My Resume

Academic History

 

MIT Global Entrepreneurship Bootcamp
– Massachusetts Institute of Technology

Master of Business Administration (MBA)
– Cardiff Metropolitan University

Stanford Go2Market Program
– Stanford University Graduate School of Business

Bachelor of Science (Hons) Degree in Information Technology
– University of Greenwich, UK

Advanced Diploma in Computing
– Sunway University

 

Professional Certification (IT)

  • Certified Blockchain Expert V2 (CBE) – Blockchain Council
  • Certified Bitcoin Professional (CBP) – Crypto Currency Certification Consortium
  • Qualys Guard Certified Specialist
  • Information Technology Infrastructure Library (ITIL) – IT Service Management
  • GIAC Certified Forensic Analyst (GCFA)
  • Cisco Certified Security Professional (CCSP) – Cisco IDS Specialist
  • Cisco Certified Network Associates (CCNA)
  • Certified Ethical Hacker (CEH)
  • Microsoft Certified Systems Administrator (MCSA)
  • Microsoft Certified Professional (MCP)

Professional Certification (Non-IT)

  • Diploma Certification in Antiques and Appraisal Studies
  • Certified Professional Member, Asheford Institute of Antiques
  • Competent Antiques Appraiser for US, England and Canada

 

Professional Experiences

 

1. COO & Co-founder, RENT MARKET SDN. BHD.

Provides the leadership, management and vision necessary to ensure that the company has the proper operational controls, administrative and reporting procedures, and people systems in place to effectively grow the organization and to ensure financial strength and operating efficiency.

Key responsibilities for,

  • Designing and implementing business strategies, plans and procedures
  • Establishing policies that promote company culture and vision
  • Overseeing operations of the company and the work of executives (IT, Marketing, HR, Sales, Finance etc.)
  • Measures effectiveness and efficiency of operational processes both internally and externally and finds ways to improve processes
  • Lead the strategy and all aspect of company’s technological infrastructure and platform development, and establish the company’s technical vision
  • Acts as a liaison between company and client for quality assurance
  • Assist in raising additional capital at appropriate valuations to enable the company to meet sales, growth, and market share objectives.
  • Provides mentoring to all employees, including management
  • Motivates staff to meet or surpass organisational and sales goals
  • Coordinates with human resources department to recruit skilled talent and keep the best employees
  • Oversees daily operations and makes adjustments as necessary
  • Presents new ideas and cash flow strategies to board of directors and other company officers
  • Directs acquisitions and sales of assets to meet organisation goals and evaluates newly implemented sales plans

 

2. CEO & Founder, ROAMTIFY SDN. BHD.

Manages the overall operations of a company, including product development, marketing, communications, and logistics. Develops and approves strategies to meet investor, consumer, and employee needs. Communicates with people inside and outside the company to discover what policies, products, and marketing strategies will help it move forward. Makes important decisions that affect the company’s direction and its employees.

Key responsibilities for,

  • Develop high quality business strategies and plans ensuring their alignment with short-term and long-term objectives
  • Lead and motivate subordinates to advance employee engagement develop a high performing managerial team
  • Oversee all operations and business activities to ensure they produce the desired results and are consistent with the overall strategy and mission
  • Make high-quality investing decisions to advance the business and increase profits
  • Enforce adherence to legal guidelines and in-house policies to maintain the company’s legality and business ethics
  • Review financial and non-financial reports to devise solutions or improvements
  • Build trust relations with key partners and stakeholders and act as a point of contact for important shareholders
  • Analyze problematic situations and occurrences and provide solutions to ensure company survival and growth
  • Motivates and leads a high-performance management team; attracts, recruits and retains required members of the executive team not currently in place; provides mentoring as a cornerstone to the management career development program.
  • Keeps up with current trends in the industry and modern business practices that will set the company apart from competitors
  • Performs other decisions, such as reviewing reports, making presentations to investors and the board of directors, and examining how the company can cut expenses and increase revenue

 

3. Chief Executive Officer, ANGUSKY SDN.BHD.

IT Consultation, Vulnerabilities Assessment, Penetration Testing, e-Business Development, Enterprise Security Audit and Review for Online, Financial Transaction and Network Infrastructure.

  • Deliver the organisation’s business plan and help the organisation to win contracts from public bodies or develop social enterprise ‘spin offs’
  • Establish and monitor key indicators of the organisation’s impact and financial health
  • Manages the project management process to support the company’s growth
  • Represent the organisation at external events and publicity opportunities
  • Maintain awareness of risks and changes in the external environment that affect the organization
  • Identifies, compares, selects and implements technology solutions to meet current and future needs

Client(s): Telcos, Academic Institution, Government and private sector companies. As a managing director to develop and implement high-level strategies, managing overall operations and resources, lead and manage the teams of HODs and consultants, and provide guidance, mentoring, training where necessary and close-supervision ensuring quality deliverables.

