Windham Wong
Cybersecurity Specialist
Co-Founder and Managed Parter of StormEye
Tell Me More

Working experience

StormEye, Hong Kong

Co-Founder

February 2018 - Present

  • Offers All-In-One Security Information and Event Management (SIEM) system and Security Operation Centre-As-A-Service (SOC-as-a-Service).
  • Offers Security Detection, Event and Log Management and Threat Intelligence platform.
  • Offers professional cybersecurity penetration testing.
  • Offers cybersecurity related policy review for enterprises.
  • Offers cybersecurity related training for Continuing Professional Development (CPD) and in-house training.

Alert Logic, United Kingdom

Security Analyst

April 2016 - January 2018

  • Position of SOC analyst.
  • Experienced in SOC operations, incident handling, vulnerability and exploit research.

Synergy Gaming, Hong Kong

Founder

November 2007 - September 2014

  • Retail online shop of PC games in Hong Kong.
  • Promoting genuine games to teenagers.

Certificates and Qualifications

Offensive Security Web Expert (OSWE)

Offensive Security

  • Certificated in January of 2020.
  • Proven the level of skills in web applications penetration testing.
  • Certification ID: OS-AWAE-030327

Offensive Security Certified Professional (OSCP)

Offensive Security

  • Certificated in April of 2017.
  • Proven the level of skills in penetration testing.
  • Certification ID: OS-101-07135

GIAC Certified Intrusion Analyst (GCIA)

GIAC Certifications

  • Certified in December, 2017
  • Proven the level of knowledge of Intrusion Detection Systems (IDS) and network traffic analysis.

Tigherscheme qualified Check Team Member (QSTM)

Tigerscheme, United Kingdom

  • Certificated in September of 2015 as a qualified penetration tester in United Kingdom.

Attendance of Bond Solon Expert Witness Training

Bond Solon, United Kingdom

  • Attended lectures and tutorials of drafting forensics expert witness report.

Skills

Technical Literacy

Programming Languages: C/C++, C#, Java, Object Pascal (Delphi), Visual Basic
Perl, Python, PHP, ECMAScript 6 (ES6),
Bash, Nix
8086, 80386, Dalvik
Databases: SQL (MySQL/MSSQL), XQuery, MongoDB, Elasticsearch
Artifical-Intelligence: PyKE (Python Knowledge Engine)
Web Framework: ReactJS, React-Native, Django, DotNetNuke
Gaming Engine: Unreal Engine 4, Unity
Forensics Tools: Access Data FTK Imager,
Access Data Forensics Toolkit (FTK) 1.81 & 3.0
Volatile, PhotoRec
Operation Systems: Microsoft Windows Server,
Microsoft Windows Hyper-V Server,
Debian, CentOS, FreeBSD, NixOS,
VMWare ESXi
Others: Apache Kafka, Apache Heron,
Kubernetes, Docker

Language Proficiency

Cantonese Native Proficiency
English Full Professional Proficiency
Mandarian Full Professional Proficiency

Education

Master (M.Sc.) of Computer Systems Security, Merit

University of South Wales (USW), South Wales, United Kingdom
September 2014 - December 2015

Received lectures and tutorials on:

  • Practical training of Windows and Unix security.
  • Practical training of debugging and vulnerability development.

Master project:
Penetration Framework

  • Attempt of creating a framework system with penetration
    testing tools for increasing the quality of penetration testing.
  • Written in Python with Django
  • Embedded with:
    • SQLMap, an open source database penetration testing tool
    • NMap, an open source network security scanner
    • Nikto2, an open source of web server scanner
    • Arachni, an open source of web application application security scanner
    • Skipfish, an open source of web application security reconnaissance tool

Bachelor (B.Sc. Hons) of Computer Systems Security

University of South Wales (USW), South Wales, United Kingdom
September 2011 - August 2014

Received lectures and tutorials on:

  • 2 years of computer forensics courses
    • Practical training of using forensics tools and techniques.
  • Attendance of Bond Salon Expert Witness Training
    • Practical training of forensics expert witness writing.
  • ISO27001/2 Information Security Management System (ISMS) writing.
Final year project:
Log Correlation based on Snort, OSSEC and OpenVAS using PyKE

  • Attempt of improving Intrusion Detection System (IDS)
    by correlating multi sources of security logs using
    Knowledge Engine AI system.
  • Written in Python
  • Improved with:
    • Snort, an open source Network-IDS
    • OSSEC, an open source Host-IDS
    • OpenVAS, an open source of vulnerability scanner

Associate of Engineering

Community College of City University of Hong Kong (CCCU), Hong Kong
September 2009 - August 2011

Received lectures and tutorials on:

  • Engineering of electric, electronic and computing.

Academic Projects

Master (M.Sc.) of Computer Systems Security, Merit

University of South Wales, United Kingdom

Penetration Framework
This project is to produce a penetration framework to provide flexibility on supporting additional modules of penetration testing tools. This framework includes five modules, namely, SQLMap, NMap, Nikto2, Skipfish and Arachni. It is to provide a Web interface for users to perform testing on target systems or application by entering parameters into the input boxes. The testing results are parsed and stored into database for later use and can be viewed by selecting the testing tasks in the Web interface. A vulnerable server installed with Metasploitable 2 is used for evaluating the penetration framework. The final outcome of this project should provide a flexible and efficientpenetration framework.

Bachelor of Computer Systems Security (Honor)

University of South Wales, United Kingdom

Log Correlation based on Snort, OSSEC and OpenVAS using PyKE
This project is to produce a log correlation program to correlate logs between Network IDS (Snort), Host IDS (OSSEC) and Vulnerability Scanner (OpenVAS) in order to improve the accuracy of intrusion detection. This log correlation program uses PyKE, a Python Knowledge Engine, to parse and correlate the alert messages from Intrusion Detection Systems to identify the real intrusions and false alarms. A set of intrusions is simulated and generated using penetration testing tool (Metasploit) within a virtual computer network. This set of intrusions is used for evaluating the log correlation program. The final outcome of this program should be able to identify false alarms and increase the accuracy of intrusion detection.