GithubHelp home page GithubHelp logo

Connect

Linkedin

Twitter

Plain old email

Gitlab

Github

Substack

Stackoverflow

About.me

Infoq

Hugging Face :)

Selected Presentations/Works at the Internet Engineering Task Force (IETF):

  1. Decentralized Identity - What Lies Ahead of Us: The Open (Interesting) Research Issues

  2. Byzantine Agreement Protocols for Large-Scale Decentralized Identity Management

  3. Applications for Quantum Information Network: Promising Use Cases and its Profound Implications on Existing Internet Applications

Selected Presentations/Works at OWASP Singapore:

  1. Malware Discovered in Popular NPM: Anatomy of Next-Gen Supply Chain Attacks. Tools and Guidelines to Secure Software Packages, Dependencies (NPM, PyPI, Maven, NuGet, Crates and RubyGems) to Guard against Supply Chain Attacks. How to setup Guardrails and not Roadblocks or Gates: Shift Left with Gitops plus integrating Fuzzing into DevSecOps. The importance of having Cloud Infrastructure Entitlements Management (CIEM) to enforce permissions and security identities across workloads and clouds.

  2. Securing the Multi-cloud, Portable, *-Tier Microservice Application: A live demo on Cloud-Native Application Security Platforms: Curiefense, Deepfense, Sysdig, Snyk Code, and Aqua Security Trivy & tfsec

  3. Deconstructing the Solarwinds Supply Chain Attack and Deterring it: Honing in on the Golden SAML Attack Technique

  4. Microservices Security, Container Runtime Security, MITRE ATT&CK® for Kubernetes (K8S) and Service Mesh for Security

  5. How Secure are you APIs? Securing your APIs: OWASP API Top 10 2019, Case Study and Demo

  6. Enabling Zero Trust Architecture (ZTA) with Least-Privilege Identity-Based Micro-segmentation using Service Mesh and Securing Production Identity Framework for Everyone (SPIFFE) (Demo) & Building Secure Software Factory (SSF) to Defend the Digital Cloud-Native Software Supply Chain against attacks: Helpful Cloud-Native Security Checklists and Demo on The Update Framework

  7. Deconstructing the Solarwinds Supply Chain Attack and Deterring it: Honing in on the Golden SAML Attack Technique - At the request of the team, translated to Japanese for Audience in Japan

Selected Presentations+Works on Blockchain/Distributed Ledger Technologies (DLT):

  1. Understanding the Limits and Potential of Blockchain Technology

  2. Presentation to Hyperledger Sweden: Hyperledger Ordering Service: Deep Dive into the Raft Consensus Algorithm

  3. Hyperledger Developer Showcase Series

  4. Decentralized Identity: The Elusive Key to Inclusive Growth

  5. Private Data Collections: A High-Level Overview

  6. Hyperledger Sawtooth, Seth and Truffle 101

Certifications:

  1. Microsoft Certified: Azure Solutions Architect Expert

  2. Microsoft Azure Fundamentals

  3. Microsoft Certified: Security, Compliance, and Identity Fundamentals

  4. AZ-400 Designing and Implementing Microsoft DevOps Solutions

  5. Prisma Certified Cloud Security Engineer

Others:

  1. IEEE Blockchain Technical Briefs Editorial Board

  2. World Blockchain Forum

  3. Bitcoin Magazine Profile

  4. Hyperledger Speakers Bureau

  5. Silliman University National Writers Workshop - 2012 Fellows

  6. Nathan Aw

  7. Chosen to attend National Writers Workshop at Philippines and awarded the Fellowship for writing.

  8. Poetry @ Nathan Aw Substack - Behold the pointless modern man!

Source/References:

https://sg.linkedin.com/in/awnathan

https://twitter.com/nathan_mk_aw

https://gitlab.com/nathanawmk

https://github.com/nathanawmk

https://nathanaw.substack.com/

https://stackoverflow.com/users/8588369/nathan-aw

https://about.me/mingkun.aw

https://datatracker.ietf.org/meeting/103/materials/slides-103-dinrg-decentralized-identity-01

