HESED & EMET // ADVISORY
AI · Cybersecurity · Human Risk

Intelligent.
Secure.
Human-Centered.

We advise organisations at the intersection of AI, cybersecurity, and human behaviour — translating emerging technologies into clear strategy while strengthening resilience against evolving threats._

Our Services Let's Talk
6+
Practice Areas
100%
Advisory-Led
0x
Vendor Bias
What We Do

Where Technology
Meets Trust

We partner with leaders to navigate AI, cybersecurity, and human risk — building systems that are not only intelligent and secure, but trusted.

01
AI Strategy & Governance
Translating emerging AI into clear, actionable organisational strategy. From deployment planning to governance frameworks, responsible adoption, and regulatory alignment.
AI Strategy ISO 42001 EU AI Act
02
Cybersecurity & Digital Resilience
Strategic advisory for organisations facing evolving digital threats — security architecture, threat modelling, and resilience planning that keeps pace with an AI-accelerated threat landscape.
Zero Trust NIST CSF Resilience
03
Human Risk Advisory
Addressing the human layer — the most underestimated factor in security and transformation. We examine how people design, use, and govern technology, and where that creates exploitable risk.
Insider Risk Behaviour Social Engineering
04
Training & Capability Building
Bespoke programmes for boards, leadership teams, and operational staff — translating AI and cyber complexity into the language of confident, informed decision-making at every level.
Board-Level Tabletop Workshops
05
Regulatory & Compliance Navigation
Turning regulatory complexity into operational clarity. We help organisations interpret and implement MAS guidelines, PDPA, GDPR, and emerging AI-specific frameworks across jurisdictions.
PDPA MAS TRM GDPR
06
Secure AI Deployment
End-to-end advisory for organisations integrating AI — from vendor evaluation to model risk assessment and safety-by-design principles, ensuring trust from architecture to production.
MLSecOps Model Risk Red Teaming
Who We Are

Conviction, Craft,
Competence.

At Hesed & Emet Advisory, we work at the intersection of AI, cybersecurity, and human behaviour — advising organisations on navigating complexity in an increasingly digital world.

We partner with leaders to translate emerging technologies into clear, actionable strategy, while strengthening resilience against evolving cyber and human risks. Our work spans strategic advisory, capability development, and training — grounded in the belief that technology alone is insufficient without aligning the people who design, use, and govern it.

Our approach is advisory-first. No tool sales, no vendor bias. We bring practitioner-level experience to every engagement and speak both the language of engineers and the language of the boardroom.

On Our Name
Hesed — steadfast loyalty, grace extended beyond obligation.
Emet — truth, integrity, that which can be relied upon.

These ancient values are the standard we hold ourselves to in every engagement.
Independence
Vendor-neutral and product-agnostic. My recommendations serve your interests — not a sales quota or a preferred platform.
Human-Centered Thinking
Technology risk is inseparable from human behaviour. We examine both — because systems are only as resilient as the people who operate them.
Confidentiality
Your vulnerabilities are not our portfolio. Every engagement is treated with absolute discretion.
Long-term Partnership
The best advisory work happens over time, with deep context. We build relationships — not just reports.
The Principal

Built on Practitioner Experience

Aaron Ang, Co-Founder of Hesed & Emet Advisory
Aaron Ang
Co-Founder, Chief Architect & Principal Advisor
Connect on LinkedIn

Aaron Ang is a senior cybersecurity and AI strategist whose career has operated at the intersection of national policy, digital resilience, and emerging technology. With a formative tenure at the Cyber Security Agency of Singapore (CSA), he has shaped initiatives that function at national scale — contributing to Singapore's cybersecurity posture, informing the direction of workforce and talent development, and building the capability of both public institutions and private enterprises to navigate an increasingly complex threat environment.

He brings a rare ability to work across the full spectrum: from identifying strategic market opportunities in emerging technology to architecting the governance frameworks and human systems needed to deploy them responsibly. His work spans national programmes, cross-sector partnerships, and executive advisory — always oriented toward the question of how technology can be adopted more effectively, and with greater confidence, by the people and organisations that depend on it.

