Dr Weihan Goh is an Assistant Professor at the Singapore Institute of Technology (SIT), where he teaches primarily in the Information Security degree programme. His research interests include security testing and digital forensics, as well as technologies for cybersecurity education such as cyber ranges, CTF / CDX, and anti-fraud / anti-cheat systems. He is currently leading the construction of SIT's first cyber range in collaboration with DSO National Laboratories.
As a vulnerability researcher, Dr Goh has been involved in vulnerability research leading to disclosures of vulnerabilities to both government and private stakeholders, including recently, findings related to the TraceTogether contact tracing system. An expert in non-traditional education pathways, he designed one of Singapore's first competency-based workplace-learning degree pathways for adult learners, and prior to that, designed the curriculum pathways for Singapore's first Cyber NSF work-learn programme.
Beyond teaching and research, Dr Goh participates in capture-the-flag exercises and have mentored student teams participating in cybersecurity competitions to successes both locally and internationally. Dr Goh received his PhD and BEng, both in Computer Engineering, from the Nanyang Technological University, Singapore, in 2013 and 2008 respectively. He is a multiple SANS coin winner, and goes by the CTF handler 'icebear'.
- Head of Verbosecurity Pte Ltd– Present
- Assistant Professor– Present
- PhD (Computer Engineering)Nanyang Technological University , Singapore
- BEng (Computer Engineering)Nanyang Technological University , Singapore
- Winner, Teaching Excellence Award 2020/21, Singapore Institute of Technology
- Finalist, Global CyberPeace Challenge 3.0 IT Capture-the-Flag, Cyber Peace Foundation
- 2nd Runner-Up, Dragos Industrial Security Conference (DISC) Capture the Flag, Dragos, Inc.
- Winner (Professional Track), 3rd Belkasoft CTF Challenge, Belkasoft and SPbCTF
- Winner (Professional Track), 2nd Belkasoft CTF Challenge, Belkasoft and SPbCTF
- 2nd Runner-Up, ICSJWG Capture the Flag (2021 Spring), CISA Industrial Control Systems Joint Working Group (ICSJWG) and Idaho National Laboratory
- 1st Runner-Up, Global CyberPeace Challenge 2.0 IT Capture-the-Flag, Cyber Peace Foundation
- Mentor to the Challenge Coin Winner, Hacksmith 4.0 Hackathon, Div0 [Project Title: Project Enigma - Detecting Indicators of Compromise Through RAM Analysis, Event Logs, and Malware Machine Learning]
- Mentor to the Challenge Coin Winner, Hacksmith 4.0 Hackathon, Div0 [Project Title: Drone Monitoring and Takedown System (DMTS)]
- Mentor to the 1st Runner-Up, Kaspersky Secur'IT Cup 2020 Grand Finals, Kaspersky Academy [Project Title: Drone Monitoring and Takedown System (DMTS)]
- 2nd Runner-Up (Team), Cellebrite CTF Challenge, Cellebrite
- Mentor to the 2nd Runner-Up, Develop for Social Good Track, JunctionX Asia 2020, JunctionX Singapore and Microsoft [Project Title: Drone Monitoring and Takedown System (DMTS)]
- Mentor to the Winner, Cyber Security Track, JunctionX Asia 2020, JunctionX Singapore and Kaspersky Academy [Project Title: Drone Monitoring and Takedown System (DMTS)]
- Top 5, Div0 x SINCON CMD+CTRL Cyber Range CTF, Div0
- Winner, Cybersecurity Challenge: Countering Digital Terrorism, UN Counter-Terrorism Centre, UN Office of Information and Communications Technology, and the UN Technology Innovation Labs
- Mentor to the 1st Runner-Up, Kaspersky Secur'IT Cup 2019 Grand Finals, Kaspersky Academy [Project Title: Automated Android Mobile Application Obfuscator (AAMAO)]
- 1st Runner-Up, DEF CON China 1.0 Scavenger Hunt, Defcon Scavenger Hunt
- Winner, BountyCon 2019 Capture-the-Flag Competition, Google and Facebook, Inc.
- Black Hat Asia 2019 Educator Scholarship, Black Hat Asia 2019
- 1st Runner-Up, Kaizen Singapore Challenge Contest, Booz Allen Hamilton, Inc.
