Summary
Overview
Work History
Education
Skills
Certification
Software
Interests
Timeline
Generic
Chua Wee Seng

Chua Wee Seng

Offensive Security Specialist
Singapore

Summary

Passionate about information security since age 13, when discovering my first Maple Story Private Game Server, I became captivated by exploiting vulnerabilities and leveraging cutting-edge tools for an advantage. Today, equipped with a foundations in Computer Science, Cybersecurity, and Artificial Intelligence, I am now pursuing a Master's in Artificial Intelligence at Nanyang Technological University.

Overview

10
10
years of professional experience
9
9
years of post-secondary education
16
16
Certifications

Work History

Red Team Consultant

The ITSEC Group
12.2024 - Current

Red Team Consultant at The ITSEC Group (Full-time)

  • Conduct full-scope Red Team operations, including web application penetration testing for SQL injection, broken access control, API vulnerabilities, authentication bypass, and business logic flaws.
  • Perform infrastructure penetration testing focusing on Active Directory exploitation (kerberoasting with Rubeus, constrained delegation, forest trust abuse) and advanced privilege escalation.
  • Review and harden host configurations for network infrastructure (Aruba ClearPass, Cisco, Fortinet firewalls), collaborating with infrastructure teams to implement security best practices.
  • Lead vulnerability assessments and guide remediation efforts, translating technical findings into actionable recommendations for stakeholders.
  • Deliver wireless security assessments (WPA2/3 cracking, rogue AP detection) to strengthen Wi-Fi defenses.
  • Communicate complex technical findings clearly to stakeholders, mapping vulnerabilities to business impact to facilitate informed risk mitigation.
  • Balance consulting responsibilities with pursuing a Master’s in AI (NTU) and developing an AI-driven pentesting platform (Obsidian Roadmap).
  • Achieve key industry certifications (CRTO, CREST CPSA, CREST CRT) and apply CVSS 4.0 guidelines to validate and enhance offensive security expertise within 6months of joining.

Offensive Security Senior Executive

Mercedes-Benz Group AG
04.2023 - 10.2024
  • As an Offensive Security Specialist in Mercedes-Benz, I've acquired Invaluable skillsets of penetration testing methodologies and mastery of various offensive security tooling. That's versatile in both Linux and Windows environments.
  • Through Internal web-application testing to Active Directories attacks experiences. my confidence to contribute to the organization's overall security posture is high. For having seen and experienced both the inner workings of Defensive (Blue) and Offensive (Red) security.
  • Vulnerability Disclosure Program Lead: Assuming leadership role in Mercedes-Benz Vulnerability Disclosure Program (VDP), ensuring comprehensive security analysis and validation of all Proof of Concept (PoC) submissions, achieved a 100% verification rate.
  • Mercedes-Benz Bug Bounty Program (BB) Lead: Launched and secured a €30K budget for the Mercedes-Benz Bug Bounty Program, coordinating closely with internal stakeholders across APAC, China, NAFTA, and EMEA. Successfully worked to onboard high-caliber researchers and Hall of Famers, including notable figures like Sam Curry, for private testing initiatives. Partnered with Bug crowd to structure incentives and streamline reporting, driving high-quality findings and facilitating seamless collaboration between security teams and researchers for enhanced vulnerability management.
  • Expertise in Threat Analysis & Remediation: Providing Technique & Tactic Procedures (TTPs) walkthrough and remediation recommendation including but not limited to CVSS Ratings, CVSS Vector Strings and Impacts analysis to Mercedes-Benz AG's Defensive Security Team.
  • Global Collaboration: Fostered international synergy by coordinating with EMEA and NAFTA security teams, alongside interfacing with Legal and Communications to refine the VDP's procedural framework, ensuring seamless response consistency across 20+ incidents per quarter.
  • Project Leadership: Leading and setting up Mobility Pentesting Project. A project aimed at supplying vendors with virtual environment to perform Pentesting operations, reducing set up time by 30% and increasing testing efficiency.
  • Automation of Security Processes: Automated Vulnerability Alerting Process (VAP) to Internal stakeholders. Through Python Scripting to parse, convert JSON data from Vuln DB API and automatically upload stylized HTML pages onto Confluence.
  • Rapid Skill Acquisition and Certification: Obtaining Offensive Security Certified Professional (OSCP) certificate in 3 months.