Aaron is a trusted voice in Singapore's cybersecurity community — regularly called upon by national and regional media to provide expert commentary on major incidents, evolving threats, and the policy implications of an increasingly digital world. His perspective bridges practitioner depth with strategic clarity, making him a sought-after reference point for institutions, boards, and journalists alike.

Alumni
Cyber Security Agency of Singapore (CSA)
Served at Singapore's national cybersecurity authority — designing national cyber education programmes, leading inaugural government CTF exercises, and contributing to responsible vulnerability disclosure processes that strengthen the security of critical infrastructure.
Vice-President & Youth Lead
Digital Defence Alliance Singapore (DDAS)
DDAS is a non-profit cornerstone of Singapore's Total Defence strategy — partnered with MINDEF Nexus, IMDA, and the National Youth Council to fortify the nation's Digital Defence pillar. A partner of IMDA's Digital for Life movement (636,000+ beneficiaries; ASEAN Digital Awards 2024 winner), DDAS drives digital readiness and cyber resilience across citizens, institutions, and leaders. As Vice-President and Youth Lead, Aaron sits at the centre of Singapore's whole-of-nation approach to digital security and AI governance.
Media & Public Commentary
Voice on Singapore's Cybersecurity Landscape
A trusted expert commentator for national and regional media — called upon to provide insight on Singapore's most significant cybersecurity incidents, data breaches, AI-related threats, and digital policy decisions affecting the broader Asia-Pacific region.
Aaron in the Media
The Straits
Times
Concerns Raised Over Ease of Accessing NRIC Numbers from ACRA Portal
ACRA's new Bizfile portal exposed the full NRIC numbers of Singapore citizens — including cabinet ministers — to public search without login. The incident triggered a national reckoning over digital identity infrastructure, data protection policy, and government accountability in the digital age.
"If this blunder by the Government has in some way enabled cyber criminals, then I think that while the government agencies have invested so much in scam prevention, we have inadvertently shot ourselves in the foot and moved steps backwards."
Read Article →
CNA
Podcast
What Does Unmasking NRIC Numbers Mean for Your Privacy and Security?
Featured on Channel NewsAsia's deep-dive podcast alongside legal experts from Rajah & Tann Singapore, examining the privacy and security implications of Singapore's NRIC unmasking policy — and what individuals and organisations must now do to protect themselves.
"The unmasking makes Singaporeans extremely vulnerable to scammers who use NRIC numbers to secure the trust of victims — this is the kind of data that enables highly targeted, convincing attacks."
Listen to Podcast →
The Straits
Times
Some Telco Technical Data May Open More Doors for Cyber Attackers
Following the revelation that state-sponsored group UNC3886 had exfiltrated network data from Singapore's four major telcos, Aaron was called upon to explain the strategic risk of stolen infrastructure blueprints — and why technical data is often more dangerous than personal data in the wrong hands.
"Such technical data is like the blueprints and guard schedules of a building. A thief with it knows exactly where to enter, which paths avoid cameras, and how to reach restricted rooms — including backdoors into neighbouring buildings."
Read Article →
The Straits
Times
Singtel Outage: Experts Call for Review of Emergency Hotline Contingency Plans
A major Singtel landline outage in October 2024 severed access to police and SCDF emergency lines 999 and 995 for hours. Cybersecurity experts questioned why critical public safety infrastructure lacked immediate failover, and called for a systemic review of contingency planning across operators.
"It appears that emergency hotline operators did not have backup services ready for immediate switchover — given the hours-long disruption, the gap in resilience planning is difficult to overlook."
Read Article →
The Straits
Times
Singtel Hit by Second Disruption a Day After Eight-Hour Outage
When Singtel suffered a second major outage within 24 hours — disrupting payments, ride-hailing, and essential services across Singapore — Aaron provided expert perspective on why post-incident recovery actions can carry their own risks, and what repeated failures signal about infrastructure resilience.
"Engineers responding to a major outage often restart systems, reroute traffic, or implement quick fixes — and such remedial actions may themselves shift loads in ways that trigger secondary disruptions."
Read Article →
The Straits
Times
Telcos, Banks, Chat Apps Among Online Services to Experience Temporary Spike in Disruptions
A concurrent spike in disruptions across Singapore's digital infrastructure — spanning telcos, banks, and messaging platforms — raised concerns about systemic interdependencies in the nation's online services and what simultaneous failures mean for digital resilience.
Read Article →
Mothership
Hacker Obtains OTP via Help Chat, Activates Circles.Life User's eSIM & Logs Into E-commerce Accounts
A social engineering attack on Circles.Life's customer service channel allowed a bad actor to take over a victim's eSIM and access her e-commerce accounts — without exploiting any technical vulnerability. Aaron explained why the incident exposed a fundamental process gap, not a technology one.
"This is more of a process issue than a vulnerability. OTPs should never be provided over chat — it simply defeats the purpose of having an OTP. The bar for verification must be higher than what a social engineer can talk their way past."
Read Article →
8world
Feature
From Obesity Diagnosis to Full Marathon: A Personal Journey
A personal feature by 8world on Aaron's journey from being overweight and clinically diagnosed with obesity, to lining up at the start of the Standard Chartered Singapore Marathon. A story of discipline, resilience, and the belief that transformation — personal or organisational — is always possible with the right mindset.
Read Feature →
Conferences & Speaking

