Kelvin Yip, Founder Resilience and readiness are two important terminologies that carry great meaning in the cybersecurity world. While the former relates to the ability to recover from an attack, the latter highlights the preparedness against the same. As important as they are to the businesses in today’s technology-first milieu, building and sustaining these two cybersecurity postures has proven to be a herculean challenge. Why? According to Kelvin Yip, a passionate cybersecurity, data, and IT professional with vast domain expertise, the reasons revolve around a very evident shortage of skilled Information security (InfoSec) professionals and the inadequacies associated with modern-day security solutions.
This lack of a competent workforce has ushered in an era of online security tools and consultation services developed by professionals who are well-versed in the art of cybersecurity. However, such offerings are yet to truly meet the expectation of the marketplace, where the absence of protection is strongly felt. Having recognized this vacancy and the value it carries in the modern, globalized economy, Yip founded his company, CyberSecThreat Corporation Limited, to fill the void.
CyberSecThreat concentrates on safeguarding businesses against a host of digital threats that seek to jeopardize their bottom lines. With Yip’s experience spanning over 15 years in data management, cloud application development, Splunk, and Security Operation Center (SOC), CyberSecThreat is perfectly poised to detect and combat even the most aggressive cyberattacks an enterprise may face. “We develop products and service to resolve the primary concerns that exist around the lack of cybersecurity professionals. Leveraging our vast knowledge and expertise, we translate cybersecurity into online services to help protect every digital asset of an organization,” expresses Yip.
Bolstering Cybersecurity in Taiwan
Headquartered in Taipei, Taiwan, and founded in the early months of 2021, CyberSecThreat has positioned itself as one of the most comprehensive solutions and services providers in the marketplace with its highly customizable cybersecurity programs. It partners with several organizations and a vast network of IT talents on an international scale, enabling it to offer expert assistance in the areas of data erasure, auditing, SOC, Security Information and Event Management (SIEM), Splunk consulting, implementation, and application security (AppSec). Furthermore, CyberSecThreat seeks to help advance the cybersecurity industry in the country and support Taiwan in executing its Six-Core Strategic Industries initiative and thus works dedicatedly toward the cause.
The company houses experts who perform incredibly well in all blue, red, and purple teams that always go above and beyond their call of duty. “Prevention is good, but detection is a must! That is why we develop tools, offer technical knowledge, and conduct demonstrations to improve the ability of SOCs,” states Yip when describing the objectives of his blue team. CyberSecThreat excels at revamping a client’s incident response capabilities with improved threat detection mechanisms by preparing them for various scenarios and security incidents.
The company’s team of IT professionals, under the guidance of Yip’s expansive cybersecurity experience, actively implements security strategies that align with a client’s business objectives and excel at training them in best-in-class practices and finding any vulnerabilities across the enterprise. The red team then steps in to carry out comprehensive security assessments, dynamic pen tests, and simulations of real-world threats and attacks to strengthen a client’s IT defenses progressively.
Here, Yip and his professional team also evaluate the effectiveness of a client’s cybersecurity program, which includes the assessment of hybrid and multi-cloud security environments.
CyberSecThreat supports clients with implementation services for SOCs, SIEM, and AppSec for enterprises across the APAC region. The company maintains a particularly expansive understanding of Splunk’s software and continuously develops tools to improve the integrations of a slew of cybersecurity solutions with DevOps to simplify identifying vulnerable software within an organization’s IT infrastructure. Following the hindrance of a lacking cybersecurity workforce, CyberSecThreat additionally supports the IT community with custom software bill of materials (SBOM) solutions to find any vulnerable software. “We develop relevant resources for the community at large and offer deep technical knowledge through open source and free tools,” adds Yip. These also include solutions to address an organization’s supply-chain vulnerabilities that may arise in their versions of SolarWinds and Log4J.
CyberSecThreat focuses on developing cutting-edge automation and collaboration tools to fortify clients against the most complex attacks when it comes to its purple team: an effective combination of the blue and red teams. “It is important to realize that offensive side knowledge helps the blue team anticipate an adversary’s next possible move,” expresses Yip. Thus, the company believes in the notion of knowing one’s enemy and utilizes more intuitive methods of threat detection and elimination than those listed in the MITRE ATT&CK framework. CyberSecThreat’s purple team also employs innovative and solid procedures during the triage or investigation stage to obtain more desirable results after observing the available threat intelligence information.
