GovWare 2025
Presenter, DeepVysion+
Selected to present DeepVysion+, the Temasek Polytechnic 2024-cohort Best Major Project, to an international cybersecurity audience.
CYBERSECURITY RESEARCHER
Security research at Singapore Management University, supervised by Prof Xiaofei Xie with Dr Lili Quan. Working on publishing a first-author paper on vulnerabilities LLMs miss, incoming DIS Cyber Specialist, awarded with four paid bug bounties.







01 // ABOUT
I'm a 20-year-old in Singapore with a Diploma in Cybersecurity and Digital Forensics from Temasek Polytechnic.
Since February 2026 I have been a research intern at Singapore Management University under Prof Xiaofei Xie, with Dr Lili Quan. I'm working on a first-author paper studying vulnerabilities LLMs miss across real-world open-Source software and targeting a top security or software-engineering venue.
On the disclosure side, I have been awarded one CVE published at CVSS 6.8 Medium, a second vulnerability at CVSS 6.9 Medium, third at CVSS 6.8 Medium, and a fourth at CVSS 4.8 Medium. Four paid bug bounties total across three programmes, eight valid duplicate findings, and was active in an invite-only GovTech Bug Bounty Programme.
I helped found the TP Cybersecurity Clinic as its first Lead Student Ambassador from August 2025 to February 2026, helping run Singapore's first cybersecurity clinic for MSMEs. I oversaw 38 MSMEs being supported and 40 ambassadors trained, with 12 on-site engagements I personally led. I was behind its admittance into the CyberSG Consortium.
I'm also an incoming DIS Cyber Specialist through the DIS University Work-Learn Scheme in 2026.
02 // TESTIMONIALS
“His contribution has been well beyond what I usually see from a student before university… I recommend Hamizan very strongly. I would be happy to continue working with him in my research group during his undergraduate studies.”


“I recommend him without reservation and am confident he will continue to excel in any academic or professional setting he chooses to pursue. He is a capable leader, a reliable team member, and a young professional of integrity and promise.”


03 // RESEARCH
I'm conducting an empirical study of real-world open-source vulnerability fixes, looking at which vulnerabilities LLM-based code reviews miss and what that means for future AI security tooling. I'm aiming for a top security or software-engineering venue, supervised by Prof Xiaofei Xie and Dr Lili Quan.
1st
Author
2026
SMU Internship
I responsibly submitted disclosures of vulnerabilities found from a collaborative LLM application security project. I audited every piece of evidence, grouped genuine candidates and disclosed issues. I tracked an accurate record which kept the research claims conservative and accurate.
297
Rows Audited
56
Candidates Grouped
Related lab work continued. Reproduced 231 vulnerability PoCs from the lab's library-CVE dataset as Dockerised shooting ranges. Each PoC bundles a vulnerable server, attack script, Dockerfile, README, and reproduction notes. Anyone can clone and run.
231
PoCs Reproduced
100%
Completion Rate
I worked on a collaborative empirical study on the reproducibility of open-source LLM applications. I triaged 102 apps and got 79 of them deploying as pinned Docker images for the research group's use. Written failure analysis for the remaining 23, which were Python or CUDA version mismatches and upstream submodule rot.
102
Apps Triaged
79
Deployed
83
Docker Images
I contributed to the first alpha version of the lab's automated application pentest engine, before Prof Xiaofei Xie reworked the platform. My part was the exploit-generation flow and CVE search hooks, plus DOCX report generation and progress streaming. The source is private.
Alpha
Early Version
8
Tasks Delivered
04 // DISCLOSURES
I started my bug bounty hunting journey right after joining SMU as a research intern. Yuelin Wang, a PhD student in Prof Xie's group, inspired me to get into it. I worked closely with his vulnerability research and was impressed with how well he was doing across many YesWeHack leaderboards. It made me want to try it myself. So I treated it like my own passion project and did it every weekend. When I began, I struggled with a lot of my findings coming back as duplicates. Since they were still valid findings, I kept pushing through. My bug bounty hunting journey has been paused since April, when I took on my own first-author research project.
1
CVE Published
Dovecot CVE-2026-27855 (CVSS 6.8 Medium)
3
Further Awarded Bugs
CVSS 6.9, 6.8, and 4.8 via HackerOne
4
Paid Bounties
Across 3 programmes
8
Valid-but-Dupes
Accepted impact, duplicate reports

auth_cache_remove() uses the wrong username field, allowing OTP replay when passdb rewrites the username during improper authentication. CVSS 6.8 Medium. Monetary reward via YesWeHack. Acknowledged on Dovecot's security disclosures page.