On the Global Stage

Aaron is a sought-after voice at Asia's most prominent cybersecurity, AI, and digital policy forums — shaping conversations that matter at the highest levels of industry and government.

Data Centre Asia Hong Kong 2025 — Human Risk
July 2025 Featured Speaker
Data Centre Asia — Hong Kong (Inaugural Edition) · AsiaWorld-Expo
Human Risk in Data Centre Operations
Closing out the inaugural Data Centre Asia conference in Hong Kong, Aaron brought urgent attention to the most overlooked vulnerability in modern infrastructure: people. As data centres become smarter, more sustainable, and increasingly AI-driven, he examined how human behaviour — in design, operations, and governance — remains the critical risk layer that technology alone cannot solve.
Data Centre Asia Hong Kong 2025 — AI Trust Panel
July 2025 Panelist
Data Centre Asia — Hong Kong · AsiaWorld-Expo
Trust in AI, Risk, and Security
As AI systems grow more autonomous and embedded in critical infrastructure, Aaron joined a senior panel to examine the governance architectures, risk frameworks, and security protocols required to deploy AI responsibly in high-stakes data centre environments — and what trust must look like at scale.
CyberDSA 2025 Kuala Lumpur
Sep / Oct 2025 Speaker
CyberDSA 2025 · MITEC, Kuala Lumpur
AI Adversaries: Weaponising Generative AI
At one of Asia's premier cybersecurity and defence technology conferences — drawing over 8,000 professionals from 45 countries — Aaron explored how malicious actors are weaponising generative AI across the attack chain: from AI-driven phishing and deepfakes to automated red-teaming and adversarial machine learning. He challenged defenders to rethink their resilience playbooks entirely for the age of synthetic threats.
Cyber Security World Asia Singapore 2025
Oct 2025 Panel Moderator
Cyber Security World Asia 2025 · Marina Bay Sands, Singapore
Next-Generation Threat Hunting: Leveraging AI and Automation for Proactive Defence
Moderating a high-level panel at Singapore's premier cybersecurity gathering — part of Singapore Technology Week — Aaron guided expert dialogue on the future of proactive security: how organisations can move decisively beyond reactive postures, harnessing AI and automation to identify, anticipate, and neutralise threats before they escalate into incidents.
GovWare SICW Arctic Security 2025
Oct 2025 Panelist
GovWare / Singapore International Cyber Week × Arctic Security Ltd · Embassy of Finland, Singapore
Solving Emerging Cyber Problems Together
At an exclusive security networking reception co-hosted by His Excellency Juha Markkanen, Ambassador of Finland to Singapore, Aaron joined an elite gathering of international cybersecurity leaders at the Embassy of Finland. The session brought together practitioners and policymakers from across the globe to address the most pressing and complex emerging challenges in the cyber landscape — in the spirit of open, high-trust collaboration.
World AI Show Kuala Lumpur 2025
Oct 2025 Panelist
World AI Show Malaysia 2025 · DoubleTree by Hilton, Kuala Lumpur
Adaptive Defense: AI's Growing Impact on Cyber Resilience
Sharing the stage with senior AI and cybersecurity leaders from across Asia at one of the region's most prestigious AI conferences — supported by Malaysia's MDEC and CyberSecurity Malaysia — Aaron joined a powerful panel examining how adaptive, AI-driven defence frameworks are fundamentally reshaping the way organisations build and sustain cyber resilience against increasingly autonomous adversaries.
