Penetration Testing Profile
- My first steps into penetration testing started with UNRESTRICTED, SIMULATED attack testing with an elite team in APAC in 2000. This position lasted 5 years before Verizon Business acquired Trusecure’s Asia Pacific professional services. I contributed significantly in finding quite often exotic vulnerabilities in customer networks. The Monetary Authority of Singapore mandated our team as penetration testing service providers for any financial institution wishing to do business in Singapore.
- I was the native English speaker in the team and so took on the task of communicating findings to stakeholders of different levels of IT experience.
- My publication (Security De-Engineering Taylor-Francis Publications - ISBN-10: 1439868344) included 3 chapters on penetration testing and the work received rave reviews from some of the most influential people in the field.
- PwC in 2007 was my first step into application security with blind OWASP testing (DAST) for 8 clients in banking and there was one telco. Since that time blind Appsec has featured heavily in internal and external engagements.
- Through the next 15 years, I performed external and internal appsec and vulnerability assessments, developed vulnerability management capabilities (full risk treatment cycles) at the HLD and LLD phases, leading into Security Operations and service management integration.
- The technologies I worked with: multiple assessment tools, many of which are integrated into Kali Linux today. Symantec CCS. Rapid 7 Insight VM, Tenable SC, Qualys, OpenVAS, Nessus (unauthneicated VA scans), Mcafee VM (formerly Foundstone).
- I developed a tool for Oracle Database 10g, 11g, 12c vulnerability assessment with DBA credentials which was used in several larger organisations in Indonesia.
- In small consultancies I was seen as the go-to resource for penetration testing because of good reviews from their clients.
- Of all the security capabilities, vulnerability management is the one with which I had most exposure in 20 years.
- Various public sector agencies - performed pre-cursor tests in lieu of independent 3rd party penetration tests
Latest Blog Post
CIsco IP Phone Vulnerabilities
March 3, 2023, 2:01 p.m.
Before i continue, it's pertinent to gives a heads up: nothing in this article relates to ChatGPT. Sorry.
Lots of fuss was abound this morning (on the back of articles from yesterday with attention-grabbing headlines) regarding these 2 vulnerabilties disclosed, reported as CVE-2023-20078 and CVE-2023-20079. The first of these is rated 9.8 under CVSS 3.1!! (Oh no).
Security De-engineering, published by Taylor Francis, covers ubiquitous problems in information security and offers a solution in the final chapter
Areas covered: Penetration testing, Hackers, CASEs (Checklists and Standards Evangelists), IDS, Cloud Security, jobs in security, Identity Management, and organisational elements.
Literatecode was established in 2003 as an informal R&D lab and reorganized to a registered business in 2012.
Literatecode specializes in applied research and experimental development to help companies and individuals defend themselves against security threats.