HESED & EMET // ADVISORY
AI · Cybersecurity · Human Risk

Intelligent.
Secure.
Human-Centered.

We advise organisations at the intersection of AI, cybersecurity, and human behaviour — translating emerging technologies into clear strategy while strengthening resilience against evolving threats._

Our Services Let's Talk
6+
Practice Areas
100%
Advisory-Led
0x
Vendor Bias
What We Do

Where Technology
Meets Trust

We partner with leaders to navigate AI, cybersecurity, and human risk — building systems that are not only intelligent and secure, but trusted.

01
AI Strategy & Governance
Translating emerging AI into clear, actionable organisational strategy. From deployment planning to governance frameworks, responsible adoption, and regulatory alignment.
AI Strategy ISO 42001 EU AI Act
02
Cybersecurity & Digital Resilience
Strategic advisory for organisations facing evolving digital threats — security architecture, threat modelling, and resilience planning that keeps pace with an AI-accelerated threat landscape.
Zero Trust NIST CSF Resilience
03
Human Risk Advisory
Addressing the human layer — the most underestimated factor in security and transformation. We examine how people design, use, and govern technology, and where that creates exploitable risk.
Insider Risk Behaviour Social Engineering
04
Training & Capability Building
Bespoke programmes for boards, leadership teams, and operational staff — translating AI and cyber complexity into the language of confident, informed decision-making at every level.
Board-Level Tabletop Workshops
05
Regulatory & Compliance Navigation
Turning regulatory complexity into operational clarity. We help organisations interpret and implement MAS guidelines, PDPA, GDPR, and emerging AI-specific frameworks across jurisdictions.
PDPA MAS TRM GDPR
06
Secure AI Deployment
End-to-end advisory for organisations integrating AI — from vendor evaluation to model risk assessment and safety-by-design principles, ensuring trust from architecture to production.
MLSecOps Model Risk Red Teaming
Who We Are

Conviction, Craft,
Competence.

At Hesed & Emet Advisory, we work at the intersection of AI, cybersecurity, and human behaviour — advising organisations on navigating complexity in an increasingly digital world.

We partner with leaders to translate emerging technologies into clear, actionable strategy, while strengthening resilience against evolving cyber and human risks. Our work spans strategic advisory, capability development, and training — grounded in the belief that technology alone is insufficient without aligning the people who design, use, and govern it.

Our approach is advisory-first. No tool sales, no vendor bias. We bring practitioner-level experience to every engagement and speak both the language of engineers and the language of the boardroom.

On Our Name
Hesed — steadfast loyalty, grace extended beyond obligation.
Emet — truth, integrity, that which can be relied upon.

These ancient values are the standard we hold ourselves to in every engagement.
Independence
Vendor-neutral and product-agnostic. My recommendations serve your interests — not a sales quota or a preferred platform.
Human-Centered Thinking
Technology risk is inseparable from human behaviour. We examine both — because systems are only as resilient as the people who operate them.
Confidentiality
Your vulnerabilities are not our portfolio. Every engagement is treated with absolute discretion.
Long-term Partnership
The best advisory work happens over time, with deep context. We build relationships — not just reports.
The Principal

Built on Practitioner Experience

Aaron Ang, Co-Founder of Hesed & Emet Advisory
Aaron Ang
Co-Founder, Chief Architect & Principal Advisor
Connect on LinkedIn

Aaron Ang is a senior cybersecurity and AI strategist whose career has operated at the intersection of national policy, digital resilience, and emerging technology. With a formative tenure at the Cyber Security Agency of Singapore (CSA), he has shaped initiatives that function at national scale — contributing to Singapore's cybersecurity posture, informing the direction of workforce and talent development, and building the capability of both public institutions and private enterprises to navigate an increasingly complex threat environment.

He brings a rare ability to work across the full spectrum: from identifying strategic market opportunities in emerging technology to architecting the governance frameworks and human systems needed to deploy them responsibly. His work spans national programmes, cross-sector partnerships, and executive advisory — always oriented toward the question of how technology can be adopted more effectively, and with greater confidence, by the people and organisations that depend on it.

Aaron is a trusted voice in Singapore's cybersecurity community — regularly called upon by national and regional media to provide expert commentary on major incidents, evolving threats, and the policy implications of an increasingly digital world. His perspective bridges practitioner depth with strategic clarity, making him a sought-after reference point for institutions, boards, and journalists alike.