Smart Nation Expo Kuala Lumpur 2025
Nov 2025 Panel Speaker
Smart Nation Expo 2025 · MITEC, Kuala Lumpur
Strengthening Malaysia's Digital Backbone: Cyber Resilience, Infrastructure & Regional Collaboration
At Southeast Asia's premier digital transformation exhibition — drawing over 21,000 industry professionals and 600 exhibiting brands — Aaron participated in the Digital Economy Leaders' Discussion, addressing how nations can fortify their digital infrastructure, build cross-border cyber resilience, and collaborate regionally to protect a rapidly expanding digital economy valued at over £1 trillion by 2030.
AI for Asia Fellowship 2025
2025 Speaker
AI for Asia Fellowship · Siklab & National Youth Council Singapore
AI Risks & Opportunities: Navigating the Dual Edge
Invited to speak as part of the AI for Asia Fellowship — a programme cultivating the next generation of Asian AI leaders through Siklab and the National Youth Council of Singapore — Aaron delivered a nuanced exploration of AI's dual nature: its transformative potential to reshape economies and societies, alongside the emergent risks that demand clear-eyed governance, strategic foresight, and human-centred design.
ITE West FutureSmart 2026
2026 Speaker
ITE West — FutureSmart 2026
Navigating AI & Digital Safety with Confidence
At ITE West's FutureSmart conference, Aaron brought grounded, practical insight to an audience of students and educators navigating a world being rapidly reshaped by AI. His session addressed how young people can develop digital safety mindsets, build critical thinking around technology, and step into the future with confidence rather than anxiety — equipping the next generation to be informed, resilient digital citizens.
CybersecAsia Thailand International Cyber Week 2026
2026 Speaker
CybersecAsia × Thailand International Cyber Week 2026
Futureproofing Cybersecurity in the Age of Autonomous AI
At the convergence of CybersecAsia and Thailand's International Cyber Week, Aaron addressed the defining strategic challenge of our era: building cybersecurity architectures that can withstand the next wave of AI-enabled threats. He explored how defenders must evolve their posture, playbooks, and partnerships to stay ahead of adversaries already deploying autonomous AI offensively in the field.
Exclusive Networks Singapore Partner Appreciation Event 2026
2026 Featured Speaker
Exclusive Networks Singapore Partner Appreciation Event 2026
The Future of Cybersecurity: Quantum Security & AI/LLM Security
Invited to address one of Singapore's most influential cybersecurity distribution communities, Aaron examined the frontier threats that will define the coming decade. From the urgency of post-quantum cryptography and the security implications of large language models, to the convergence of AI with both offensive and defensive capabilities — the session delivered a clear-eyed look at what organisations must prepare for now, before these threats become mainstream.
Technology Portfolio

Our Technology
Ecosystem

We advise on technology, invest in it, and carry the products we genuinely stand behind — both those we own and those we partner with.