https://datatracker.ietf.org/meeting/104/materials/slides-104-dinrg-byzantine-agreement-protocols-for-large-scale-decentralized-identity-management-01

https://datatracker.ietf.org/meeting/interim-2020-qirg-01/materials/slides-interim-2020-qirg-01-sessa-applications-for-quantum-information-network

https://github.com/OWASP/www-chapter-singapore/raw/master/assets/presos/Securing_Multi_cloud_Portable_Tier_Microservices_Applications_A_live_demo_on_cloud_native_application_security_platforms.pdf

https://owasp.org/www-chapter-singapore/assets/presos/Deconstructing_the_Solarwinds_Supply_Chain_Attack_and_Deterring_it_Honing_in_on_the_Golden_SAML_Attack_Technique.pdf

https://owasp.org/www-chapter-singapore/assets/presos/Microservices%20Security%2C%20Container%20Runtime%20Security%2C%20MITRE%20ATT%26CK%C2%AE%20%20for%20Kubernetes%20(K8S)%20and%20Service%20Mesh%20for%20Security.pdf

https://owasp.org/www-chapter-singapore/assets/presos/Securing_your_APIs_-_OWASP_API_Top_10_2019,_Real-life_Case.pdf

https://owasp.org/www-chapter-singapore/assets/presos/Securing_Production_Identity_Framework_for_Everyone_(SPIFFE),_Building_End_to_End_Secure_Software_Factory_and_Protecting_Cloud-Native_Supply_Chain_Helpful_Cloud-Native_Security_Checklists_and_Demo_on_SPIFFE_and_Not.pdf

https://www.nasdaq.com/articles/guest-post%3A-understanding-the-limits-and-potential-of-blockchain-technology-2017-11-09

https://www.youtube.com/watch?v=GN_6dEcDsAQ

https://www.hyperledger.org/blog/2017/12/05/developer-showcase-series-nathan-aw-ntt-data

https://blockchain.ieee.org/technicalbriefs/editorial-board#nathan-aw

https://twitter.com/hyperledger/status/1143898717419921409

https://bitcoinmagazine.com/authors/nathan-aw

https://www.hyperledger.org/participate/speakersbureau

https://wiki.hyperledger.org/download/attachments/2392948/Decentralized%20Digital%20Identity_%20%20The%20Elusive%20Key%20to%20Inclusive%20Growth%20%281%29_FINAL.pptx

http://nathan-mk-aw.s3-website-ap-southeast-1.amazonaws.com/

https://en.wikipedia.org/wiki/Silliman_National_Writers_Workshop

https://owasp.org/www-chapter-singapore/assets/presos/Supply_Chain_Security_Securing_your_NPM,_PyPI,_Maven_and_Crates_(Rust),_Shift_Left_with_Gitops_and_Software_Fuzzing.pdf

https://www.credly.com/badges/38edcb62-9339-48a5-a500-4fa44199e04f

https://www.credly.com/badges/1df3e0be-2b1b-4ed4-8df0-9f2488168c99

https://www.credly.com/badges/cae19203-4eb1-4ae0-8e99-a1b2b3852eab

https://www.credly.com/badges/d55cd8db-2147-4f22-acd6-f11611fd71d5

https://www.certmetrics.com/paloaltonetworks/public/badge.aspx?i=37&t=c&d=2022-01-23&ci=PAN00218757

https://www.meetup.com/singapore-owasp-meetup-group/events/281710523/

https://www.meetup.com/singapore-owasp-meetup-group/events/280590027/

https://www.meetup.com/singapore-owasp-meetup-group/events/279796090/

https://www.meetup.com/singapore-owasp-meetup-group/events/276259224/

https://news.smu.edu.sg/news/2012/05/21/onward-next-50

https://nathanaw.substack.com/p/behold-the-pointless-modern-man

Nathan Aw's Projects

cyhy-mailer icon cyhy-mailer

Email Cyber Hygiene, Trustworthy Email, and HTTPS reports to the appropriate technical or distribution addresses

damn-vulnerable-graphql-application icon damn-vulnerable-graphql-application

Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.

