Integrated 'Shift Left' security practices into the SDLC by partnering with engineering teams for the development of internal systems. Conduct deep-dive audits of Golang source code and RESTful APIs, remediating vulnerabilities prior to production.
Constructed the mapping of complex AWS and on-premise network topology, and performed security audits of firewalls and AWS Security Groups to eliminate misconfigurations and enforce least-privilege access.
Developed and evaluated a prototype fuzzer based on recent research
Led Proof of Concept (POC) evaluations for third-party security vendors, aligning technical capabilities with organisational risk requirements to ensure high-ROI tool acquisition.
Executed security assessments of client-facing applications at the pre-launch stage using BurpSuite, ensuring all vulnerabilities were addressed to protect the brand and user data upon public release
DSO National Laboratories – Cybersecurity Research Intern
May 2024 – Aug 2024
Made use of state of the art fuzzers like AFL++ to test and identify vulnerabilities in Linux programs
Analysed the C code of existing AFL++ variant to understand how the program works and identify areas of improvement
Developed an prototype fuzzer built on top of current fuzzer written in C by integrating new research ideas published in recent years. Tested prototype and confirmed its improvement in performance. Documented code changes for the supervisor
Researched on new fuzzing strategies that improves efficiency on detecting vulnerabilities in program
Debugged C/C++ programs using GDB
Phillip Capital – Software Development Intern
May 2023 – Jul 2023
Developed a web scraping program using Python for retrieving mass data quickly from the web, freeing up staff's time from repetitive tasks.
Analysed a C++ program that retrieves and processes real time data. Documented program's flow for the software development team.
Analysed existing data flow framework, and suggested ideas on a necessary revamp in existing framework due to a change of data source.
Made use of robotic process automation to replace important SMS messages with Microsoft Teams messages, helping save $2000-$3000 every month.
Projects
Cloud Resume Challenge
Deployed serverless cloud resume website on AWS using S3, CloudFront, Lambda, and DynamoDB.
Provisioned multi-environment infrastructure using Terraform with remote state in S3 and locking via DynamoDB.
Built CI/CD pipeline with GitHub Actions integrating security scanning (CodeQL, tfsec) and SCA (Syft + Grype).
Secured pipeline access using GitHub OIDC authentication with least-privilege IAM policies.
Hobbies & Interests
Casual hiking
Travelling to natural destinations around the world