Chew Yong Shan

Senior Cybersecurity Professional | Penetration Tester | SOC Analyst

Resourceful cybersecurity professional with 4+ years of comprehensive experience spanning Blue Team operations and Red Team engagements. Proven track record of managing multi-million ringgit security projects and identifying critical vulnerabilities.

Chew Yong Shan - Cybersecurity Professional
4+ Years Experience
6 Certifications
5 Industries Served

About Me

I am a dedicated cybersecurity professional with expertise across penetration testing, incident response, and cloud security assessments. I hold multiple industry certifications including CRTP, OSCP, PNPT, ECIR, and CARTP, demonstrating comprehensive knowledge across various security domains.

My experience includes managing multi-million ringgit security projects, leading cross-functional teams, and identifying critical vulnerabilities across web applications, mobile platforms, and cloud environments. I am committed to continuous learning and professional growth, with a strategic focus on transitioning into risk management and cybersecurity leadership roles.

Education

Bachelor of Information Technology (Hons.) Security Technology

Multimedia University, Malaysia

CGPA: 3.99, GPA: 4.0

Achieved MMU Degree First Class Honor

Final Year Research Report 'Deep Analysis for Smartphone-based Human Activity Recognition' accepted and published in IEEE

Languages

Chinese
English
Malay
German

Soft Skills

Communication
Teamwork
Leadership
Organization

Work Experience

Senior Analyst - Cybersecurity | Assistant Manager

Sunway Shared Services Sdn. Bhd. August 2024 - Present Kuala Lumpur, Malaysia

Sunway Group is one of Southeast Asia's leading conglomerates with 13 business divisions across more than 30 locations primarily in Asia.

Key Qualifications & Responsibilities:

  • Lead comprehensive VAPT initiatives
  • Manage penetration testing team
  • Oversee security testing projects
  • Conduct external client engagements

Key Achievements:

  • Managed RM630K+ in security projects
  • Identified 25+ critical and high-severity vulnerabilities
  • Developed mobile penetration testing training programs
  • Established comprehensive Knowledge Management System
  • Led annual phishing simulation exercise

Senior Associate - Cybersecurity

PricewaterhouseCoopers Risk Services Sdn. Bhd. (PwC MYVN) January 2023 - July 2024 (1 year and 7 months) Kuala Lumpur, Malaysia

PricewaterhouseCoopers is an international professional services brand of firm, operating as partnerships under the PwC brand. It is the second-largest professional services network in the world and is considered one of the Big Four accounting firms.

Key Qualifications & Responsibilities:

  • Execute end-to-end VAPT services
  • Lead cyber incident response initiatives
  • Deploy and maintain SOC SIEM infrastructure
  • Design and implement security awareness training programs

Key Achievements:

  • Conducted 15+ penetration tests
  • Executed phishing simulation for Thailand bank
  • Delivered cyber crisis consultation for Malaysian Pension Fund
  • Led crisis simulation exercises for Malaysia's National Payment Service Provider
  • Spearheaded SOC deployment at PwC DarkLab

Specialist Cyber Security | SOC Analyst L1

Infineon Technologies (Malaysia) Sdn. Bhd. October 2020 – December 2022 (2 years 3 months) Melaka, Malaysia

Infineon Technologies is a German semiconductor manufacturer and is one of the ten largest semiconductor manufacturers worldwide.

Key Qualifications & Responsibilities:

  • Monitor and analyze security events across global semiconductor manufacturing infrastructure
  • Perform incident response and threat analysis using SIEM, HIDS, NIDS, and network packet analyzers
  • Manage security tools portfolio including Microsoft ATP, FireEye NX/EX, ForcePoint, TrendMicro, and LogRhythm
  • Conduct forensics analysis and system artifact examination during security incidents
  • Contribute to security policy development and awareness program implementation

Key Achievements:

  • Processed 10K+ security alerts monthly, maintaining 99.5% SLA compliance for incident response
  • Implemented Cisco IronPort email filtering rules, reducing spam by 95% across 15K+ employee base
  • Completed 6-month international assignment in Austria and Germany, collaborating with multinational CYBER IRT team
  • Led Aurora EDR sandbox POC for Fab/CEP environments, improving malware detection rates by 60%
  • Developed Advanced Phishing Report Plugin for Outlook using Lucy platform, deployed to 15K+ users
  • Participated in Reverse Mentoring program with 6-person multinational team as part of International Graduate Program

Technical Skills

Penetration Testing

Web Applications:

File Upload attacks Injection attacks Advanced XSS/CSRF Broken Authentication Session Hijacking LFI/RFI SQL Injection XXE Command Injection Clickjacking

Tools:

Nmap Nessus Nuclei Nikto XSStrike SQLMap BurpSuite Pro Postman Metasploit Sliver C2 Shellter Empire Frida ADB MobSF JAD

Azure Cloud Security

Attack Techniques:

Azure Services Discovery Storage Accounts Enumeration Key Vaults Enterprise Apps App Services Logic Apps Function Apps RBAC role abuse Azure AD roles Golden SAML Service Principals

Tools:

AADinternals Az PowerShell Azure CLI ROADtools AzureHound Microsoft Graph API

Active Directory Attack

Attack Techniques:

Golden/Silver/Diamond Tickets Skeleton Key DSRM Kerberoasting Constrained/Unconstrained Delegation

Tools:

PowerView PowerUp Invoke-Mimikatz Rubeus Kekeo

AV and Detection Bypass

Tools:

Sliver C2 InviShell DefenderCheck NetLoader ScriptBlocking Bypass

Incident Response

Tools:

The Hive (MISP+ Cortex engine) Microsoft ATP ELK stack LogRhythm FireEye IronPort SolarWind Joe Sandbox AIL Asgard (THOR) Mercury (Quointelligence)

SIEM & Security Operations

Platforms:

Wazuh Cortex Analyzer theHive MISP Jira Elastic Kibana Logstash FileBeat

Programming Language/Scripting

Languages:

C++ Python PHP React JS BASH HTML/CSS PowerShell

Infrastructure & Cloud

Platforms:

VirtualBox AWS VMware vSphere

Operating Systems:

Windows Linux (Debian) macOS

Data Analytics & Automation

Tools:

PowerBI Alteryx Git GitLab RunDeck Keras Anaconda Jupyter Notebook

Professional Certifications

Certified Azure Red Team Professional (CARTP)

Altered Security

Issued: July 2026

Credential ID: AZLID2772

Show credential

Certified Red Team Professional (CRTP)

Altered Security

Issued: Oct 2024

Credential ID: ADUD9716

Show credential

Offensive Security Certified Professional (OSCP)

OffSec

Issued: Mar 2024

Credential ID: OS-101-57094

Show credential

Practical Network Penetration Tester (PNPT)

TCM Security

Issued: Jun 2023

Credential ID: 76214054

Show credential

Certified Incident Responder (eCIR)

eLearnSecurity

Issued: October 2021

Credential ID: 9026181

Show credential

Certified Ethical Hacker (CEHv10)

EC-Council

Issued: December 2019

Credential ID: ECC9147028365

Show credential

Get In Touch

Email

chewys96@gmail.com

Phone

+601111111111

Location

Kuala Lumpur, Malaysia

LinkedIn

Connect with me on LinkedIn

GitHub

Check out my projects