Cecil Su

Cecil Su

Director, Cybersecurity

Cybersecurity

Consumer business | Financial services | Manufacturing | Professional Services | Real Estate & Construction | Technology, Media & Telecommunications

Contact

Executive Summary

Cecil leads BDO Singapore's Cybersecurity Unit, directing engagement teams across diversified projects spanning government and commercial sectors. His practice areas encompass Cybersecurity Advisory, IT Assurance, and Cyber Threat Intelligence & Threat Hunting.

With over 20 years of hands-on and leadership experience in cybersecurity, Cecil has overseen complex engagements in security assessments, technology audits, threat intelligence, and digital forensics across enterprise networks and applications. His technical foundation includes ISO/IEC 27001, ISO 42001, and risk-based management frameworks, and he advises clients on data governance, privacy risk, and regulatory compliance.
Cecil is an active contributor and a co-author of the OWASP Web Security Testing Guide and the OWASP AI Security Testing Guide, and a contributor to the OWASP AI Vulnerability Scoring System (AIVSS). He is also involved in the Cloud Security Alliance's Trustworthy & Responsible AI Security Evaluation (TAISE) programme to advancing standards in AI security and governance.

Professional Qualifications and Affiliations
  • Active professional member and various certifications from ISC2
  • Active professional member and various certifications from ISACA
  • Active professional member and certification from ISECOM
  • Active professional member and certifications from IAPP
  • ISO/IEC 27001 ISMS Lead Implementer & Auditor 
  • ISO/IEC 42001 AIMS Lead Implementer & Auditor
  • Cybersecurity Strategic Leadership Programme (CSA/SMU)
  • Certification in AI Ethics & Governance - Professional (SCS/NTU)
  • Certification in DevSecOps & Engineering Automation (SCS/NTU)
Other Information
  • Fellow Member of the Association of Information Security Professionals (AiSP)
  • AiSP Validated Information Security Professional (AVIP)
  • Black Hat Asia AI Summit Advisory Board member
  • Chapter Co-Lead for Open Web Application Security Project (OWASP) Singapore Chapter
  • Member of Open Web Application Security Project (OWASP)
  • WorldSkills Singapore Industry Expert (Cyber Security Technical Working Group)