Regions icon
Membership icon
Certification icon

About us

We have been active in Asia since the opening of our Singapore Chapter in 2016. We are committed to the Asian market, working closely with our members here to create a genuinely global cyber security organisation.

We currently have two chapters in the region: one in Singapore and one in Hong Kong which was also launched in in 2016 in collaboration with the Hong Kong Institute of Bankers (HKIB) and the Hong Kong Applied Science and Technology Research Institute (ASTRI).

These chapters are represented and managed by an elected Asia Council. The chair of the Asia Council, Emil Tan, also sits on our International Council.

In common with our other Regional Councils, the Asia Council exists to further our objectives to build capability, capacity, consistency and community in the region and the global cyber security industry.

We work with members, governments, regulators and the buying community in the region to enhance cyber resiliency and open up markets for our member companies and offer opportunities for qualified individuals.

We deliver a full range of disciplines to the Asian market:

• Penetration Testing
• Incident Response
• Threat Intelligence
• Security Operations Centres


Asia Council

Members of the Asia Council were elected in December 2021. They will serve for three years at which point, to ensure continuity, half will retire by rotation by mutual agreement and be eligible for re-election for a further three-year term if they so wish. The other half will retire by rotation the following year. Emil Tan, the Asia Council Chair, is a co-opted and independent member of the council as permitted in the Asia Council Terms of Reference.

The serving Asia Council Members are listed below in alphabetical order. Hold your cursor over each for more information.

Paul Craig

Vantage Point Security Pte Ltd

[Portfolio: Threat Intelligence]

Paul is the Chief Hacking Officer and co-founder at Vantage Point Security group, where he oversees the penetration testing services delivered by the group across Southeast Asia. Paul has more than two decades of penetration testing experience working in the banking and finance sectors and has been leading cyber security teams for most of his career.

Paul has published books on cyber security, spoken at international security conferences and has appeared on a range of news and current affairs programs regarding cyber security risks including TV and print media.

Ben Harris

watchTowr Pte Ltd

[Portfolio: Penetration Testing]

Based in Singapore, Ben is the founder of WatchTowr. He has over a decade of experience building and leading high-performing offensive cybersecurity teams across the globe.

Ben has a strong background in consulting, helping some of the world’s most targeted organisations and industries prepare for, and defend themselves from, sophisticated cyber attacks. In addition, he has been a member of the CREST Assessor team since 2016.

Jason Ka Lee


[Portfolio: Incident Response]

Jason has more than eight years’ experience in delivering high-priority global projects (independently and leading teams) across various industries. He enables clients to manoeuvre through complex landscapes smoothly and gain strategic “first-mover” advantages, and has worked with senior executives and stakeholders across all levels and departments to adopt new technologies securely while meeting business needs.

Some of Jason’s projects include leading the uplift of a cybersecurity regulatory framework for the banking sector; planning and leading threat assessments for global companies and large organizations across multiple sectors, including government and financial services; and supporting multiple incident response engagements by providing bespoke cyber threat intelligence to the incident responders.

John Lloyd

Casaba Security SE Asia Pte Ltd

[Portfolio: Academia]

John worked for over a decade in roles centred around securing business and business systems. He has years of experience building and managing large scale Security Operations Centres (SOC) in the APAC region. His primary interest is in managing the human aspects of information security; holistically blending technology and best practices to develop systems which are secure yet provide an effortless user experience.

John spends his free time working on security projects in the blockchain domain where he focuses on distributed trust and projects related to risk management.

Ramesh Naidu

Vigilant Asia Sdn Bhd

[Portfolio: SOC]

Ramesh has more than 20 years’ experience in IT, managing large technology operations from endpoint management to distributed network. He has designed and built data centres and complex technology environments which include the management of Information Security and Cyber Security. Ramesh played a pivotal role in the setup of Vigilant Asia as an MDR player in Malaysia and was responsible for the end-to-end business and technical setup of the SOC operations.

Michael Pang


Michael is the practice leader of the Hong Kong Technology Consulting and Digital Transformation solution. He is also the leader of Protiviti’s Security & Privacy solution across Asia Pacific. He has around 25 years of experience in advising top management on various strategic topics including cybersecurity assessment, penetration test / red teaming, security architecture design, security operations outsourcing, data privacy protection, and technology risk.

