CYBERSECURITY RESEARCHER
Hamizan Azman
Currently researching LLM supply chain security at SMU under NTU CRPO. Bug bounty hunter and Cybersecurity Clinic lead on the side.
01 // ABOUT
I'm a 20-year-old cybersecurity researcher based in Singapore, graduating from Cybersecurity and Digital Forensics at Temasek Polytechnic.
I currently research LLM supply chain security under Prof Xie Xiaofei at Singapore Management University, through the NTU CRPO Cyber Translation programme. My work focuses on securing the open-source AI ecosystem by analyzing dependency-level threats and building reproducible vulnerability environments.
I also founded and lead the TP Cybersecurity Clinic . I led the founding team as its first Lead Student Ambassador, where we helped 38 small businesses across Singapore strengthen their security posture. The clinic is backed by The Asia Foundation and Google.org.
Recently got into bug bounty hunting and earned a reward for a Medium 6.8 vulnerability in Dovecot, assigned CVE-2026-27855.
QUICK FACTS
02 // EXPERIENCE
LLM Security Research Intern
Singapore Management University
NTU CRPO Cyber Translation Internship Programme
Researching security risks in the LLM/AI software supply chain under Prof Xie Xiaofei. Building reproducible vulnerability environments and analyzing dependency-level threats across open-source AI applications.
- Reproduced 231 vulnerability PoCs as Dockerized shooting ranges with custom attack scripts
- Containerized 41 open-source LLM/AI applications as reproducible Docker images
- Conducted V2 dependency pinning pass, converting loose specifiers to exact pins at lowest working version
- Resolved cross-platform deployment issues (WSL2, CPU vs CUDA PyTorch, Debian incompatibilities)
- Maintained deployment tracker and documented every pinning decision
Lead Student Ambassador
TP Cybersecurity Clinic
Backed by The Asia Foundation & Google.org
Led the founding team as its first Lead Student Ambassador. Ran Singapore's first polytechnic-based cybersecurity clinic serving micro, small, and medium enterprises across the nation.
- Personally conducted 12 on-site cybersecurity programmes, the most of any ambassador
- Recruited, trained, and mentored 40 ambassadors
- Clinic supported 38 MSMEs across Singapore, with 3 companies returning for up to 4 engagements
- Instrumental in collaboration with NTU CRPO and clinic's entry into the CyberSG Consortium
- 2 companies offered internships on the spot during engagements
Malware Analyst Intern
Temasek Polytechnic
Contributed to deepfake detection research and represented Temasek Polytechnic at national events. Conducted independent malware reverse engineering.
- Presented DeepVysion+ (Best Major Project 2024) at GovWare 2025 to an international audience
- Presented to defence personnel including David Neo and Major-General (MG) Lee Yi-Jin at SAF Day 2025
- GovWare networking directly led to SMU research internship offer
03 // MEDIA
Human Resources Online
Temasek Polytechnic Students Step In to Strengthen MSME Cybersecurity
Temasek Polytechnic
TP Launches Cybersecurity Clinic, Empowering Students to Strengthen MSME Digital Resilience
TP IIT (Facebook)
First Batch of DIS Cyber Specialists Under Work-Learn Scheme
TP IIT (Facebook)
Cybersecurity Clinic Video Feature
04 // TESTIMONIAL
“I recommend him without reservation and am confident he will continue to excel in any academic or professional setting he chooses to pursue. He is a capable leader, a reliable team member, and a young professional of integrity and promise.”
05 // CERTIFICATIONS
CompTIA Security+ SY0-701
CompTIA
Industry-standard cybersecurity certification. Funded by AMP Singapore.
HTB Certified Penetration Testing Specialist (CPTS)
Hack The Box
Advanced penetration testing certification. 7/28 modules completed. Exam voucher funded by AMP.
AWS Solutions Architect Associate (SAA)
Amazon Web Services
Cloud architecture and infrastructure certification.
06 // PROJECTS
LLM Supply Chain Security Analysis
Comprehensive security analysis of 49 open-source LLM/AI applications. Containerized 41 apps as reproducible Docker images, performed dependency pinning to mitigate supply chain risks, and built deployment documentation for each application.
49
Apps Analyzed
41
Containerized
8
Triaged
Vulnerability PoC Reproduction Framework
Reproduced 231 vulnerability proof-of-concepts as Dockerized shooting ranges. Each PoC includes a vulnerable server, attack script, Dockerfile, README, and beginner-friendly notes. Identified duplicates and corrected inaccurate JSON fields across the entire dataset.
231
PoCs Reproduced
100%
Completion Rate
DeepVysion+ @ GovWare 2025 & SAF Day
Presented the DeepVysion+ multi-modal deepfake detection platform (Best Major Project, 2024 cohort) at GovWare 2025 to an international cybersecurity audience. Also presented to defence personnel including David Neo and Major-General (MG) Lee Yi-Jin, along with other SAF and DIS staff.
#1
Best Major Project
GovWare
Presented At
Bug Bounty Hunting
Started bug bounty hunting in mid-February 2026. Earned a reward for discovering a Medium 6.8 vulnerability in Dovecot (CVE-2026-27855): auth_cache_remove() uses the wrong username field, allowing OTP replay when passdb rewrites the username for improper authentication.
6.8
CVSS (Medium)
1
Rewarded Vuln
07 // IMPACT
231
Vulnerability PoCs Reproduced
100% completion rate across full dataset
41
LLM Apps Containerized
Reproducible Docker images pushed to Docker Hub
38
MSMEs Supported
Businesses secured through Cybersecurity Clinic
40
Ambassadors Trained
Recruited and mentored as Lead Student Ambassador
12
On-Site Programmes
Most of any ambassador, conducted physically
2
Internship Offers On-Site
Companies offered positions during clinic engagements
08 // CONTACT
Let's connect.
I'm open to research collaborations, mentorship opportunities, and conversations about AI security. Currently based in Singapore.
Built by Hamizan Azman · hamizanazman.com