About
Penetration tester. Former educator. Deliberately both.
The teaching years
From 2010 to 2020, I taught Economics at junior college level in Singapore. A decade of breaking down complex systems for students who needed to understand them — not just pass exams. It shaped how I think about learning, communication, and what it actually means to explain something well.
Teaching forces rigour. You can't hand-wave at a concept in front of a class. You have to know where the edge cases are, anticipate the wrong mental models students will form, and find the framing that makes something click. That discipline transfers further than you'd expect.
The switch
The move into cybersecurity wasn't accidental. I'd been interested in the field for years — following security research, reading CVE analyses, tinkering at home. At some point the gap between interest and career became something I couldn't ignore.
I made the switch deliberately, not impulsively. Started with foundational certifications, worked through the technical gaps methodically, and leaned hard into the one advantage I had: I know how to study, and I know how to learn in the open.
Now
Currently seconded to a government-linked organisation in Singapore, working in penetration testing. The work is technical and the stakes are real. The teaching background isn't irrelevant — clear documentation, structured thinking, and the ability to explain findings to non-technical stakeholders matter more than most people admit.
This site exists as a public record of the work: the writing, the projects, the thinking. The goal is to be useful — to people making similar career transitions, to anyone building security knowledge, and to anyone who needs to know what I can do.
Certifications
Ordered by recognition. The Offensive Security ones require lab time and real exploitation — they can't be crammed. Click any card to verify.
OffSec Certified Professional+
The industry benchmark for hands-on offensive security. 24-hour practical exam, live machines, no multiple choice. Issued Apr 2025 · Expires Apr 2028.
OffSec Exploit Developer
Windows exploit development — SEH-based overflows, egghunters, custom shellcode, and DEP/ASLR bypass. Requires understanding memory at a low level. Issued Dec 2025.
OffSec Certified Professional
Practical penetration testing certification — enumerating, exploiting, and pivoting across live networks under exam conditions. Issued Apr 2025.
GIAC Certified Incident Handler
Validates ability to detect, respond to, and resolve security incidents. Covers attack techniques, vectors, and defensive response at a practitioner level.
GIAC Advisory Board Member
Invitation-only membership extended to GIAC-certified professionals who demonstrate exemplary exam performance. Members are consulted as subject-matter experts.
FIRST CVSS v3.1 Certificate
Demonstrates proficiency in applying the Common Vulnerability Scoring System v3.1 for consistent vulnerability severity assessment. Issued Feb 2026.
OffSec Experienced Penetration Tester
Advanced evasion techniques, Active Directory attacks, and antivirus bypass. Designed for practitioners ready to go beyond OSCP.
Burp Suite Certified Practitioner
Web application security — covers the full PortSwigger Web Security Academy syllabus in a timed, practical exam format.
Events & Competitions
Competitions and events I've participated in outside of day-to-day work. Learning by doing, in public.
The InfoSecurity Challenge — Singapore's national cybersecurity individual challenge run by CSITECH. A multi-stage CTF covering a broad range of offensive and defensive security domains.
An international open-source intelligence competition testing geolocation, research, and digital investigation skills across a range of real-world-style challenges.