 

4. Associate Director, INFOSEC Co – Security Consulting Services

As a head of department to lead and manage the teams of consultants, and provide guidance, mentoring, training where necessary and close-supervision ensuring quality deliverables. Provides Vulnerabilities Assessment, Penetration Testing, Security Audit and Review for Financial Transaction and Network Infrastructure services.

Key responsibilities for,

  • Liaise with other country’s principal consultants and other domain experts in developing new consulting practices and business services.
  • Conduct operational and supervisory reviews over the various projects being handled by the team of consultants Vetting consultants’
  • reports and deliverables to ensure quality consistency and to the customer’s satisfaction.
  • Provide pre-sales support in the form of technical requirement study of RFPs, writing up proposals and providing advisory in sizing up Scope of Works in a tender, in accordance to the company’s established guidelines.
  • Conduct internal trainings and change where necessary to improve the quality of services
  • Managing Daily Operations and Projects implementation Provision Security Consultancy, Assessment, Audit Services

 

5. Senior Security Specialist, AIG Global Services – ITSRC Global Infrastructure

As a lead specialist to develop regulatory and compliance information security standard and policy. Provide business efficiencies in information security process enhancements needed to the business in achieving information security compliance for AIG Global Infrastructure.

Key responsibilities for,

  • Examine IT risks from a cross-organizational viewpoint including internal and external risks, from a security and compliance perspective and make appropriate recommendations to protect the company from applicable risks and vulnerabilities.
  • Conduct security assessment across country infrastructure to identify vulnerabilities.
  • Develop and deploy web security standard and checklist for AIG Global Infrastructure.
  • Provide advice and solution to Global SMEs to enhance security posture of the organization. Ensure AIG Global compliance with Information Security Policy, Security Standards and Corporate Security policies.
  • Collaborate with divisional CISOs and Business Units to provide information relative to the company’s Information Security Standard and Policy.
  • Participate as a technical advisor for a variety of ad-hoc information security, risk, and compliance projects that will be dictated by current business and technological developments.
  • Conduct eDiscovery and Computer Forensic on Electronically Stored Information for casework through the collections, processing, and delivery process.
  • Principle lead for Qualys Vulnerability Management and BladeLogic Server Automation in APAC region.
  • Coordinate with US’s principal to conduct Cyber Defense including Incident Response and Security Monitoring (scam & phishing email, malware call-back, etc)

Client(s): Global American International Group including APAC, America Regions and EMEA.

 

6. Senior Associate (Assistant Manager), KPMG – Information Technology Advisory (ITA)

Assigned as Lead Security Consultant to perform penetration testing for Online banking. Performed penetration testing for Internet Banking Infrastructure, Financial and Telecommunication Industries. Also covered network and technical review for the business to consumer and business to business infrastructure and critical application for the bank.

Key responsibilities (technical) for,

  • Wireless network review and detecting of rogue access point and War Dialing
  • Scanning and vulnerability analysis from the Internet and internal network
  • Manual inspection of host(Unix/Windows, Database) security settings and configurations
  • Review Firewall rulesets and configuration
  • Network devices assessment review
  • Physical and Logical security audit
  • Performed Web Application penetration testing on the online banking platform builds with broad vision application servers.

Additional responsibilities for,

  • Planning and Preparation of technical proposal and presentation
  • Network Infrastructure Review and provide recommendation for enhancement
  • Conducted operational and security-related risk assessment audit and review to ensure compliance to various international standards, e.g. ISO 27001, SOX, GPIS, and BS7799.

Client(s): Maybank (Malaysia and Singapore), Financial Link Sdn Bhd, Celcom (Malaysia) Berhad, Alliance Bank Group, Khazanah National Berhad, British American Tobacco (Malaysia and Singapore), Shell Group (Miri), Ministry of Higher Education Malaysia, Khan Bank (Mongolia), Tabung Haji, Malaysia Ministry of Finance Malaysia (Treasury).

Incident Response and Forensic Investigation for Network Intrusion

Assigned as Security Consultant to perform investigation for network intrusion incident. It also covered review for the existing network infrastructure and security structure to provide enhancement to prevent future attacks.

Key responsibilities (technical) for,

  • Digital evidence collection, preservation, analysis and presentation.
  • Extract and analyst systems, applications and IDS log files
  • Recovery of deleted, lost and damages files
  • Analyst media and it’s content including altered, damages, removed, hidden or deleted data.
  • Advise, interpret and piece together information for clients in a comprehensive manner and detail a thorough account of events, computer usage and content.
  • Conduct security audits to prevent future attacks.

