


Qualifications & Certifications

Bachelor’s Degree in IT major in Data-Comm
Western Sydney University (UWS), Australia

CISSP, CISA, CRISC, CCNA

 

Wu BoSheng

Principal Consultant

About Him

Bo Sheng is our lead with a keen sense of understanding client’s business and security needs. He is a calm work-bee, always ready his part and guide others. Everyone, including customers, partners and co-workers always enjoy working with him. He is meticulous and exhibits strong security knowledge and proficiency in compliance, risk assessment and web application pen-testing. With high productivity and great organization skills, Bo Sheng is capable to pre-empt problems, organizes priorities and resolves challengers in grace. He achieves excellent resource, customer and project management.

Bo Sheng, coming from government ministry security background, has been our champion and pusher for CREST and company CREST preparation. He has over 10 years of IT security testing and audit experience involving critical infrastructure, financial systems, and high-profile web applications. He is familiar with government standards, IT security policy and compliance work, having also attended the ISO ISMS lead auditor course. Being analytical and resourceful, he can easily adapt to different environment and advise on practical security risks and countermeasures. In his role he oversees, natures and guides his team in performing consulting services, and is persistent in achieving high customer satisfaction, quality and timeliness of work.


Qualifications & Certifications

Bachelor of Computing
National University of Singapore (NUS)

CREST CRT/CPSA, OSCP, CISA, GWAPT, ISO Lead Auditor

 

Ho Zhi Hao

Principal Consultant

About Him

An admirer of the Japanese culture, Zhi Hao is deeply influence by their work ethics and mindset. He replicates many good and valuable elements of the Japanese culture in his work, especially in ensuring customer satisfaction, taking pride in their work, professionalism and the drive to perfect their craft.

He is also a strong believer in Kaizen, or continuous improvement of oneself. He has a strong passion in constantly pursuing new knowledge, and improving on current skillset. Kaizen also means constantly taking in feedback, not just from colleagues, but also from customers, improving on the services rendered.

Zhi Hao has coming to 10 years of experience in the IT industry. Started out with low level programming, and writing system code, he has built up extensive knowledge in IT system security. Through the course of his work, Zhi Hao has been in involved in code reviews, application design and database design in IT systems. He is also able to create good rapport with customers, and very patient in helping customers secure their systems.


Qualifications & Certifications

Master of Science (Information Systems)
Bachelor of Engineering (Computer Engineering)
Nanyang Technological University, Singapore

CREST CRT/CPSA, OSCP, CISSP, CISA, GWAPT

 

Tan Keng Tiong

Senior Consultant

About Him

“You are braver than you believe, stronger than you seem, and smarter than you think,” - Keng Tiong, the “winnie the pooh” of our team, has been hibernating for years and started his life search 5-6 years back, where he started eat and sleep with security (no honey). With a determined mind, he is today our star, shining high and unleashing his fullest potential, happily enjoying and deploying his skillsets in performing security services.

As the “pooh” always does, he is supportive to team (friends), provides a crying shoulder and offers free and nice hugs.

His previous role and experience provided him with extensive knowledge in project management and secure software lifecycle. He is currently an expert in Secure Code Reviews, Web Application Penetration Testing, Application Security Reviews and Network Vulnerability Assessments and Systems Audit and Review in these amazing short years.


Qualifications & Certifications

Master of Science (Information Systems)
Bachelor of Engineering (Computer Engineering)
Nanyang Technological University, Singapore

CREST CRT/CPSA, OSCP, GWAPT

 

Charles Chew

Senior Consultant

About Him

Charles has strong charisma and is always able to establish rapport with customers. He is passionate on IT Security, ever since discovering the myriad ways which one can make cause system to behave in manners it was not designed for. His natural curiosity drives many of his pursuits, and leans itself well in this exciting field of IT Security. He possesses strong project management skill and is able to handle demanding projects. Customers are left with a strong and positive impression upon completion, often citing his ability to be sensitive to their needs, and meet project objectives within challenging timelines.

He has over 10 years in IT industry, with good foundation in application related security. His previous role and work provided him extensive experience in Web application development, Software Development Life Cycle, Secure Code Review, Web Application Penetration Testing and course trainer for Secure Coding.


Qualifications & Certifications

Bachelor in Engineering (Computer Engineering) Honours
Nanyang Technological University (NTU), Singapore

CREST CRT/CPSA, OSCP, CISSP, GWAPT, GPEN, CEH

 

Yansen Osman

Senior Consultant

About Him

Yansen, the “doraemon” of the team, a quiet and yet high achiever that never stop to astonish clients with his extensive knowledge and service deliverables. He is always listening and analysing, paying attention to details, resourceful and creative in assignments. With more than 10 years in IT industry and robust fundamental on wide areas of work including web application, system and network security, he is able to perform various spectrums of security services including security architecture review, system and network reviews and testing, forensics, wireless, mobile device, zero day exploits and SCADA security assessment.