Over the years, Michael has given many public speaking at industry conferences as well as lectures on cybersecurity and technology risks topics. Before joining Protiviti, Michael has taken key consulting roles at Boston Consulting Group, A.T. Kearney and Kodak Services for Business.

Tim Percival


[Portfolio: Threat Intelligence & Intelligence Led Penetration Testing]

Tim has worked in the cyber security industry for more than 15 years and has been responsible for running Nettitude’s Asia business since 2019. With a background in business management, Tim has developed a strong understanding of the CREST portfolio, and over the years, he has built a very good understanding of cyber-related matters and how organisations need to protect themselves from threat adversaries. A big part of this is ensuring that organisations have a clear strategy in place.

Tim believes that our organisation plays an integral role in the Asian market and is keen to drive a focus on aiding new and existing consultants to become as accredited and experienced as possible. By driving CREST into the local education system i.e. universities and colleges, Tim sees a great opportunity for consultants of the future to flourish and continue to help keep organisations free from security breaches.

Britto Sidhan

Schneider Electric SE

[Portfolio: Research]

Britto leads the Global Security Lab at Schneider Electric. He is responsible for Penetration Testing, ICS Security, and red teaming for product and systems offers. For more than a decade, he has worked extensively with telecommunications security, cloud and virtualization security, and vulnerability researcher.

An expert in offensive security techniques, Britto has been involved in developing research skills for professional security teams. He has a team of highly skilled security professionals that focuses on critical infrastructure domain.

Cecil Su


[Portfolio: Academia and Research]

As a trusted advisor, Cecil leads and manages wide-ranging initiatives in both the government and commercial sectors in the areas of cybersecurity assessments, secure development lifecycle, technical countermeasures, threat analysis, cyber investigations/forensics, and IoT/OT technology.

He has spent many years performing and overseeing cybersecurity assessments, technology audits, digital forensics including complex enterprise platforms on networks and applications. Aside from that, Cecil has been involved in developing and deploying risk-based management and data governance frameworks, helping clients to manage data protection, risk and meet associated regulatory requirements. He currently volunteers in the Association of Information Security Professionals (AiSP), OWASP SG Chapter and WorldSkills Singapore.

Emil Tan


Emil is Chief Operating Officer of cybersecurity talent development company Red Alpha. He took up the role of Chair of the Asia Council in December 2021, working with the council to support members and helping to shape our strategy in the region.

Emil founded and runs Singapore’s largest cybersecurity community group, Division Zero (Div0), worked for the Infocomm Media Development Authority (IMDA) and was recently seconded to the Cyber Security Agency of Singapore (CSA). He is also Chair of Singapore’s Cyber Youth Singapore (CYS) and is a co-Founder and permanent member of the Global Cybersecurity Camp (GCC) which is an Asia-Pacific talent development programme.

Henry Tan

CEO softScheck Singapore Pte Ltd

[Portfolio: Marketing & Training]

Henry is an effective leader with a track record of developing, presenting and managing implementation of innovative business solutions.

He accumulated technical background in software development, network design and cyber security with a strong understanding of software architecture which helps him to grasp technical requirements to implement business solution. As a CEO he has established softScheck in the region and driven the company’s fast growth trajectory.

Faisal Yahya

Country Manager, Vantage Point Security Indonesia, PT

[Co-Optee.  Portfolio:  Indonesia]

Faisal is a Cyber Security Strategist with over 20 years of experience combined as a Country Manager, Chief Information Officer (CIO) executive, and Chief Information Security Officer. He plays an integral role in spearheading the Information Security strategy roadmap, interfacing core business functions and technology teams — establishing and presenting a cybersecurity strategic vision using technical skills to generate confidence with business stakeholders and company leadership.

Faisal has given many public speaking at industry conferences and academic events about various cybersecurity topics. Faisal also serves as an Official Instructor for EC-Council and Cloud Security Alliance. Faisal advocates for better cyber safety practices and defining improved Cybersecurity space in the South East Asian IT communities, actively researching and speaking. Faisal is passionate about upskilling people and organizations about cybersecurity.

Asia Team

CREST Asia is supported in regional marketing and PR by Faye Percival, of Cyber33. Contact: [email protected]