Client(s): Leading Investment Company in Malaysia [Non-Disclosed]

Regional IT Audit and Consultation

Assigned as Lead Technical Consultant to develop and implement IT audit strategy to integrate IT audit within the financial audit of National Audit Office.

Key responsibilities (technical) for,

  • Perform IT Audit on the Government Financial System on behalf of the Mongolia Auditor General Office.
  • System walkthrough and process analysis for the government financial system.
  • Security review focusing on logical access controls and physical access controls.
  • IT operational review focusing on problems management and issues escalation process, change management, computer operations, backup management and continuity management.
  • Developed and conducted the IT audit training for a numbers of selected resources within MNAO and MOF using Certified Information
  • Systems Auditor and implemented regular monthly seminars relating to IT audit and similar IT themes.
    Client(s): Mongolia National Audit Office (MNAO), Ministry of Finance Mongolia (MOF)

IT General Controls, Business Process Analysis and IT Security Risk Management Review

Assigned as IT/IS Auditor to conduct IT Control review and IS Risk Management Assessment engagements which included the assessment of client’s management of information security, patches and virus management, change management, management of third party contract including service level agreement, support structure, policies and procedures, backup arrangement and business continuity management (BS7799 Standard).

Key responsibilities for,

Information Systems Governance

  • Performed compliance and regulatory work review include:
    IT Internal Audit
  • IT Performance Management and improvement
  • Security Management and Operational Risk
    IT Assess Management
  • Conducted compliance assessment with Bank Negara Malaysia’s GPIS 1 standard
    Project Risk Management
  • Provide ICT architecture advisory to the client to improve on their data centre requirements.
  • Conduct initial review on their architecture requirements.
  • Conduct gap analysis and assessment of the current environment.
  • Provide recommendation to improve the design the blueprint of the architecture
    IS Security Audit
  • Performed Trust Domain audit compliance review for Shell Group of Companies to assess the completeness and accuracy of the Organizations compliance with the Trust Domain Standards and assist in providing recommendations of the security actions for areas of non-compliance.
  • Conducted reviews in scope with the validation for Trust Domain compliancy in the area of Information Security Management Framework, Service Management and Physical Security of Equipment.

Client(s): Panasonic AVC & Industrial Co, Microsoft (Malaysia), Maybank (Malaysia), Royal Dutch / Shell Group (Malaysia and Pakistan), Tokio Marine Carlsberg (Malaysia), Standard Chartered Bank (Malaysia) Berhad, Bursa Malaysia, JP Morgan Bank (Malaysia).

 

7. System Security Specialist, eBworx Berhad

RHB Bank (Malaysia) Project – Internet Corporate Banking System (CAMS) and Digital Collection & Recovery Management System (DCRMS)

Assigned as Security Consultant for the Internet Corporate Banking System and Digital Collection & Recovery Management System. CAMS handles end to end encryption within the multi-tier layer architecture from corporate client up to the back office of the bank. DCRMS handles front office customer request and back office call center processes. The end to end Credit Card Management starting from application entry follows by processing cycle towards disbursement.

Key responsibilities for,

  • Technical Infrastructure and Security Requirement Review
  • Application and System Penetration Testing
  • Vulnerabilities Assessment
  • Produce Hardening and Security Checklist
  • Evaluate and test both hardware(Smart Card, Token) and software(IPSec, PGP) encryption method
  • Configuration Management Testing
    This architecture is developed using Java, XML, XSL, ASP.NET, .NET Web Services connection from Application Server to Oracle 9i Database with IBM WebSphere Server running on HP-UX Server. And as associate with Load Balancer, Token Server and Firewall.

IBK — Internet Retail Banking System Project

As consultant, I was involved in the Internet Retail Banking System –throughout stages of the project life cycle, from user requirement gathering, analysis, design, development and user acceptance testing. Internet Retail Banking System is an Internet browser-based application. The system provides bank customers an alternative channel to perform banking transaction such as fund transfer, balance enquiry, foreign currency rate enquiry, bill payment, etc.

Key responsibilities for,

  • Technical Review and Implement
  • System Development
  • Security Assessment
  • Resolve Technical Issues
    The system are developed using ASP, XML, XSL, JavaScript and Visual Basic 6.0, connecting to a SQL Server 7 Database with Internet Information Server running on Windows 2000 Advanced Server. This system interfaces to the bank’s Host System.

eBworx Security Engineering Group

As a consultant of Security Engineering Group who drives company trustworthy computing initiatives. Conduct penetration tests and supervision at each stage of SDLC. Work with various engineering groups to supervise the design of System Blueprint and Infrastructure. Offer consulting services to external customers on issues related to security. Produce Best Practice, Guideline and Policy documents for internal and external customers. Ensure all deliverables are conforming to requirements (quality) and proper measurements are in place.