Alumni
Cyber Security Agency of Singapore (CSA)
Served at Singapore's national cybersecurity authority — designing national cyber education programmes, leading inaugural government CTF exercises, and contributing to responsible vulnerability disclosure processes that strengthen the security of critical infrastructure.
Vice-President & Youth Lead
Digital Defence Alliance Singapore (DDAS)
DDAS is a non-profit cornerstone of Singapore's Total Defence strategy — partnered with MINDEF Nexus, IMDA, and the National Youth Council to fortify the nation's Digital Defence pillar. A partner of IMDA's Digital for Life movement (636,000+ beneficiaries; ASEAN Digital Awards 2024 winner), DDAS drives digital readiness and cyber resilience across citizens, institutions, and leaders. As Vice-President and Youth Lead, Aaron sits at the centre of Singapore's whole-of-nation approach to digital security and AI governance.
Media & Public Commentary
Voice on Singapore's Cybersecurity Landscape
A trusted expert commentator for national and regional media — called upon to provide insight on Singapore's most significant cybersecurity incidents, data breaches, AI-related threats, and digital policy decisions affecting the broader Asia-Pacific region.
Aaron in the Media
The Straits
Times
Concerns Raised Over Ease of Accessing NRIC Numbers from ACRA Portal
ACRA's new Bizfile portal exposed the full NRIC numbers of Singapore citizens — including cabinet ministers — to public search without login. The incident triggered a national reckoning over digital identity infrastructure, data protection policy, and government accountability in the digital age.
"If this blunder by the Government has in some way enabled cyber criminals, then I think that while the government agencies have invested so much in scam prevention, we have inadvertently shot ourselves in the foot and moved steps backwards."
Read Article →
CNA
Podcast
What Does Unmasking NRIC Numbers Mean for Your Privacy and Security?
Featured on Channel NewsAsia's deep-dive podcast alongside legal experts from Rajah & Tann Singapore, examining the privacy and security implications of Singapore's NRIC unmasking policy — and what individuals and organisations must now do to protect themselves.
"The unmasking makes Singaporeans extremely vulnerable to scammers who use NRIC numbers to secure the trust of victims — this is the kind of data that enables highly targeted, convincing attacks."
Listen to Podcast →
The Straits
Times
Some Telco Technical Data May Open More Doors for Cyber Attackers
Following the revelation that state-sponsored group UNC3886 had exfiltrated network data from Singapore's four major telcos, Aaron was called upon to explain the strategic risk of stolen infrastructure blueprints — and why technical data is often more dangerous than personal data in the wrong hands.
"Such technical data is like the blueprints and guard schedules of a building. A thief with it knows exactly where to enter, which paths avoid cameras, and how to reach restricted rooms — including backdoors into neighbouring buildings."
Read Article →
The Straits
Times
Singtel Outage: Experts Call for Review of Emergency Hotline Contingency Plans
A major Singtel landline outage in October 2024 severed access to police and SCDF emergency lines 999 and 995 for hours. Cybersecurity experts questioned why critical public safety infrastructure lacked immediate failover, and called for a systemic review of contingency planning across operators.
"It appears that emergency hotline operators did not have backup services ready for immediate switchover — given the hours-long disruption, the gap in resilience planning is difficult to overlook."
Read Article →
The Straits
Times
Singtel Hit by Second Disruption a Day After Eight-Hour Outage
When Singtel suffered a second major outage within 24 hours — disrupting payments, ride-hailing, and essential services across Singapore — Aaron provided expert perspective on why post-incident recovery actions can carry their own risks, and what repeated failures signal about infrastructure resilience.
"Engineers responding to a major outage often restart systems, reroute traffic, or implement quick fixes — and such remedial actions may themselves shift loads in ways that trigger secondary disruptions."
Read Article →
The Straits
Times
Telcos, Banks, Chat Apps Among Online Services to Experience Temporary Spike in Disruptions
A concurrent spike in disruptions across Singapore's digital infrastructure — spanning telcos, banks, and messaging platforms — raised concerns about systemic interdependencies in the nation's online services and what simultaneous failures mean for digital resilience.
Read Article →
Mothership
Hacker Obtains OTP via Help Chat, Activates Circles.Life User's eSIM & Logs Into E-commerce Accounts
A social engineering attack on Circles.Life's customer service channel allowed a bad actor to take over a victim's eSIM and access her e-commerce accounts — without exploiting any technical vulnerability. Aaron explained why the incident exposed a fundamental process gap, not a technology one.
"This is more of a process issue than a vulnerability. OTPs should never be provided over chat — it simply defeats the purpose of having an OTP. The bar for verification must be higher than what a social engineer can talk their way past."
Read Article →
8world
Feature
From Obesity Diagnosis to Full Marathon: A Personal Journey
A personal feature by 8world on Aaron's journey from being overweight and clinically diagnosed with obesity, to lining up at the start of the Standard Chartered Singapore Marathon. A story of discipline, resilience, and the belief that transformation — personal or organisational — is always possible with the right mindset.
Read Feature →
Conferences & Speaking

