Cecil

Cecil Su

Director, Technology Risk Advisory

+65 6829 9628

vCard

As Head of the Technology Risk Advisory Unit, Cecil leads various engagement teams on diversified projects across vertical industries. His area of focus is in Cyber Security Advisory, IT Assurance and Digital Forensics.

Cecil has a background founded in cybersecurity, technical assessments and controls testing, including ISO/IEC27001. He has spent a number of years performing and overseeing cybersecurity assessments, technology audits, digital forensics including complex enterprise platforms on networks and applications. Aside from that, Cecil has been involved in developing and deploying risk-based management and data governance frameworks, helping clients to manage data risk and meet associated regulatory requirements.

Cecil has successfully led and managed wide-ranging initiatives in both the government and commercial sectors in the areas of cybersecurity assessments, technical countermeasures, threat analysis, cyber investigations/forensics, and smart technology.

Professional Qualifications and Affiliations

  • Certified Information Systems Security Professional (CISSP), International Information Systems Security Certification Consortium (ISC2)
  • Certified Information Systems Auditor (CISA), Information Systems Audit & Control Association (ISACA)
  • Certified Information Security Manager (CISM), Information Systems Audit & Control Association (ISACA)
  • Certified in Risk and Information Systems Control (CRISC), Information Systems Audit & Control Association (ISACA)
  • OSSTMM Professional Security Tester (OPST), Institute for Security & Open Methodologies (ISECOM) 
  • PCI DSS Qualified Security Assessor (PCI QSA)
  • ISO/IEC 27001 ISMS Lead Auditor (ISO27001LA), International Register of Certificated Auditors (IRCA)
  • Oracle 9i Certified Professional Database Administrator (OCP DBA), Oracle Corporation

Other Information

  • ExCo Council member of the Association of Information Security Professionals (AiSP)
  • Chapter Lead of the Honeynet Project (HP) Singapore Chapter
  • Member of Open Web Application Security Project (OWASP)
  • Member of High Technology Crime Investigation Association (HTCIA)
  • Member of International Information System Security Certification Consortium (ISC)2
  • Member of Information Systems Audit and Control Association (ISACA)