A Comprehensive Approach to Cybersecurity Consulting
CyberSecThreat offers several services designed to cater to each client’s unique and individualistic needs. However, the company approaches the topic of security with an incredibly holistic perspective that has empowered it to expand its portfolio with interesting and resourceful consultative and training services.
To begin with, it provides clients with the option of a Virtual Chief InfoSec Officer (vCISO) to mitigate security risks, protect digital assets, and maintain operational integrity. This subscription-based offering promises businesses all the operational benefits of a CISO, where they can expect a fully customized security program strategy designed around the outlines of their company’s mission and objectives.
Here, Yip and his professional team also evaluate the effectiveness of a client’s cybersecurity program, which includes the assessment of hybrid and multi-cloud security environments.
CyberSecThreat supports clients with implementation services for SOCs, SIEM, and AppSec for enterprises across the APAC region. The company maintains a particularly expansive understanding of Splunk’s software and continuously develops tools to improve the integrations of a slew of cybersecurity solutions with DevOps to simplify identifying vulnerable software within an organization’s IT infrastructure. Following the hindrance of a lacking cybersecurity workforce, CyberSecThreat additionally supports the IT community with custom software bill of materials (SBOM) solutions to find any vulnerable software. “We develop relevant resources for the community at large and offer deep technical knowledge through open source and free tools,” adds Yip. These also include solutions to address an organization’s supply-chain vulnerabilities that may arise in their versions of SolarWinds and Log4J.
CyberSecThreat focuses on developing cutting-edge automation and collaboration tools to fortify clients against the most complex attacks when it comes to its purple team: an effective combination of the blue and red teams. “It is important to realize that offensive side knowledge helps the blue team anticipate an adversary’s next possible move,” expresses Yip. Thus, the company believes in the notion of knowing one’s enemy and utilizes more intuitive methods of threat detection and elimination than those listed in the MITRE ATT&CK framework. CyberSecThreat’s purple team also employs innovative and solid procedures during the triage or investigation stage to obtain more desirable results after observing the available threat intelligence information.
A Comprehensive Approach to Cybersecurity Consulting
CyberSecThreat offers several services designed to cater to each client’s unique and individualistic needs. However, the company approaches the topic of security with an incredibly holistic perspective that has empowered it to expand its portfolio with interesting and resourceful consultative and training services.
OUR PRODUCTS HELP RESOLVE THE PRIMARY CONCERNS THAT EXIST AROUND THE LACK OF CYBERSECURITY PROFESSIONALS. LEVERAGING OUR VAST KNOWLEDGE AND EXPERTISE, WE TRANSLATE CYBERSECURITY INTO ONLINE SERVICES TO HELP PROTECT EVERY DIGITAL ASSET OF AN ORGANIZATION
To begin with, it provides clients with the option of a Virtual Chief InfoSec Officer (vCISO) to mitigate security risks, protect digital assets, and maintain operational integrity. This subscription-based offering promises businesses all the operational benefits of a CISO, where they can expect a fully customized security program strategy designed around the outlines of their company’s mission and objectives.
The vCISO also ties in well with the company’s training services for clients when dealing with the many national and international security regulations, which strictly require the presence of qualified and skilled CISOs.Another head-turning aspect of CyberSecThreat that stands a testament to its cybersecurity competence is its ability to select and resell best-in-class digital forensics and incident response (DFIR) tools and data disposal products. Via DFIR products such as Atola Insight Forensic, Atola Taskforce, BEC X, and a cryptocurrency transaction tracing platform, the company helps clients carry out a host of processes that include data recovery, investigation, and examination of data patterns concerning incidents of financial crime.
A Speedy Incident Response Time To further elucidate on CyberSecThreat’s capabilities, Yip shares the story of an organization that reached out to his company after experiencing a password spraying attack: a type of brute force attack targeting multiple user accounts. Such cybercrimes often succeed due to extremely uncomplicated, predictable passwords. The client urgently required assistance, and CyberSecThreat was ready to help eliminate the threat and provide reliable investigation and triage services. Yip and his team were able to successfully trace the potential identity of the attacker and located the threat intelligence tools involved, leveraging its username inventory alongside automated threat intel collection products and research networks. It is interesting to note that when the incident first occurred, the client had interacted with a global cybersecurity company and a local threat intel company who unfortunately failed to deliver. “Combining our research team and automated tools, we were able to locate where the cybercriminals launched the attack from and obtain their username. A big worry for many companies today is insider threats, and our services help eliminate such concerns,” says Yip.
