
Get there faster in 7 weeks so you don’t end up like Joe!
Want to learn about “Cyber-Security” but not sure where to start or you are already overwhelmed & confused by the sheer amount of noise out there? This is the right place!
Why you should read further?
Stand out & BE HIRED!
I had a few batches of undergrad interns, almost all of them were well equipped by me to be hired very quickly:
- Jon started with zero experience, got spotted & hired by DSTA towards tail end of internship while contesting in their Capture-the-Flag event.
- Choong Mun & Wen Siang created this explainer video: https://www.youtube.com/watch?v=FNpro0vE3dU towards tail-end, got calls for interviews very quickly
- Even my 1st year undergrad Intern YJ was able to share his in-depth journey during COVID lock-down, we had a blast working from home: https://jymcheong.notion.site/YJ-s-Internship-c9c14b6f5c8e4827b8b0a9f33c499137 His posts are well received on LinkedIn, don’t think he has problem getting hired!
Ok ok.. enough of social proofing…
Are my “materials” good enough?
I drafted keynote speech for my boss’s boss who presented at Singapore’s Govware 2022.

Editor-in-Chief of Cyber Startup Observatory found my past interview worthy of republishing.

A subset of my past achievements (Jym, you are just showing off… just get me to the gists!):
- As Intern (2003), I developed the 1st multi-user WinCE Singapore Police Force Traffic Enforcement app (that’s way before things like iOS & Android) & augmented native mail app to enforce multi-user AES storage encryption.
- Knowledge-Transfer of 1st batch of Singapore ICA (immigration) passport scanners was pioneered by me. I also pioneered the product development of > 50% cost-effective versions of such multi-illumination optical scanners that are deployed in ALL money changers in Singapore.
- Created the first ICAO PKI LDS verification SDK used by Immigration hand-held devices based on WinCE.
- Early generation of SingPass (national authentication system) root cause analysis to trace very obscure issues through the use of visual source-code analysis, in < 1 week of joining ex-company. It was troubleshooting secure codes within Hardware Security Module enclaves.
- Product development & patent of a virtual printer driver that cut down the time to deliver service-value from months to days. I also designed & implemented self-service software licensing sub-systems to encourage adoption of optical security solutions.
- Delivered ST Engineering Cyber Security Operations Center on time & within budget (a few million SGD). As technical lead, I drafted Tender Technical Specifications, managed Product Testing & Vendor short-listing, project delivery … to co-development of detection use-cases along side with HPE Security consultants, & as advisor to various business stake-holders. Before that, I was deeply involved with other government SOCs to learn various pain-points, in-depth understanding of what works & what doesn’t.
- Test & Evaluation of cutting edge startups. Grew a team of fresh hire & mid-career engineers to evaluate product categories that are now buzz-words. We tested cutting edge stuff (then) to understand strengths & weaknesses. Things like Malware Sandboxes, Remote-Browsers, Continous Validation, Cyber-Range Automation, Endpoint Detection & Response, User Endpoint Behaviorial Analytics & the likes.
Author of Free Endpoint Defense & Response platform (2021 to now), design & developed end-to-end, from host sensors, event transportation to backend analytics & operations UI.
Getting Started (2 weeks)
Concepts & Mental Models
- The whole point of this profession is Risk Management (←click to read)!
- What are the Necessary & Sufficient Conditions of Attacks? Why bother? All conditions met → high risks!
- ALL logical attacks are based on:
- Adversary-in-the-Middle (intercept data, steal identity or session... impacts confidentiality) &/or
- Code-Execution (exert remote control over assets or blast/encrypt it till system dies/ unusable; integrity of system questionable, availability is lost)
Practical Hands-on to strengthen understanding & applications
Let’s start with the 2 most deployed Operating Systems on this planet:
- Code-Execution 101
- What is it? How to spot it? Get acquainted with Windows EventLog & Sysmon
- Be the attacker (my 1st year undergrad Intern’s adventure, have a look)!
- Disrupt PE file-based malware with ETW
Rethink & Revamp (3 weeks - Coming soon)
- Goodbye Passwords!
- Software Defined Perimeters & Invisible Mesh Networks - reduce Attack Surface
- Rethink App Security
For Developers (2 weeks - Coming soon)
Already good at programming? Try these!
- Develop Ransomware protection agent
- Develop event linking & process attribution with Graph Database
- Defensible Architectures - Distributed . Immutable . Ephemeral system design properties