This professional is in active search of jobs

engineering Freelancer

About me:

Computer Science by training, 30 years in Information Technology with last 17 years in IT/Cybersecurity, Risk Management & Audit Compliance. Skills and know-how developed and sharpened from work experience in various roles with Global Multi-National Corporation & Conglomerate across multiple sectors/industries, and spent 2.5 years of entrepreneurship in Cybersecurity advisory start-up. 


Graduated with a Bachelor of Science degree, specialized in Computer science and information systems from The National University of Singapore. Obtained COBIT foundation, ISO27001:2013 foundation, CISM, Computer Systems Validation and 21 CFR 21 Part 11, Advance Project Management, IT Governance and Leadership along the journey through continuous learning. Aiming for long-awaited CISSP Certificate by Dec2021.


  • Organizational and personal
    • Competent and fluent in both English/Chinese, Confident in conversing in Cantonese and Malay, Strong executive engagement and articulation skill, Organization and People leadership across different levels, Accomplished risk manager, Organization change catalyst, Motivator for high performance, Problem-solving practitioner
  • Technical: 
    • ISO27001(ISO27002/ISO27005)/ISO22301/ISO9001, COBIT from ISACA, PCI DSS, NIST Cyber Security Framework (NIST SP800-r53/r30/r37), CIS Benchmark, OWASP, MITRE ATT&CK framework, SASE architecture, CREST Penetrating testing, PDPA/EU-GDPR, SAS70/SSAE16 SOX type 1 for Service Provider, Sarbanes-Oxley Act 2002 “SOX” & COSO, IT regulatory compliance CSV, 21 CFR Part 11, Secured Development Life cycle (SDL), SAP R3 enterprise edition 4.3/ECC 6.0 Security & Authorization/GRC 5.3/TMS.
  • Security technology & Services expertise & experience: 
    • Nessus/Qualys/Tanium for Vulnerability management, asset discovery, threat protection and patching | Sophos/Trend Micro-APEX ONE for Endpoint Security: Anti-virus and Anti-malware and Deep Security | Crowdstrike/Carbon Black /SentinelOne for Endpoint Detection & Response (EDR) | Thycotic/CyberArk/BeyondTrust for Privileged access management | Cisco/Forcepoint for NGFW (UTM) Secured Web gateway | MS-CAS/BITGLASS/FORCEPOINT for Cloud Apps Security across multiple SaaS & IaaS | Fraudwatch/Mimecast for Cyber Brand Protection | Trend-micro Deep-Security for EOL/EOS virtual patching | CISCO firepower/Palo Alto |Fortinet/Checkpoint for Network Security IPS, threat hunting & defenses | Meraki MX64 for retail store and warehouse | ARUBA Clear-pass and ARMIS for NAC and XDR | Cato Network for Micro-Network Segmentation | Microsoft Azure AD & Office365 OTP and Window Defender for AZURE/Office365 & Email security | Red & Blue teaming Penetration testing using OWASP/OSSTMM methodology and ZAP and Burp Suite 

0 external recommendations