Qualifications & Certifications

Master of Information Technology (Networking), James Cook University (JCU), Singapore
Bachelor of Computer Science, Bina Nusantara University

CREST CRT/CPSA, OSCP, GWAPT

 

Liew Zhen Yee

Senior Consultant

About Him

A security fanatic at work - Liew, a curious character is often obsessed with new developments and technologies (and at times in pursuit of bleeding edge technology). His perseverance has earned him a deep understanding on various industry solutions, their technology applications and usages. This is where he further applied his ability and curiosity to uncover obscure security weaknesses on these implementations. Cumulating these experiences and project exposures, Liew is now even more thrilled and confident to take on any technically demanding assignments, and is determined to deliver them with utmost quality. He is fun, innovative, and is always electrify on new ventures.


Qualifications & Certifications

Bachelor of Information Technology (Security Technology), First Class Hons
Multimedia University, Malaysia

CREST CRT/CPSA, OSCP, GWAPT, GPEN
GIAC Advisory Board Member

 

~ Our Services ~

how can we help you

Audit and Review

Audit and Security Review on IT infrastructure, IT policies & processes, or systems is to determine if the information systems are safeguarding assets, data integrity are intact, and operations are secure to achieve the organization's IT security goals or control objectives. We adopt guidelines from industry best practices such NIST, CERT, SANS, OWASP, OSSTMM and other leading security advisory groups for IT audit & review such as ISO/IEC, ISACA and ISC2.

Overall Consultation

We provide consultancy on general IT security general controls, system & network security, policies and processes, operations, gap analysis, risk assessment, impact analysis, applications security, secure coding and secure software lifecycle development etc. We provide and guide our clients with the adequate and yet practical security controls and defence-in-depth concepts. We also advise clients or perform compliance review and conformance to relevant standards or security requirements from various authorities or international bodies such as MAS, Government, ISO/IEC, ISACA and ISC2.

Assessment

The objective of any assessment is to identify vulnerabilities and risks. Vulnerabilities assessments and penetration testings can be performed to identify such possible vulnerabilities or risks.

Development

Perform gap analysis, updates or development of policies, processes & procedures, standards, practices and architecture designs, in the areas of information security or cyber security.

Training

End users are generally the weakest link in any organization. Security Awareness Training is required to make sure that they play a part in their organization’ IT Security. Focus group training is designed to impart in-depth security knowledge to targeted audience on specific area of interests or concerns.

~ Our Works ~

what we are proud of

~ Government ~

Ministries, Statutory Board & Agencies, Institutions, Divisions

Overview

Our company is CREST-approved member for penetration testing. Our consultants have performed numerous IT security assessments on many ministries and government agencies. Amongst them are projects of varying security classifications. Some nationwide infrastructure, big data security projects such as National Authentication Framework (NAF), Command and Control (C&C) systems, Smart Nation and SingPass related projects. Cyber security assessment on such projects has helped to identify and mitigated possible cyber threats and strengthen the resilience of our nation Critical Information Infrastructure (CII) including Banking and Finance, Government, Energy and Infocomm sectors.

Such services includes: System Security Audit & Review, Physical & Environmental Security Audit & Review, Policies Development & Review, Network Vulnerability Assessment and Penetration Testing, Web Application Penetration Testing, Wireless Security Assessment, Secure Architecture Review, Application Security Design Review and Security Training.

We have successfully advised these clients to attend to their weakest security link within their organization with practical advices on risks prioritization, mitigations or remediation needed.

In one particular project, our consultants uncovered an unusual phenomenon in which depite the environment being well protected by a vigilant operation team and had high standards of security practices, they have been applying patch process conscientiously and have conducted many assessments before. However, we uncovered some servers were still affected with many high-risk vulnerabilities. Our consultants were able to help the client investigate and nail down the root cause of this puzzling inconsistency. We made rectification recommendations, brief the management and improved their understanding of the problem, as well as the endorsement of necessary actions.

In some projects involving systems and databases on fund transaction where stringent security have been implemented, our consultants were still able to identify flaws or oversights that may lead to possible unauthorised access to sensitive systems or data from public internet. We have helped education institutions in uncovering and preventing attacks that may lead to exam results database alteration and deletion or leakage of test papers. We have also conducted assessments on ERP and financial systems and prevented crucial information leakage to internal and external public networks.