Our Products Technology we own, operate, and have invested in directly.
A H&E Product
Enquire About Meridian
Meridian.
Organisational Human Risk Intelligence

Security's most persistent vulnerability has never been a system. It is the sum of the behaviours, habits, decisions, and cognitive patterns of every person in your organisation — compounding quietly until they become exploitable. Meridian is built to surface that exposure before it becomes an incident.

Combining AI-driven behavioural analysis with established psychological risk frameworks and the latest threat intelligence, Meridian continuously maps how people across your organisation interact with technology, make decisions under pressure, and respond to manipulation. The result is a living, dynamic risk profile that reflects your actual human attack surface — not a snapshot from your last awareness campaign, but a real-time reading of where you are today.

For executives, Meridian answers the questions that technical security tools fundamentally cannot: What does your organisation's human risk look like at this moment? Which teams, roles, or behavioural patterns present the greatest exposure? Where should intervention be targeted to produce the greatest reduction in risk? Meridian translates the invisible into the actionable — giving leadership the clarity to move with confidence rather than assumption.

Behavioural Risk Profiling AI-Driven Analysis Psychological Risk Frameworks Executive Risk Dashboard Continuous Monitoring Organisational Intelligence
A H&E Product
Enquire About Caliber
Caliber.
Talent Intelligence & Deep Assessment

The cybersecurity and AI talent crisis is not merely a shortage of certified professionals — it is a shortage of the right ones. Certifications and tool proficiencies are table stakes. What separates practitioners who excel in high-pressure, high-consequence roles from those who don't is something far harder to see in a résumé: how they think under uncertainty, how they communicate risk to non-technical leadership, how they behave when the answer isn't in a framework.

Caliber was built to find those qualities. Designed specifically for cybersecurity and AI roles, our assessment platform moves well beyond multiple-choice benchmarks — evaluating candidates through hands-on technical simulations, psychological profiling, and scenario-based challenges that reveal depth of reasoning, ethical judgment, and professional character. By integrating validated behavioural science with real-world technical environments, Caliber surfaces not just what a candidate knows, but who they are as a practitioner — and whether they are built for the complexity the role will demand of them.

Caliber is currently deployed by a national cybersecurity regulatory body as part of their talent identification and evaluation framework — a recognition of the platform's rigour, independence, and the reliable signal it provides in a domain where the cost of a wrong hire extends far beyond the balance sheet.

Psychological Profiling Hands-On Technical Simulation Soft Skills Assessment Scenario-Based Testing Behavioural Science Role-Fit Intelligence
A H&E Product
Virage Visit virage.app
Virage.
AI-Powered Human Risk Training & Simulation

Virage began as the final-year project of an exceptional team of students from Nanyang Polytechnic — a group who saw the growing threat of voice and email scams and built something genuinely innovative in response. When we encountered their work, we didn't just admire it. We acquired it, invested heavily in its development, and brought it into our practice — because we believed in both the product and the people behind it.

At its core, Virage is a phishing and vishing simulation platform that places the human layer — the most exploited and least defended surface in any organisation — at the centre of cyber resilience. The platform generates realistic, multilingual, AI-driven simulations of email phishing and voice scam scenarios, modelled on real-world attack patterns and tuned to the way people actually communicate in Singapore and across the region.

Organisations using Virage don't just train their people — they measure vulnerability, track improvement over time, and build a culture where scepticism is a reflex, not an afterthought. It is the operational expression of everything we believe about human risk: that awareness alone is insufficient, and that the only way to know whether your people are ready is to test them before the adversary does.

Vishing Simulation Phishing Simulation Behavioural Analytics Multilingual AI Scenarios Vulnerability Dashboards Human Risk Metrics
Technology Partners Carefully selected products we carry, recommend, and deploy for our clients.
Technology Partner
Visit cyberbay.tech
Cyberbay.
A Connected Cybersecurity Ecosystem for Continuous Protection

Most organisations treat security as a series of events — a penetration test here, an audit there. Cyberbay is built on a different premise: that meaningful protection requires continuous visibility, persistent intelligence, and honest external challenge. Their platform converges AI-driven attack surface monitoring, real-time threat intelligence, and a pre-vetted global community of ethical security researchers into a single, coherent ecosystem — one that finds what your internal teams cannot, and keeps finding it as your environment evolves.