Key responsibilities for,

  • Plan and execute security awareness programs and workshops for internal developers
  • Build penetration tool to conduct vulnerability assessment and security audit for all projects
  • Produce security best practices, guidelines, checklists and policies Research 3rd party software and hardware security integration (e.g. token, smart card and HSM)
  • Recommend best security architecture approach
  • Engage and Drive Company Quality Initiatives. Contribute to Quality Contents Implement Standard Compliance (e.g SOX, HIPAA, Basel II)

 

8. Regional IT Consultant, MIS Technologies Center

Training Consultant for IT Professional Course

Key responsibilities for,

  • Conduct vendor credential certification training included: MCSE, ComTia A+/Network+/Security+, LPI, CCNA-TCP/IP, Certified Ethical Hacker, and other customized courses.
  • Developed and Managed training programs and materials. Provide Security Awareness seminar for corporate client (e.g. AC Neilson, Seagate, JPJ, Woman Institute of Management, etc.)
  • Plan, design and implement computer lab with standard operation for company’s branch in Klang Valley.
  • Representative for course preview at oversea (e.g. China, Singapore)

 

9. Practical Trainee, Guinness Anchor Berhad Industrial Attachment

Key responsibilities for,

  • Review and Implement Enterprise Network- a) analysis existing network and propose a new system, b) design infrastructure include BackOffice, Active Directory and Security, c) using scripts to perform automation, d) assign and configure standard protocols & policies.
  • Conduct migration from current system, testing and monitoring.
  • Enable Quality of Service and control bandwidth traffic-handling mechanisms in the network.
  • Provide guidance and recommendations to end market, and provides documentation for the network layout, program reporting and change management.

Technical Skills

Programming: HTML, C++, Visual Basic, Java, PHP, CSS, Scripting.

Database: MS Access, MS SQL Server, MySQL, Oracle, SAP.

Network Technology: MS IIS Server, IBM WepSphere, BEA WebLogic, Apache, Exchange Server, Windows Domains, Cisco IOS, Virtualisation.

Operating System: Windows – 9x, NT, 2000, XP, 2003, Vista, Seven. Unix – Sun Solaris, HP-UX, IBM AIX, OSX. Linux – RedHat, SuSe, Slax, Knoppix, Helix, BackTrack.

Software Applications: MS Office/Visio, Rational Rose, VMWare, FreeMind, MS Threat Analysis and Modeling.

Security Mechanism: SSL, IPSec, VPN, SSH, Token Application, Digital Certificate, Kerberos, SSO, PKI, IDS/IPS, Firewall.

Security Applications: BladeLogic, Qualys, WebScarab, Nmap, Nessus, Nikto, Metasploit, Kismet, Wireshark, SPIKE, Snort, ModemScan, AppScan, WebInspect, Core Impact, Fuzzy tools.

Forensic Applications: EnCase, Sleuth Kit, Autopsy, The Coroners Toolkit, Helix, WinHex, IDA Pro, K-Trace, AccessData Forensic Toolkit.

 

Possess Research

  • Ethical Hacking and Counter Measure
  • Penetration Testing and Vulnerabilities Assessment
  • Commercial & Open Source Honeypot Network deployment
  • Network & Host-based Intrusion Detection/Prevention System
  • Wireless Security and Encryption
  • Develop and Remastering Open Source Security Tools
  • Forensic Investigation and Incident Response
  • Artificial Intelligence, Neural Network and Natural Language Processing
  • Blockchain and Cryptocurrency Technologies

    Professional Membership

  • ACCESS Blockchain Association
  • SANS (System admin, Audit, Network, Security) Institute
  • Information Systems Audit and Control Association (ISACA)
  • Malaysia Open Source Software (MyOSS) Society
  • Malaysia National Computer Confederation (MNCC)
  • National Computing Center (NCC)
  • Members of Wedding and Portrait Photographers Malaysia (WPPM)

    Training Attended

  • MCSE 2000/2003 Course
  • Microsoft .Net Framework
  • MCSE Train-the-Trainer Programme
  • CheckPoint Firewall Workshop
  • EC Council Hacker Halted (Internet Security Seminar and Workshop)
  • Certified Ethical Hacker (CEH) Course
  • Asian Open Source Training Programme
  • Current Security Incidents (CSI) IT Security Conference
  • Linux Technology Solution Workshop
  • HackInTheBox Training Workshop and Conference
  • Oracle 10g: Database Security Workshop
  • Information Risk Management Core Skill
  • SANS Asia Gateway Security Workshop 2008 GIAC SEC508: System Forensics, Investigation and Response Course
  • ITIL in IT Service Management Training
  • EC Council Certified Hacking Forensic Investigator
  • QualysGuard Certified Specialist Training
  • Certified Bitcoin and Blockchain Professional Course