Global standards and best practices (CREST)

Unique cyber security resource pool that combines security testing, consulting and solutions

Regional client base across different industries

You Change The World,
We Secure It.

Founded in 2008 by cyber-security veterans; FIRMUS is a trusted provider of cybersecurity solution and penetration testing services. We continue to deliver dependable cyber security engagements to hundreds of satisfied organisations. We are your long term cyber security partner.

Our Services


Uncover Hidden Security Risks and Understand the Impact of a Cyber Attack.


Understanding Your Organization’s Security Risk Exposure and Addressing Your Strategic Security Goals.

Managed Services

Leverage our expertise for cost-efficient comprehensive IT support and maintenance.

Operational Technology Security

In an Interconnected World Effective OT Security is Non-Negotiable.


Small Actions, Big Consequences, Humans are the Weakest Link in the Whole Equation.

Pentest Expert in Singapore

Get to the root of your cybersecurity concerns.

Maximize Security with a Hybrid Approach

At FIRMUS, we provide penetration testing services using a hybrid approach of automated and manual methods. Our security analysts will test firewalls, networks, devices, servers, web applications, and other points of exposure for vulnerabilities, and attempt to gain privileged access. As the leading penetration testing services provider in Singapore, FIRMUS also evaluates the ability of information assets to withstand attacks, and can demonstrate the effectiveness of IT security defenses.

The Type of Penetration Tests We Offer

FIRMUS offers network and application penetration tests to discover weaknesses and vulnerabilities in an organization’s network infrastructure and web/mobile-based applications. Tests involve firewall configuration and bypass testing, stateful analysis testing, DNS attacks, and advanced techniques to test modern web applications and next-generation technologies.

An elite team of penetration testing experts

FIRMUS is a team of pentesting experts who use a combination of manual and automated tools to ensure complete application coverage. All our security consultants and penetration testers hold recognized certifications in the cybersecurity and penetration testing industry.

Strengthen Your Cybersecurity with Our Pentest

Make sure your cybersecurity is in check with professional Penetration Testing and Vulnerability Assessment. Keep your networks secure with regular security reviews from FIRMUS and minimize the risk of a successful attack.

All you need to know about penetration testing

penetration test, also known as a “pen test” is a method for evaluating the effectiveness of an organization’s security controls. Testing is performed under controlled conditions, simulating scenarios representative of what a real attacker would attempt. When gaps are identified in security control, a penetration test goes beyond basic vulnerability scanning to determine how an attacker would escalate access to sensitive information assets, confidential information, personally identifiable information (PII), financial data, intellectual property, or any other sensitive information. Penetration testing utilizes pen test tools and techniques, guided by a disciplined and repeatable methodology, resulting in a report containing detailed findings and recommendations that allow an organization to implement countermeasures and improve the security posture of the environment. These improvements ultimately reduce the likelihood an attacker could gain access.

Goals of a penetration test vary greatly based on the scope of review. The goal to penetration testing is to test your technology assets for their security, their safeguards, and controls by trying to penetrate through any configured defences.

The length of the penetration testing engagement depends on the type of testing, the type and number of systems, and any engagement constraints. Typical engagements have an average testing time of 2 – 4 weeks.

Penetration testing should be performed on a regular basis (at least once a year) to ensure more consistent IT and network security management by revealing how newly discovered threats (0-days, 1-days) or emerging vulnerabilities might be exploited by malicious hackers.

Crest is a globally recognized accreditation and certification scheme for organizations and individuals who perform penetration testing with the highest legal, ethical and technical standards. Crest penetration testing is a type of cyber security testing that is used to evaluate the safety of a computer system or network. It is also known as ethical hacking. The main aim of this testing is to find vulnerabilities in the system so that they can be fixed before attackers can exploit them.

The Council of Registered Ethical Security Testers (CREST) is an international not-for-profit membership organization that represents and supports the professional information security testing industry. CREST provides assurance that its members meet internationally recognized standards for ethical practices and technical competence. To become a CREST member, organizations must meet rigorous requirements for ethical practices, technical competence and insurance cover. This provides clients with the assurance that they are working with a reputable and reliable security testing provider.

Cybersecurity Protection That You Can Trust

FIRMUS delivers dependable, high quality cyber-security engagements to hundreds of satisfied organisations, with a focus on customer satisfaction and security risk management.


Years Track Record

As a firm with experience in the field, we have built a track record that spans hundreds of clients in all sectors and industries.


Awards & Accolades

FIRMUS is an award winning company with a reputation for consistent innovation at the highest level of services.


At CTOS, we play a critical role in empowering business and individuals to make better financial decisions by providing access to crucial information with ease. Security is at our core, and safeguarding this critical information is our number one priority. Working with a leading cyber security partner like FIRMUS enables our continuous commitment to safeguard our data by making sure it is protected to the highest standards.

James Mitchell, Group Chief Technology Officer

While we are building the state of the art digital platform for our brands, we are glad to have FIRMUS as our partner in pro-actively addressing our cyber security needs; and for securing our digital ecosystem.

CK Chong, Group Chief Information Officer

In the hospitality industry, guests’ health and safety are utmost important. Beyond guests’ comfort and pleasure, stringent measures in safeguarding guests’ personal information must be exercised.

FIRMUS – a leading cyber security services and consulting company is trusted to keep hoteliers in good cyber security posture. Hotel operators can continuously innovate and reinvent guests’ experience; trusting FIRMUS to keep their businesses and guests secured.

Wolfgang Kiesel, General Manager

As a leading provider of independent credit ratings and other viral analytics services, we have over 30 years of delivering innovative solutions to companies. Given that our services demand for high compliance and stringent governance oversight, ensuring cyber security is top priority on our boardroom agenda.