Three further bug bounties rewarded via HackerOne, at CVSS 6.9 Medium, CVSS 6.8 Medium, and CVSS 4.8 Medium. CVE assignment depends on vendor coordination.
Was invited into and active in GBBP17, the GovTech Bug Bounty Programme. Invite-only. Programme details remain under NDA.
Eight additional findings were accepted as valid but duplicate. They did not become bounty wins, but they reflect repeated real vulnerability discovery and report quality.
05 // EXPERIENCE
Singapore Management University
Selected via NTU CRPO Cyber Translation Internship Programme
Research intern under Prof Xiaofei Xie, with Dr Lili Quan as day-to-day supervisor. First author on an empirical paper still in the works, studying vulnerabilities LLMs miss across real-world GitHub vulnerability fixes.
TP Cybersecurity Clinic
Sponsored by The Asia Foundation, supported by Google.org
Founding Lead Student Ambassador with pre-pilot involvement before the August 2025 launch. Ran Singapore's first polytechnic-led cybersecurity clinic for micro, small, and medium enterprises.
TP Malware Analysis Centre
Researched deepfake detection methods. Represented Temasek Polytechnic at national and international events. Also conducted independent malware reverse engineering.
06 // RECOGNITION

Human Resources Online
Temasek Polytechnic Students Step In to Strengthen MSME Cybersecurity

Temasek Polytechnic
TP Launches Cybersecurity Clinic, Empowering Students to Strengthen MSME Digital Resilience

TP IIT (Facebook)
First Batch of DIS Cyber Specialists Under Work-Learn Scheme
TP IIT (Facebook)
Cybersecurity Clinic Video Feature
07 // EVENTS
Presenter, DeepVysion+
Selected to present DeepVysion+, the Temasek Polytechnic 2024-cohort Best Major Project, to an international cybersecurity audience.
Presenter, DeepVysion+

Selected to present DeepVysion+ to David Neo, Major-General (MG) Lee Yi-Jin, and other SAF and DIS staff.
Presenter
Selected to present DeepVysion+ and lab capabilities at TP MAC to visiting groups including Singapore Police Force, Lifelong Learning Institute, and NUS School of Computing leadership.
Student speaker and coordinator
Spoke to the entire Temasek Polytechnic freshman cohort in an auditorium. Coordinated and led other senior students who presented across other cybersecurity and IT modules.
Speaker
Spoke as a representative during Temasek Polytechnic's Open House.
Volunteer staff
Volunteer staff supporting the inaugural Temasek Polytechnic x Hong Kong IIT International Hackathon.
08 // ACHIEVEMENTS
DIS University Work-Learn Scheme
Digital and Intelligence Service (Singapore)
Incoming DIS Cyber Specialist for the 2026 University Work-Learn Scheme.
PolyFinTech100 API Hackathon (NETS track)
Singapore FinTech Festival
Runner-up.
GovTech AI Hackathon
GovTech Singapore
Top 20% of participants.
09 // COMMUNITY
Malay Activity Executive Committee, Punggol Community Club
Volunteer on the MAEC. Helped run Hari Raya events, food and care distributions, and community get-togethers.
Homage Care Professional
Daily care shifts on Homage across Singapore which included overnight and full-day patient care.
Tarawih4Youth at Masjid Sultan
Staff member during the Tarawih4Youth programme at Masjid Sultan, Ramadan 2026.
Ramadan 2026 food distribution at Masjid Ghufran
Helped distribute food to the needy during Ramadan 2026.
Secondary 4 mentoring
Hosted a Secondary 4 student for a one-week shadow programme at Temasek Polytechnic. Taught throughout the week and motivated him to begin HTB CPTS and Cisco CCNA. He is now around halfway through both at age 15.
10 // CONTACT
I'm open to research collaborations, mentorship opportunities, and conversations about AI/LLM security. Currently based in Singapore.
20 · Cybersecurity & Digital Forensics graduate · LLM security and vulnerability research