Cyber Security Defense Analyst

Nanyang Technological University
02.2022 - 04.2023
  • The role of Cyber Security Defense Analyst (IR Team) in NTU has equipped me with expertise in various security tools and techniques. Furthermore, as our cyber team is new, I took on several initiatives, such as, creating workflow and processes to facilitate incident responding as highlighted in the points below:
  • Reduced SOC Analyst mail monitoring labor by >30%, via Integrating functions to automate/resolve Spam Mails (Tools: PhishER).
  • Wrote YARA algorithm to Identify and tag user-reported mail with 5 different priorities (Critical, High, Medium, Low, Unknown).
  • Created workflow and playbook to counter Phishing Threat within NTU Mail Server.
  • Performed Threat hunting and recovery, including logs analysis, SIEM (Splunk), Forensic Imaging. (Identification, containment, eradication, recovery, AAR)
  • Integrated of Active Directory Federation Service for XDR (TrendMicro Vision One).
  • Configuring alerts between SIEM (Splunk) and XDR (TrendMicro Vision One).

Deputy S3

National Service
07.2016 - 05.2018
  • As Deputy S3 of 30th Battalion, Singapore Combat Engineer (30SCE). Some of accomplishment includes:
  • Forecasti and Planned Battalion's Training Programs.
  • Improved Battalion's Training Lesson Plans in Accordance with Army Training Directives.
  • Managed over 250 National Servicemen's Individual KPI.
  • Coordinated and Organized Cross Division & Battalion Events.
  • Performed Interview and Counseling for new recruits of Battalion.
  • Appointed to Plan Counter-Terrorism Operations for 30SCE with Singapore Police Force (SPF).

Event Management Intern

Poulose Associate PTE LTD
03.2015 - 08.2015
  • Organized brainstorming sessions between cross-functional teams to develop strategy and creative ideas for future events.
  • Researched assigned events and identified possible partnerships aligned with event concepts.
  • Organized logistics and materials for each meeting, arranged spaces and took detailed notes for later dissemination to key stakeholders.
  • Coordinated florists, photographers, videographers, musicians, officiants and ceremony participants during rehearsals and pre-ceremony, ceremony and reception events.

Education

Master of Science - Artificial Intelligence

Nanyang Technological University (NTU)
08.2024 - 12.2026

Bachelor of Computer Science - Digital Systems Security

University of Wollongong
Wollongong, NSW
09.2018 - 09.2021

Diploma in Leisure & Resort Management - Business in Leisure & Resort Management

Temasek Polytechnic
04.2013 - 04.2016

SGUS Cybersecurity - Security Operation Analyst

Singapore Polytechnic
12.2020 - 10.2021

Skills

English

Mandarin

German (Beginner)

Certification

CREST Registered Penetration Tester (CRT)

Software

Cobalt Strike

Burp Suite Professional

Tenable Nessus

Kali Linux

Trend Micro Vision One (XDR)

KnowBe4 PhishER (SOAR)

Fortify (Source Code Review)

Python

Java/JavaScript

C/C#

Assembly

Interests

Offensive Security
Artificial Intelligence
Sports (Basketball, Soccer, Rock Climbing)
Self-improvement

Timeline

CREST Practitioner Security Analyst (CPSA)

05-2025

Certified Red Team Operator (CRTO)

05-2025

CVSS v4.0 Certificate

05-2025

Red Team Consultant

The ITSEC Group
12.2024 - Current

Master of Science - Artificial Intelligence

Nanyang Technological University (NTU)
08.2024 - 12.2026

CREST Registered Penetration Tester (CRT)

05-2024

Corelan Expert Windows (x86) Stack-Based Exploitation

04-2024

HackTheBox BlackSky: Hailstorm (AWS)

03-2024

HackTheBox BlackSky: Blizzard (Google Cloud)

02-2024

HackTheBox BlackSky: Cyclone (MS Azure)

01-2024

Offensive Security Certified Professional (OSCP)

10-2023

Offensive Security Senior Executive

Mercedes-Benz Group AG
04.2023 - 10.2024

ISC² Certified in Cyber Security (CC)

03-2023

EC-Council, Certified Ethical Hacker (CEH)

01-2023

Trend Micro Vision One XDR (Expert Lab Series)

06-2022

Cyber Security Defense Analyst

Nanyang Technological University
02.2022 - 04.2023

Certificate in Job Specialization for Security Operation Analyst, 10/2021

10-2021

Certificate in Essential & Emerging Skills for Employability

02-2021

SGUS Cybersecurity - Security Operation Analyst

Singapore Polytechnic
12.2020 - 10.2021

Bachelor of Computer Science - Digital Systems Security

University of Wollongong
09.2018 - 09.2021

Advance Certificate in Team Leadership

05-2017

Certificate in Analytics, Cybersecurity, AI & Blockchain

01-2017

Deputy S3

National Service
07.2016 - 05.2018

Event Management Intern

Poulose Associate PTE LTD
03.2015 - 08.2015

Diploma in Leisure & Resort Management - Business in Leisure & Resort Management

Temasek Polytechnic
04.2013 - 04.2016
Chua Wee SengOffensive Security Specialist