Highlights


Content

~ FSI ~

Local & Foreign Banks, e-Payment Operator, Fintech, Stock Exchange, Insurance, Investment, Asset & Capital Management Institutions

Overview

Our team has performed numerous IT security assessment projects for the FSI. These assessments includes Internet facing banking systems for both consumer and commercial, forex and trading systems, legacy mainframes and other back-end systems running on commercial leading platforms like BEA Weblogic, IBM Websphere, Sun iPlanet, Oracle e-Business Suite, SAS, Sibels, CRM solutions, SAP solutions, etc. We perform full 3-tiers assessment on web-app-database, and other infrastructure and architecture systems such as firewalls, authentication and single-sign-on, two-FA, network and security devices, wireless and desktop, thick client and citrix based applications, mobile banking applications etc. We have helped organizations comply with MAS TRM (Technology Risk Management) guideline and HK-MAS guideline. For the financial industry, CREST standards is important as; CREST Singapore Chapter – is established to introduce its penetration testing certifications and accreditations to Singapore - an initiative developed in collaboration by MAS, ABS and IDA.

We have successfully secured infrastructure, improved operation practices, and uncovered weakness and vulnerabilities on application and systems over these years. We have conducted audit and review, vulnerability assessment and pen-testing, and we have taken on challenges to further help them identify and mitigate new exploits and threats. We have also performed secure architecture review and secure code review to further help enhance security posture.


Highlights


Content

~ Aviation ~

Premium International & Region Carriers, Airport Operator, Food Solution & Gateway Services, In-Flight Entertainment Providers

Overview

Our team performed airline-industry-related security assessment projects covering policies development and review, network, systems and applications penetration tests, secure architecture reviews, code and process reviews. We are familiar with airline industry ticketing, promotions, booking and membership practices. Our assessment covers Abacus system, credit-cards clearing, complex reservation processing systems and resource booking and planning systems, supply-chain system, partner’s collaboration portals for business order taking, equipment or parts replenishment, games and infotainment systems, and system wide infra and network security. Our consultants are always able to provide new angles of considerations and discuss security operation concerns and possible risk exposure to clients. Through these projects, our consultants have advised on design and implementation flaws relating to inter-systems integration problem that lead to security loop-holes, and have recommended necessary mitigations and controls on these possible abuses.

~ Telecommunication & ISP ~

Multi-national Teleco Corporation (MNC), Internet Service Providers, Nation-wide Wireless Providers

Overview

Our team has performed numerous assessments for complex large-scale networks and backbone networks with developed assessment methodologies suited to our clients’ cyber security requirements. These are repeated clients that engage our services for consecutive years. We provide advisory and investigation to large telecos, wireless providers and ISPs. We have perform security tests on telecom equipment, including satellite equipment. we have also performed both security audit and review and testing for organisation’s enterprise level Wi-Fi networks which includes capturing wireless packets, heat mapping, WEP and network passwords extraction, harvesting connections from rogue access points, man-in-the-middle attacks, attacking networks via Bluetooth or ZigBee.

~ Other Commercial ~

Automotive Manufacturing, Cloud Solution and Providers, Energy, Petrochemical & Marine, Real Estate & Media Industry

Overview

Our team has serviced MNCs covering IT audit for statutory and group financial audit purposes. These audits cover IT General Controls, IT Application Controls and IT Controls relating to Financial Reporting.

We are familiar with the requirements of IT controls relating to compliance with government, ISO and SOX; and are experienced in helping internal audit function or departments perform internal self-assessments on their IT infrastructure.

We have also performed assessment for Supervisory Control and Data Acquisition Systems (SCADA) and Distribution Control Systems (DCS) and penetration testing. Our experience and expertise include review and testing of ROM-based and Programmable Logic Controllers (PLC), Remote Terminal Units (RTU), Intelligent Electrical Device (IED) and other sensors devices.

Our team help secure critical infrastructure focusing on a basic understanding and awareness of real-world threats and vulnerabilities that exist within the industrial automation and control system architectures used in most process industries and manufacturing facilities.

Our team is able to provide new insights into increasing the effectiveness of internal controls given the operation constraints and risk exposures of clients. Through these projects, our team has recommended practical solutions to system design and implementation of IT Controls relating to Financial Reporting.

Frequently, we have reported such findings to System Implementation Teams and worked with them to help ensure compliance and conformance to requirements or industry standards.