CyberSecThreat has also designed and implemented Splunk for a large SOC where, during an external red team engagement period, the client’s security control of end customer failed to detect all the anomalies. Yip’s expert staff, with their customized rules and extensive investigative capabilities, were able to identify a percentage that exceeded nine times the red team activities perceived by the client’s existing infrastructure. CyberSecThreat succeeded in detecting these threats within a few hours, which pleasantly surprised the patron’s risk management teams.
"We Develop Relevant Resources For The Community At Large And Offer Deep Technical Knowledge Through Open Source And Free Tools "
Promising Cybersecurity for All
With such a comprehensive grasp on the ins and outs of cybersecurity and data management, CyberSecThreat has solidified its position as one of the most promising start-ups in this domain across the APAC region. Moving forward, the company intends to build more partnerships as it continues to grow and drive cybersecurity innovation in Taiwan to new heights. CyberSecThreat is also launching its own data disposal services and many other online solutions and tools to address the latest, more complex data security issues. Yip and his team are particularly interested in scaling their human and machine identity classification solution to help distinguish between the legitimacy of authentication on any given server. The company is also keen on venturing further into the cloud security space to perform large-scale investigations for its clients. With the continuous efforts of CyberSecThreat, the future is expected to be much safer, empowering businesses to flourish with the confidence of complete security.
A Speedy Incident Response Time To further elucidate on CyberSecThreat’s capabilities, Yip shares the story of an organization that reached out to his company after experiencing a password spraying attack: a type of brute force attack targeting multiple user accounts. Such cybercrimes often succeed due to extremely uncomplicated, predictable passwords. The client urgently required assistance, and CyberSecThreat was ready to help eliminate the threat and provide reliable investigation and triage services. Yip and his team were able to successfully trace the potential identity of the attacker and located the threat intelligence tools involved, leveraging its username inventory alongside automated threat intel collection products and research networks. It is interesting to note that when the incident first occurred, the client had interacted with a global cybersecurity company and a local threat intel company who unfortunately failed to deliver. “Combining our research team and automated tools, we were able to locate where the cybercriminals launched the attack from and obtain their username. A big worry for many companies today is insider threats, and our services help eliminate such concerns,” says Yip.
CyberSecThreat has also designed and implemented Splunk for a large SOC where, during an external red team engagement period, the client’s security control of end customer failed to detect all the anomalies. Yip’s expert staff, with their customized rules and extensive investigative capabilities, were able to identify a percentage that exceeded nine times the red team activities perceived by the client’s existing infrastructure. CyberSecThreat succeeded in detecting these threats within a few hours, which pleasantly surprised the patron’s risk management teams.
"We Develop Relevant Resources For The Community At Large And Offer Deep Technical Knowledge Through Open Source And Free Tools "
Promising Cybersecurity for All
With such a comprehensive grasp on the ins and outs of cybersecurity and data management, CyberSecThreat has solidified its position as one of the most promising start-ups in this domain across the APAC region. Moving forward, the company intends to build more partnerships as it continues to grow and drive cybersecurity innovation in Taiwan to new heights. CyberSecThreat is also launching its own data disposal services and many other online solutions and tools to address the latest, more complex data security issues. Yip and his team are particularly interested in scaling their human and machine identity classification solution to help distinguish between the legitimacy of authentication on any given server. The company is also keen on venturing further into the cloud security space to perform large-scale investigations for its clients. With the continuous efforts of CyberSecThreat, the future is expected to be much safer, empowering businesses to flourish with the confidence of complete security.
CyberSecThreat - Holistic Cybersecurity Monitoring Solutions
Kelvin Yip, Founder, and Director of CyberSecThreat
CIO Speaks
-
Mark Badal, CIO, IT&E
Jason Blackman, CIO, Carsales.Com
Marc A. Hamer, VP & CIO, Babcock & Wilcox Enterprises, Inc.
Kevin Soh, CIO and Director, e-Strategies, BH Global Corporation
Sal Cucchiara, CIO & Head Of Wealth Management Technology, Morgan Stanley
-
Shirin Hamid, CIO, & CTO, Asian Development Bank
Linda K. Lannen, CIO & Sr. VP, Kleinfelder
Sumit Puri, CIO, Max Healthcare
Brett Raven, CIO, Big Red Group
Mark Ohlund, CIO & Sr. V.P., Armada Supply Chain Solution
James MacLennan, SVP & CIO, IDEX Corporation