On the Global Stage

Aaron is a sought-after voice at Asia's most prominent cybersecurity, AI, and digital policy forums — shaping conversations that matter at the highest levels of industry and government.

Data Centre Asia Hong Kong 2025 — Human Risk
July 2025 Featured Speaker
Data Centre Asia — Hong Kong (Inaugural Edition) · AsiaWorld-Expo
Human Risk in Data Centre Operations
Closing out the inaugural Data Centre Asia conference in Hong Kong, Aaron brought urgent attention to the most overlooked vulnerability in modern infrastructure: people. As data centres become smarter, more sustainable, and increasingly AI-driven, he examined how human behaviour — in design, operations, and governance — remains the critical risk layer that technology alone cannot solve.
Data Centre Asia Hong Kong 2025 — AI Trust Panel
July 2025 Panelist
Data Centre Asia — Hong Kong · AsiaWorld-Expo
Trust in AI, Risk, and Security
As AI systems grow more autonomous and embedded in critical infrastructure, Aaron joined a senior panel to examine the governance architectures, risk frameworks, and security protocols required to deploy AI responsibly in high-stakes data centre environments — and what trust must look like at scale.
CyberDSA 2025 Kuala Lumpur
Sep / Oct 2025 Speaker
CyberDSA 2025 · MITEC, Kuala Lumpur
AI Adversaries: Weaponising Generative AI
At one of Asia's premier cybersecurity and defence technology conferences — drawing over 8,000 professionals from 45 countries — Aaron explored how malicious actors are weaponising generative AI across the attack chain: from AI-driven phishing and deepfakes to automated red-teaming and adversarial machine learning. He challenged defenders to rethink their resilience playbooks entirely for the age of synthetic threats.
Cyber Security World Asia Singapore 2025
Oct 2025 Panel Moderator
Cyber Security World Asia 2025 · Marina Bay Sands, Singapore
Next-Generation Threat Hunting: Leveraging AI and Automation for Proactive Defence
Moderating a high-level panel at Singapore's premier cybersecurity gathering — part of Singapore Technology Week — Aaron guided expert dialogue on the future of proactive security: how organisations can move decisively beyond reactive postures, harnessing AI and automation to identify, anticipate, and neutralise threats before they escalate into incidents.
GovWare SICW Arctic Security 2025
Oct 2025 Panelist
GovWare / Singapore International Cyber Week × Arctic Security Ltd · Embassy of Finland, Singapore
Solving Emerging Cyber Problems Together
At an exclusive security networking reception co-hosted by His Excellency Juha Markkanen, Ambassador of Finland to Singapore, Aaron joined an elite gathering of international cybersecurity leaders at the Embassy of Finland. The session brought together practitioners and policymakers from across the globe to address the most pressing and complex emerging challenges in the cyber landscape — in the spirit of open, high-trust collaboration.
World AI Show Kuala Lumpur 2025
Oct 2025 Panelist
World AI Show Malaysia 2025 · DoubleTree by Hilton, Kuala Lumpur
Adaptive Defense: AI's Growing Impact on Cyber Resilience
Sharing the stage with senior AI and cybersecurity leaders from across Asia at one of the region's most prestigious AI conferences — supported by Malaysia's MDEC and CyberSecurity Malaysia — Aaron joined a powerful panel examining how adaptive, AI-driven defence frameworks are fundamentally reshaping the way organisations build and sustain cyber resilience against increasingly autonomous adversaries.
Smart Nation Expo Kuala Lumpur 2025
Nov 2025 Panel Speaker
Smart Nation Expo 2025 · MITEC, Kuala Lumpur
Strengthening Malaysia's Digital Backbone: Cyber Resilience, Infrastructure & Regional Collaboration
At Southeast Asia's premier digital transformation exhibition — drawing over 21,000 industry professionals and 600 exhibiting brands — Aaron participated in the Digital Economy Leaders' Discussion, addressing how nations can fortify their digital infrastructure, build cross-border cyber resilience, and collaborate regionally to protect a rapidly expanding digital economy valued at over £1 trillion by 2030.
AI for Asia Fellowship 2025
2025 Speaker
AI for Asia Fellowship · Siklab & National Youth Council Singapore
AI Risks & Opportunities: Navigating the Dual Edge
Invited to speak as part of the AI for Asia Fellowship — a programme cultivating the next generation of Asian AI leaders through Siklab and the National Youth Council of Singapore — Aaron delivered a nuanced exploration of AI's dual nature: its transformative potential to reshape economies and societies, alongside the emergent risks that demand clear-eyed governance, strategic foresight, and human-centred design.
ITE West FutureSmart 2026
2026 Speaker
ITE West — FutureSmart 2026
Navigating AI & Digital Safety with Confidence
At ITE West's FutureSmart conference, Aaron brought grounded, practical insight to an audience of students and educators navigating a world being rapidly reshaped by AI. His session addressed how young people can develop digital safety mindsets, build critical thinking around technology, and step into the future with confidence rather than anxiety — equipping the next generation to be informed, resilient digital citizens.
CybersecAsia Thailand International Cyber Week 2026
2026 Speaker
CybersecAsia × Thailand International Cyber Week 2026
Futureproofing Cybersecurity in the Age of Autonomous AI
At the convergence of CybersecAsia and Thailand's International Cyber Week, Aaron addressed the defining strategic challenge of our era: building cybersecurity architectures that can withstand the next wave of AI-enabled threats. He explored how defenders must evolve their posture, playbooks, and partnerships to stay ahead of adversaries already deploying autonomous AI offensively in the field.
Exclusive Networks Singapore Partner Appreciation Event 2026
2026 Featured Speaker
Exclusive Networks Singapore Partner Appreciation Event 2026
The Future of Cybersecurity: Quantum Security & AI/LLM Security
Invited to address one of Singapore's most influential cybersecurity distribution communities, Aaron examined the frontier threats that will define the coming decade. From the urgency of post-quantum cryptography and the security implications of large language models, to the convergence of AI with both offensive and defensive capabilities — the session delivered a clear-eyed look at what organisations must prepare for now, before these threats become mainstream.
Our Work