~ Education ~

Ministries, Statutory Board & Agencies, Institutes of Higher Learning (IHL), Private Learning Providers

Overview

Both for mainstream government education and for commercial learning providers, our team has performed numerous security assessment, risk assessment and policy compliance, trainings and IT audits to ensure better cyber and IT security in these education environments. We have covered campus wide assessment projects and providing security risk management advisories. We have identified lapses and recommended improvement to their systems and processes. We have performed penetration testing and secure code review for education sector related projects – such as critical and sensitive score systems, scholarship and funding management systems, online elearning and assignments portals, life-long-learning systems, and educational portals with trending new media communications platform on mobile apps, creative and innovative education systems, etc. Across a spectrum of services, we work with customer to build a secure environment and provided trainings on cybersecurity, cyberhygiene, do’s and don’t, security incidents response know-how and personal data protection.

~ Our Certifications ~

~ Our Partners ~

~ Recruitment ~

who are we looking for

~ Consultant / Senior Consultant (IT Audit) ~

Job Description:

  • Perform IT Audit of Organization
  • Perform IT Audit of Systems
  • Perform IT Audit of Systems and Development
  • Peform IT Policies Review
  • Perform Compliance Review
  • Perform Vulnerability Assessment
  • Project Management and Delivery

Skills & Experience:

  • Degree in Computer Science/ IT or equivalent
  • 2 to 5 years of consultancy experience in IT Audit or ICT Audit
  • Possess the one or more of the following skills:
    • Familiar with ISO 17799/ ISO 27002/ Singapore Government IM8
    • Familiar with IT or ICT Auditing of:
      • Information Policies
      • Organisation Security Policies
      • Human Resource Security
      • Procurement and Asset Acquisition
      • Asset Management
      • Access Control
      • Operations Security
      • Network Security
      • Application Security
      • Data Security
      • Systems Availability
      • Compliance etc.
    • Familiar with COBIT 5 (added advantage)
  • Experience in performing government related IT Audits will be an added advantage
  • Able to work independently and as a team player
  • Strong verbal and written communication skills in English
  • Strong analytical and problem-solving skills
  • Proactive self-starter with an analytical and creative mind
  • Result and customer oriented with multi-tasking capabilities
  • Demonstrate good project and people skills
  • Must be Singaporean or Singapore PR
  • Possess CISA, CIA, CISSP, ISO Lead Auditor or equivalent
  • GPEN, GWAPT, CREST CPSA, CREST CRT or equivalent (will be an added advantage)

Interested candidates, please send full CV with current and expected salary via email to HR

~ Sales & Account Manager ~

Job Description:

  • Sales & Business Development and Account Management
  • Work closely with the pre-sales and post-sales team in response to tender, quotation or service requests of customers
  • Provide continual support during the pre-sales and post-sales process
  • Gather and understand requirements of customers
  • Prepare proposals for IT Security Consulting and Audit Services
  • Respond to queries and ad-hoc requests of customers
  • Conduct sales / post-sale presentations to customers

Skills & Experience:

  • Diploma or Degree holder
  • 2 to 5 years experience in IT security related sales / pre-sales
  • Able to work independently and as a team player
  • Strong verbal and written communication skills in English
  • Strong analytical and problem-solving skills
  • Proactive self-starter with an analytical and creative mind
  • Result and customer oriented with multi-tasking capabilities
  • Demonstrate good project and people skills
  • Experience in marketing will be an added advantage

Interested candidates, please send full CV with current and expected salary via email to HR

~ Consultant / Senior Consultant (Cyber Security) ~

Job Description:

  • Perform Web Application Pen Test
  • Perform Security Audit and Review
  • Perform Security Testing
  • Perform Secure Code Review
  • Perform Risk Assessment and Consultation
  • Project Management and Delivery

Skills & Experience:

  • Degree in Computer Science or equivalent (Diploma with good experience will also be considered)
  • Knowledge and experience with ASP.NET, C#, VB, PHP, JAVA, SQL databases, and/or web technology
  • Knowledge and experience and good understanding of application security
  • Knowledge on system and network security will be an added advantage
  • Able to work independently and as a team player
  • Strong verbal and written communication skills in English
  • Strong analytical and problem-solving skills
  • Proactive self-starter with an analytical and creative mind
  • Result and customer oriented with multi-tasking capabilities
  • Demonstrate good project and people skills
  • Must be Singaporean or Singapore PR
  • Programming background will be an added advantage
  • Possess CISA, CISSP, CEH, GWAPT, CREST will be an advantage

Interested candidates, please send full CV with current and expected salary via email to HR

~ Contact Us ~

find us here

No 34 Boon Leat Terrace
#05-18 Singapore 119866