Integrated 'Shift Left' security practices into the SDLC by partnering with engineering teams for the development of internal systems. Conduct deep-dive audits of Golang source code and RESTful APIs, remediating vulnerabilities prior to production.
Constructed the mapping of complex AWS and on-premise network topology, and performed security audits of firewalls and AWS Security Groups to eliminate misconfigurations and enforce least-privilege access.
Detected and reported an InfluxDB injection vulnerability during code review, managing end-to-end disclosure and formally tracking remediation through Jira
Developed a custom Claude AI skill to automate sensitive data exposure detection in source code, leveraging it to identify plaintext passphrase logging. Coordinated with DevOps to restrict log access and remediated the issue by working with developers to remove the exposure at the code level
Led Proof of Concept (POC) evaluations for third-party security vendors, aligning technical capabilities with organisational risk requirements to ensure high-ROI tool acquisition.
Executed security assessments of client-facing applications at the pre-launch stage using BurpSuite, ensuring all vulnerabilities were addressed to protect the brand and user data upon public release
DSO National Laboratories – Cybersecurity Research Intern
May 2024 – Aug 2024
Made use of state of the art fuzzers like AFL++ to test and identify vulnerabilities in Linux programs
Analysed the C code of existing AFL++ variant to understand how the program works and identify areas of improvement
Developed an prototype fuzzer built on top of current fuzzer written in C by integrating new research ideas published in recent years. Tested prototype and confirmed its improvement in performance. Documented code changes for the supervisor
Researched on new fuzzing strategies that improves efficiency on detecting vulnerabilities in program
Debugged C/C++ programs using GDB
Phillip Capital – Software Development Intern
May 2023 – Jul 2023
Developed a web scraping program using Python for retrieving mass data quickly from the web, freeing up staff's time from repetitive tasks.
Analysed a C++ program that retrieves and processes real time data. Documented program's flow for the software development team.
Analysed existing data flow framework, and suggested ideas on a necessary revamp in existing framework due to a change of data source.
Made use of robotic process automation to replace important SMS messages with Microsoft Teams messages, helping save $2000-$3000 every month.
Projects
Cloud Resume Challenge
Deployed serverless cloud resume website on AWS using S3, CloudFront, API Gateway, Lambda, and DynamoDB, with CloudFlare as DNS and TLS certificate stored in ACM
Provisioned multi-environment infrastructure using Terraform with remote state in S3 and locking via DynamoDB
Built CI/CD pipeline with GitHub Actions integrating security scanning (CodeQL, tfsec) and SCA (Syft + Grype)
Secured pipeline access using GitHub OIDC authentication with least-privilege IAM policies.
Phishing URL Scanner
Designed and implemented defense-in-depth for a Go-based URL scanner across container, cluster, and cloud layers, covering image hardening, pod security, network segmentation, IAM, and secrets management
Authored a Kubernetes NetworkPolicy implementing least-privilege ingress and egress traffic
Automated security scanning in CI/CD via GitHub Actions with SAST (Semgrep), secret detection (Gitleaks), and container scanning (Trivy), gating PR merges on high and critical severity
Eliminated long-lived cloud credentials in workloads by configuring IRSA for the AWS Load Balancer Controller and External Secrets Operator, federating pod identity through the EKS OIDC provider
Hobbies & Interests
Casual hiking
Travelling to natural destinations around the world