- Project Finalist, 5th Asia Pacific Eldercare Innovation Awards, Ageing Asia
- Nanyang President's Graduate Scholarship, Nanyang Technological University–
- ASEAN Undergraduate Scholarship, Nanyang Technological University–
- Kaspersky Academy Certified Instructor on Malware Reverse Engineering and AnalysisKaspersky–
- CREST Practitioner Security Analyst (CPSA)Council of Registered Security Testers–
- CREST Registered Penetration Tester (CRT)Council of Registered Security Testers–
- Member, Institute of Electrical and Electronics Engineers (IEEE)– Present
- Member, Association for Computing Machinery (ACM)–
- Judge, Kaspersky Secur'IT Cup 2021 Global Finals
- Judge, Kaspersky APAC Secur'IT Cup 2021
- Head of Triage, Punggol Digital District: Connecting Smartness - Bug Bounty 1.0
- Judge, Singapore Science and Engineering Fair (SSEF) 2021
- Visiting Lecturer (BRICS Educational Internship Program), Far Eastern Federal University, Vladivostok, Russia
- Mentor and Judge, JunctionX Singapore Hackathon
- Judge, Kaspersky Secur'IT Cup Singapore Conference
- Judge, Kaspersky Secur'IT Cup Singapore Ideas Hackathon
- Visiting Lecturer, Ostbayerische Technische Hochschule Regensburg, Regensburg, Germany
Cyber ranges, cyber defense exercises, and capture-the-flag
Anti-fraud / Anti-cheat for education
Digital forensics and anti-forensics
Automation for cybersecurity / digital forensics
Blockchain and applied cryptography
- Realistic Cyber Environment for Education and Experimentation– Present
Principal Investigator, Realistic Cyber Environment for Education and Experimentation, Apr 2021 - Apr 2023. Grant Amount: S$249,980 / SIT Ignition Grant.
- GoSecure for ICT SMEs–
Project Lead, GoSecure for ICT SMEs, May 2018 - Dec 2021. Funding Agency: Infocomm Media Development Authority of Singapore.
- Heel Raise Measurement Device for Plantarflexion Physiotherapy–
Co-Principal Investigator, Heel Raise Measurement Device for Plantarflexion Physiotherapy, Nov 2015 - Aug 2017. Grant Amount: S$179,800 / SIT Ignition Grant.
W. Goh and C. K. Yeo, "Teaching an Old TPM New Tricks: Repurposing for Identity-Based Signatures," IEEE Security & Privacy Magazine, vol. 11, no. 5, pp. 28-35, Sep. 2013.
W. Goh, P. C. Leong, and C. K. Yeo, "A Plausibly-Deniable, Practical Trusted Platform Module Based Anti-Forensics Client-Server System," IEEE Journal on Selected Areas in Communications, vol. 29, no. 7, pp. 1377-1391, Aug. 2011.
S. R. Toh, W. Goh and C. K. Yeo, "Data Exchange via Multiplexed Color QR Codes on Mobile Devices," in 2016 Wireless Telecommunications Symposium (WTS), London, United Kingdom, Apr. 2016, pp. 1-6.
A. Q. Chen and W. Goh, "Two Factor Authentication Made Easy," in 2015 International Conference on Web Engineering (ICWE 2015), Rotterdam, The Netherlands, Jun. 2015, pp. 449-458.
C. Lee, L. Yi, L.-H. Tan, W. Goh, B. S. Lee and C. K. Yeo, "A Wavelet Entropy-Based Change Point Detection on Network Traffic: A Case Study of Heartbleed Vulnerability," in 2014 IEEE 6th International Conference on Cloud Computing Technology and Science (CloudCom 2014), Singapore, Dec. 2014, pp. 995-1000.
W. Goh and C. K. Yeo, "Cryptanalyzing the Efficient Identity-Based RSA and GQ Multisignature Schemes," in 2014 International Wireless Communications and Mobile Computing Conference (IWCMC 2014), Nicosia, Cyprus, Aug. 2014, pp. 875-880.
W. Goh and C. K. Yeo, "Anonymity-Preserving Identity-Based Multisignature Scheme with Provision for Origin Self-Revelation," in 2013 IEEE Global Telecommunications Conference (GLOBECOM 2013), Atlanta, GA, Dec. 2013, pp. 855-860.
W. Goh and C. K. Yeo, "Threat Mitigation in Tactical-Level Disruption Tolerant Networks," in 2012 IEEE Global Telecommunications Conference (GLOBECOM 2012), Anaheim, CA, Dec. 2012, pp. 997-1003.
F. C. Lee, W. Goh, and C. K. Yeo, "A Queuing Mechanism to Alleviate Flooding Attacks in Probabilistic Delay Tolerant Networks," in 2010 Sixth Advanced International Conference on Telecommunications (AICT 2010), Barcelona, Spain, May 2010, pp. 329-334.
W. Goh, P. C. Leong, and C. K. Yeo, "A Trusted Platform Module Based Anti-Forensics System," in IFIP International Conference on Network and Service Security, 2009 (N2S '09), Paris, France, Jun. 2009, pp. 1-5.
Information and Communications Technology (Information Security), BEng (Hons)
- ICT2202 - Digital Forensics
- ICT2206 - Web Security
- ICT2205 - Applied Cryptography
- ICT2207 - Mobile Security
- ICT1003 - Computer Organisation and Architecture [Tutorials / Practical Sessions]
- ICT3103 / 3203 - Secure Software Development