Chua Wee Seng

Red Team Consultant at The ITSEC Group (Full-time)

• Conduct full-scope Red Team operations, including web application penetration testing for SQL injection, broken access control, API vulnerabilities, authentication bypass, and business logic flaws.
• Perform infrastructure penetration testing focusing on Active Directory exploitation (kerberoasting with Rubeus, constrained delegation, forest trust abuse) and advanced privilege escalation.
• Review and harden host configurations for network infrastructure (Aruba ClearPass, Cisco, Fortinet firewalls), collaborating with infrastructure teams to implement security best practices.
• Lead vulnerability assessments and guide remediation efforts, translating technical findings into actionable recommendations for stakeholders.
• Deliver wireless security assessments (WPA2/3 cracking, rogue AP detection) to strengthen Wi-Fi defenses.
• Communicate complex technical findings clearly to stakeholders, mapping vulnerabilities to business impact to facilitate informed risk mitigation.
• Balance consulting responsibilities with pursuing a Master’s in AI (NTU) and developing an AI-driven pentesting platform (Obsidian Roadmap).
• Achieve key industry certifications (CRTO, CREST CPSA, CREST CRT) and apply CVSS 4.0 guidelines to validate and enhance offensive security expertise within 6months of joining.

• As an Offensive Security Specialist in Mercedes-Benz, I've acquired Invaluable skillsets of penetration testing methodologies and mastery of various offensive security tooling. That's versatile in both Linux and Windows environments.
• Through Internal web-application testing to Active Directories attacks experiences. my confidence to contribute to the organization's overall security posture is high. For having seen and experienced both the inner workings of Defensive (Blue) and Offensive (Red) security.
• Vulnerability Disclosure Program Lead: Assuming leadership role in Mercedes-Benz Vulnerability Disclosure Program (VDP), ensuring comprehensive security analysis and validation of all Proof of Concept (PoC) submissions, achieved a 100% verification rate.
• Mercedes-Benz Bug Bounty Program (BB) Lead: Launched and secured a €30K budget for the Mercedes-Benz Bug Bounty Program, coordinating closely with internal stakeholders across APAC, China, NAFTA, and EMEA. Successfully worked to onboard high-caliber researchers and Hall of Famers, including notable figures like Sam Curry, for private testing initiatives. Partnered with Bug crowd to structure incentives and streamline reporting, driving high-quality findings and facilitating seamless collaboration between security teams and researchers for enhanced vulnerability management.
• Expertise in Threat Analysis & Remediation: Providing Technique & Tactic Procedures (TTPs) walkthrough and remediation recommendation including but not limited to CVSS Ratings, CVSS Vector Strings and Impacts analysis to Mercedes-Benz AG's Defensive Security Team.
• Global Collaboration: Fostered international synergy by coordinating with EMEA and NAFTA security teams, alongside interfacing with Legal and Communications to refine the VDP's procedural framework, ensuring seamless response consistency across 20+ incidents per quarter.
• Project Leadership: Leading and setting up Mobility Pentesting Project. A project aimed at supplying vendors with virtual environment to perform Pentesting operations, reducing set up time by 30% and increasing testing efficiency.
• Automation of Security Processes: Automated Vulnerability Alerting Process (VAP) to Internal stakeholders. Through Python Scripting to parse, convert JSON data from Vuln DB API and automatically upload stylized HTML pages onto Confluence.
• Rapid Skill Acquisition and Certification: Obtaining Offensive Security Certified Professional (OSCP) certificate in 3 months.

• The role of Cyber Security Defense Analyst (IR Team) in NTU has equipped me with expertise in various security tools and techniques. Furthermore, as our cyber team is new, I took on several initiatives, such as, creating workflow and processes to facilitate incident responding as highlighted in the points below:
• Reduced SOC Analyst mail monitoring labor by >30%, via Integrating functions to automate/resolve Spam Mails (Tools: PhishER).
• Wrote YARA algorithm to Identify and tag user-reported mail with 5 different priorities (Critical, High, Medium, Low, Unknown).
• Created workflow and playbook to counter Phishing Threat within NTU Mail Server.
• Performed Threat hunting and recovery, including logs analysis, SIEM (Splunk), Forensic Imaging. (Identification, containment, eradication, recovery, AAR)
• Integrated of Active Directory Federation Service for XDR (TrendMicro Vision One).
• Configuring alerts between SIEM (Splunk) and XDR (TrendMicro Vision One).

• As Deputy S3 of 30th Battalion, Singapore Combat Engineer (30SCE). Some of accomplishment includes:
• Forecasti and Planned Battalion's Training Programs.
• Improved Battalion's Training Lesson Plans in Accordance with Army Training Directives.
• Managed over 250 National Servicemen's Individual KPI.
• Coordinated and Organized Cross Division & Battalion Events.
• Performed Interview and Counseling for new recruits of Battalion.
• Appointed to Plan Counter-Terrorism Operations for 30SCE with Singapore Police Force (SPF).

• Organized brainstorming sessions between cross-functional teams to develop strategy and creative ideas for future events.
• Researched assigned events and identified possible partnerships aligned with event concepts.
• Organized logistics and materials for each meeting, arranged spaces and took detailed notes for later dissemination to key stakeholders.
• Coordinated florists, photographers, videographers, musicians, officiants and ceremony participants during rehearsals and pre-ceremony, ceremony and reception events.