We partner with Cyberbay because they operationalise something we advocate for in every client engagement: the shift from reactive defence to proactive resilience. Through Cyberbay's crowdsourced vulnerability discovery programmes, organisations gain access to a diverse, motivated community of researchers whose breadth of technique and independence of perspective surfaces critical weaknesses that structured assessments routinely miss. Their threat intelligence capability — tracking adversary activity, attack signals, and digital exposure across industries and regions — gives clients the early warning needed to respond before incidents escalate.

Together, we deploy Cyberbay's capabilities as part of integrated advisory engagements — helping clients not just identify their exposure, but understand it in the context of their risk appetite, governance frameworks, and the human factors that ultimately determine whether vulnerabilities get remediated or remain open. Because in our experience, the difference between a finding and a fix is rarely technical. It's organisational.

Crowdsourced Vulnerability Discovery AI Attack Surface Monitoring Threat Intelligence Continuous Security Testing Security Risk Assessment Virtual CISO
Technology Partner
Codeezy Visit codeezy.net
Codeezy.
Building the Next Generation of Digital Changemakers

Sustainable digital resilience cannot be built at the top of the talent pipeline alone. The practitioners, architects, and decision-makers who will define how Singapore and the region navigates the next decade of technological complexity are being shaped right now — in classrooms and enrichment centres, in the first moments where a young person encounters a problem and learns whether they can build their way through it.

Codeezy is where that foundation is laid. Founded by educators who have taught over 500 students between them, Codeezy builds genuine, lasting digital capability in children through structured, outcome-led coding programmes. The design principle is unambiguous: every student finishes having built and launched something real — an app, a website, a game. Not a certificate of participation, but tangible evidence of capability. That philosophy — that learning only lands when it produces something — is one we recognise and deeply respect, because it mirrors how we approach capability development at the organisational level.

Our partnership with Codeezy reflects a conviction that runs through everything H&E does: that the human layer matters at every stage. The talent we need in cybersecurity and AI tomorrow is learning to code today. Investing in that pipeline early, deliberately, and well is not peripheral to our mission — it is an extension of it.

Children's Coding Education App & Game Development DSA Preparation STEM Enrichment Digital Literacy Talent Pipeline Development
Our Work

Selected
Engagements

All engagements are presented with client confidentiality in mind. Details are indicative of scope and nature of work.

001
AI Governance Framework for Regional Bank
Designed an end-to-end AI governance and deployment framework aligned with MAS Model Risk guidelines for an ASEAN commercial bank rolling out credit-scoring models.
Financial Services
002
Human Risk Assessment & Programme Design
Conducted a human risk assessment for a critical infrastructure operator, mapping behavioural vulnerabilities across staff, contractors, and leadership — and designing targeted mitigation programmes.
Critical Infrastructure
003
Cybersecurity Strategy & Digital Resilience
Advised a Southeast Asian organisation on transitioning to a Zero Trust security posture — covering architecture review, policy redesign, and staff capability uplift across multiple business units.
Enterprise
004
AI Deployment Risk & Red Team Advisory
Advised on the secure deployment of a proprietary LLM system, identifying prompt injection risks, data governance gaps, and human oversight failures prior to production launch.
Technology
005
Board & Executive Capability Programme
Designed and delivered a multi-session capability programme for a C-suite and board, covering AI strategy, cyber resilience, human risk, and responsible technology governance.
Leadership
Get In Touch

Begin the
Conversation.

Whether you're facing an immediate challenge or planning your long-term AI and security posture, we'd like to hear from you. Engagements typically begin with a complimentary 60-minute discovery call.

Based Singapore, with regional reach across APAC
Email hello@hesedemet.asia
Response Within 1 business day
Phone +65 6829 2146
Address #42-00, Suntec Tower Three
8 Temasek Blvd, Singapore 038988