Selected
Engagements

All engagements are presented with client confidentiality in mind. Details are indicative of scope and nature of work.

001
AI Governance Framework for Regional Bank
Designed an end-to-end AI governance and deployment framework aligned with MAS Model Risk guidelines for an ASEAN commercial bank rolling out credit-scoring models.
Financial Services
002
Human Risk Assessment & Programme Design
Conducted a human risk assessment for a critical infrastructure operator, mapping behavioural vulnerabilities across staff, contractors, and leadership — and designing targeted mitigation programmes.
Critical Infrastructure
003
Cybersecurity Strategy & Digital Resilience
Advised a Southeast Asian organisation on transitioning to a Zero Trust security posture — covering architecture review, policy redesign, and staff capability uplift across multiple business units.
Enterprise
004
AI Deployment Risk & Red Team Advisory
Advised on the secure deployment of a proprietary LLM system, identifying prompt injection risks, data governance gaps, and human oversight failures prior to production launch.
Technology
005
Board & Executive Capability Programme
Designed and delivered a multi-session capability programme for a C-suite and board, covering AI strategy, cyber resilience, human risk, and responsible technology governance.
Leadership
Get In Touch

Begin the
Conversation.

Whether you're facing an immediate challenge or planning your long-term AI and security posture, we'd like to hear from you. Engagements typically begin with a complimentary 60-minute discovery call.

Based Singapore, with regional reach across APAC
Email hello@hesedemet.asia
Response Within 1 business day
Phone +65 6829 2146
Address #42-00, Suntec Tower Three
8 Temasek Blvd, Singapore 038988