dapr icon dapr

Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge.

datawave icon datawave

DataWave is an ingest/query framework that leverages Apache Accumulo to provide fast, secure data access.

debezium icon debezium

Change data capture for a variety of databases. Please log issues at https://issues.redhat.com/browse/DBZ.

decentralized-identity-self-sovereign-identity icon decentralized-identity-self-sovereign-identity

Public Key Infrastructures (PKI), or any other centralized identity attestation / stores, is primed to be disrupted by blockchain/distributed ledger technologies. Decentralized identity is an idea whose time has come. This paper critically and systematically examines how decentralized solutions such as uPort and Soverin enables decentralized identities to ensure how one's identity can be controlled and managed by the very owner instead of relying on entities such as Faceebook, Linkedin and Google.

decentralized-public-key-infrastructure icon decentralized-public-key-infrastructure

The trust infrastructure in the World Wide Web (WWW) or Internet as we know today is centralized. This includes Public Key Infrastructures (PKI) and the Resource PKI (RPKI), which is the trust infrastructure for Autonomous System Numbers (ASNs) and IP addresses. Resource Public Key Infrastructure (RPKI), also known as Resource Certification, is a specialized public key infrastructure (PKI) framework designed to secure the Internet's routing infrastructure. Given the importance of RPKI, it is important to closely examine how blockchain/distributed ledger technologies (DLT) could be applied to improve, buttress and shore up the resiliency of today's RPKI. It is an imperative that critical internet infrastructure look into decentralization as a way to improve resiliency.

demo icon demo

Securing Alice's, Bob's and Carl's software supply chain using in-toto

deno icon deno

A secure JavaScript and TypeScript runtime

dep-scan icon dep-scan

Fully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI, Google CloudBuild. No server required!

dev-ops-or-death-ops icon dev-ops-or-death-ops

dev-ops or death-ops? In many attempt to digitally transform, organisations follow methodologies to the "T" result in digital death marches. This is not sustainable. To achieve sustained digital transformation, organisation must not often forget the crucial element -- the human. In this paper, we explore how dev-ops become death ops and how we can avoid this from happening. Remember -- sustained digital transformation is key to beating out competition, not merely delivery cadence. A Pyrrhic victory needs to be avoided at all cost.

devsecopsguideline icon devsecopsguideline

The OWASP DevSecOps Guideline can help us to embedding security as a part of the development pipeline.

dex icon dex

OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors

did-jwt icon did-jwt

Create and verify DID verifiable JWT's in Javascript

digital-governance-in-an-agile-age icon digital-governance-in-an-agile-age

Is governance in an "agile, move fast, fail fast" ethos diametrically opposed to each other? Quite on the contrary. Though governance may initially seem inimical to such an ethos, I argue that governance can in fact foster such as an ethos and achieve digital hyperspeed through defining good guardrails and targets.

distributed-ledger-technologies-capital-markets icon distributed-ledger-technologies-capital-markets

This paper systematically and rigorously explores the latent potential of distributed ledger technologies (i.e., Blockchain) to reinvent revolutionize and redefine the capital markets infrastructure

distributed-ledger-technologies-digital-transformation icon distributed-ledger-technologies-digital-transformation

This paper argues that the adoption of Distributed Ledger Technologies/Blockchain exponentially speeds up the rate of digital diffusion in an organisation thereby transforming an organisation core quicker than any other digital technologies available out there.

dlt-blockchain-as-honeypot-cybersecurity icon dlt-blockchain-as-honeypot-cybersecurity

The distributed nature of blockchain / distributed ledger technologies (DLT) lends itself to the use for honeypots in cybersecurity efforts. If leveraged properly, DLTs/blockchain has the capabilities to transform and advance cybersecurity efforts.

docker-jq icon docker-jq

The "jq" utility wrapped in a Docker image.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.