Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
  1. Home
  2. About CSA
  3. Careers
  4. Working in CSA
  5. #WorkinginCSA: Building Cyber Resilience with Attack Simulation
Feature Articles

#WorkinginCSA: Building Cyber Resilience with Attack Simulation

31 October 2025

As a Senior Cybersecurity Consultant at CSA's Cybersecurity Engineering Centre (CSEC) and part of the Attack Simulation Group (ASG), Wei Kang uncovers vulnerabilities before malicious actors can exploit them.
Add your alt text here

1. Tell us more about your team’s work and your role as a Senior Cybersecurity Consultant in CSA’s Cybersecurity Engineering Centre (CSEC).

Add your alt text here

The CSEC ASG team and interns at CSA.

About my role

ASG provides security assurance to Government and Critical Information Infrastructure (CII) systems through simulated attacks, such as Red and Purple Team Exercises and Vulnerability Assessment and Penetration Testing (VAPT) to uncover vulnerabilities before malicious actors can exploit them. As a Senior Cybersecurity Consultant, I lead attack simulation engagements and keep up with new Tactics, Techniques and Procedures (TTPs).

My team and I actively contribute to industry knowledge sharing through purple team workshops at CSA’s Operational Technology Cybersecurity Expert Panel (OTCEP) Forum, demonstrating the importance of regular attack simulation exercises for system security. Between active engagements, we invest in continuous learning, staying abreast of evolving attack techniques and testing methodologies to maintain our ability to provide comprehensive testing and assurance for our clients and stakeholders.

This is the alt text
Speaking at OTCEP 2024 for the Purple Team workshop.

2. What inspired you to become interested in this field?

I don’t have a ‘hacker story’ like most people in offensive security might have. I was from National University of Singapore (NUS) Computer Engineering, and I started my career as a Software Engineer, with no specific cybersecurity background.

A former colleague asked me if I wanted to try the Offensive Security Certified Professional (OSCP) course. Being a ‘steady’ colleague, I decided to give it a go and found myself hooked by the challenges that offensive security provided. This experience sparked my career pivot into the cybersecurity field.

3. What are some projects you’ve worked on in CSA that you found particularly interesting?

Within ASG, we are periodically tasked to conduct security testing on niche systems. An example was during the COVID pandemic, when we were part of the taskforce that conducted security testing for the software and apps launched to enable contact tracing and safe movement of our residents.

This year, I joined the secretariat team for the 10th edition of Singapore International Cyber Week (SICW). My role is to coordinate between our event partner and event owners to deliver an impactful SICW. It is challenging for me as I am more accustomed to working with computers than people. Fortunately, the support from the entire SICW committee has been invaluable, with team members consistently helping one another. Such cross-functional assignments broaden my understanding of the Public Service and encourage professional growth beyond my technical comfort zone.

Add your alt text here

The secretariat team at SICW 2025.

4. Have you had a mentor whose guidance helped shape your professional journey in CSA?

During my time at CSA, I have come across many seniors who have become invaluable mentors.  Directors helped me grasp the fundamentals of Public Service, understand policy implications, and embrace service with heart and purpose, while team leads taught me techniques in security testing and coached me in effectively communicating with non-technical stakeholders.

5. Tell us something about your job that not many people know about.

"My job is more than just 'hacking' - we're bound by ethics and moral codes, and a big part of what we do is educating stakeholders so they can prioritise their resources in securing their systems."
Wei Kang Sim

Most of the skills we have are not taught by schools but accumulated over years of self-learning, with our professional certifications earned through gruelling 24 to 48-hour intensive hands-on examinations. A big part of my job is also communicating the vulnerabilities found during our security testing to stakeholders, ensuring they understand the latest vulnerabilities and can prioritise their resources in securing their systems.

6. Outside of work, do you have any hobbies and interests? How do you unwind from work?

I love metal music, but I have since mellowed and listen to rock music mostly now. I like exploring different music scenes and currently enjoy Taiwanese rock bands. I play the electric guitar (badly) occasionally too. I am constantly online keeping tabs on Web3 news and developments. Whenever my wife and I are up for it (or wake up early enough), we go for hikes at nature spots around the island.

Add your alt text here

View of Punggol Digital District after my hike from Coney Island.

Back to top