Loading...
Loading...
CREST-credentialed offensive security operators, ISO 27001 lead implementers and incident-response veterans. The people accountable for every engagement we run.
Our leadership team is structured to mirror how Malaysian regulators evaluate cybersecurity vendors: independent technical authority, evidenced credentials, traceable engagement governance and clear accountability for every deliverable. Each function is held by a senior operator with on-the-ground experience inside Malaysian banks, GLCs, telcos and NCII operators — not consultants who have only read the policy documents.
Every penetration test we deliver is signed off by a CREST-credentialed lead. Every compliance engagement is led by an ISO 27001 lead implementer or PCI QSA. Every incident-response retainer is held against a documented escalation path with the Head of Penetration Testing and CTO on the on-call rota.
nCrypt Malaysia
Sets the strategic direction of nCrypt Malaysia, owns regulator relationships with BNM, NACSA and PDP, and chairs the engagement governance board. Twenty-plus years in financial-services security leadership across ASEAN, with prior roles spanning Big-4 advisory, GLC CISO and capital-market regulator engagements.
Certifications
nCrypt Malaysia
Owns the technical platform, the offensive R&D programme and the toolchain our consultants use. Drives proprietary methodologies for cloud, OT/ICS and AI/LLM penetration testing. Background in offensive security research, exploit development and cloud-native architecture for regulated workloads.
Certifications
nCrypt Malaysia
Oversees all CREST-aligned penetration testing delivery — web, mobile, API, network, cloud, red team and intelligence-led engagements. Acts as technical authority on RMiT 10.49 intelligence-led tests for Malaysian financial institutions and ensures every report meets CREST quality standards.
Certifications
nCrypt Malaysia
Leads the GRC and audit advisory practice: ISO 27001 implementations, PCI DSS assessments, BNM RMiT gap analyses, PDPA 2024 advisory and Cyber Security Act 2024 readiness. Bridges technical findings into board-ready risk language and remediation roadmaps that pass external audit.
Certifications
We deliberately keep the leadership team close to delivery. The Head of Penetration Testing personally scopes every CREST-aligned engagement above a defined complexity threshold and signs off the final report before client release. The Head of Compliance & GRC leads every Bank Negara Malaysia RMiT gap assessment and presents findings directly to the board risk committee where requested.
The CTO is the technical authority on cloud, OT/ICS and AI/LLM red-team work — the engagements where most providers reach the edge of their methodology. The CEO holds the regulator and account-governance relationship for our top accounts, ensuring continuity across multi-year retainers.
Scoping calls are run by the consultant who will lead your engagement. No SDR layer, no junior account managers — direct access to the people who will sign the report.