Selecting FIRMUS as our cyber security partner allows us to focus on continuous innovation and deliver exceptional values to our clients. In this, we can be assured that we are operating in safe platforms and environments.

Chris WK Lee, Group Chief Executive Officer

In the healthcare practice, safeguarding patients’ records is as important as saving lives, if not more. In the connected health era, the increased use of electronic health records coupled with remote working has demanded for cyber defence to be a top priority for CIOs. Choosing the best fit cyber security partner like FIRMUS is key for the healthcare industry to prepare for the rapidly changing risk landscape. 

Beyond the know-hows and its holistic solutions, FIRMUS is all-rounded in strategies and consultancy – the best cyber security partner of choice

Rani Nathwani, PIKOM CIO Chapter Adviser & Former CIO of Prince Court Medical Centre

As a growing Global Business Services (GBS) provider, cyber defence is crucial. FIRMUS’ expertise in penetration tests helps accelerate our digital transformation journey by ensuring a safe environment for our infrastructure and networks. This not only helps us to drive operational excellence but also saves remediation costs and eliminates downtime by identifying and resolving vulnerabilities early.

Patrick Khoo, Chief Information Officer

As a leading technology and Business Process Outsourcing (BPO) company, Scicom is lauded by our clients for having a proven track record of delivering services on time with exceptional quality. Given the sensitive nature of the work we do for our customers we take a lot of care in securing our customers’ data and IT systems.

FIRMUS has provided their expertise to help us reduce our cyber risk exposure thus safeguarding our business and our clients.

Dato’ Sri Leo Ariyanayakam, Chief Executive Officer & Group Executive Director

As we transform towards a digital-driven society, it requires us to be more responsible in the way we work and handle data. As a leader in the insurance and takaful business, we are committed to protecting our customers’ personal data and will continue to invest in defence solutions for our systems. 

Zurich is proud to work with FIRMUS on cyber security – collaborating and innovating in a holistic approach to manage cyber risks. Together we will create a brighter and more secured digital future.

Raymond Wong, Chief Technology Officer | Operations & Technology

As more and more businesses embrace digital transformation, cyber security threats have become a growing concern. Strengthening cyber security to build a secure digital and virtual ecosystem is imperative. 

Choosing the best fit cyber security partner like FIRMUS helps businesses address all security risks as increasing volumes of sensitive data is processed and shared among partnering companies.

Chan Kok Long, Executive Director & Adjunct Professor

Digital transformations has kicked into a high gear amidst the COVID-19 pandemic. Cyber security is among our top considerations when it comes to digital transformation. Investments in transformative technologies can be meaningless if they can’t protect the business, customers or other vital assets. 

Partnering with FIRMUS, we adopt a proactive approach in keeping our systems and business environments secured from cyber threats and risks. With FIRMUS, we create a safe harbour in managing cyber risks so we can focus on reinventing skylines and transforming homebuyers’ experiences.

Alex Chi, Group Head ICT & Digital Transformation

Cyber security, like any business activity relies on team effort. It takes the cooperation of every digital citizen to minimize infiltration, data loss, spread of malware and other cyber threats. To build cyber resilience, the capacity of each component of the cyber ecosystem must be enhanced.

Adopting an all-of-society approach promotes effective public, public-private and civil society partnerships towards the sustainable development goals. Public and private sectors, in choosing the best positioned cyber security partner like FIRMUS – with integrated expertise will contribute towards building resilience to cyber threats.

Dato’ Ts. Dr. Haji Amirudin Abdul Wahab, Chief Executive Officer

In response to the COVID-19 pandemic, SMEs are urged to accelerate digitalisation to thrive. Given the rapid digital change with increased cyber threats, the need for cyber defence is no longer an option. FIRMUS – a leading, award-winning regional cyber security consulting company is best positioned to help SMEs craft their defence strategies.

Datuk Michael Kang, National President

PIKOM is proud to be working closely with FIRMUS all these years. FIRMUS is an active member of PIKOM and plays a key role in raising the awareness and advocating a safer cyberspace for the growth of the digital economy in the country.

Ong Kian Yew, Chief Executive Officer

Digital banking’s advent carries with it novel security risks and demands proactive cyber defence. FIRMUS is the leading cyber security partner, protecting businesses and their customers from cyber threats. They are the preferred choice to shield businesses completely from unwanted threats.

Steven Wong Weng Leong, C-Suite Executive

We are always passionate about our customers’ satisfaction as it creates customer loyalty – a loyal customer is the best business strategy. Our shift towards digital channels is part of the effort to build better customer experience which in turn has increased the demand for highly integrated and secure platforms. The move towards a more digitalised operating environment opens up the company to new cyber risks and attacks.

Selecting FIRMUS as our cyber security partner of choice helps us effectively achieve our desired business outcomes with peace of mind that we are providing a secured operating environment for our customers, at all times.

Noor Muzir bin Mohamed Kassim, Chief Executive Officer

Fortinet channel ecosystem is an integral part of the brand to accelerate Fortinet’s go-to-market in delivering our technologies and solutions to safeguard the digital nation. In partnership with FIRMUS, we join hands to help businesses tackle the most complex cyber risks with our combined capabilities. Businesses can focus on continuous digital transformation and be rest assured their vital assets are secured.

Dickson Woo, Country Manager

Latest News

FIRMUS at GovWare 2023

October 20th, 2023|Events|

GovWare is renowned for its comprehensive range of programmes, and this year is no exception. Once again, we get to see over 10,000 global cybersecurity practitioners, policymakers, and organisational leaders converge to spark essential conversations and collaborations . We are honored to be part of this monumental event that will aid in shaping our digital future. 

Appdome Launches Cyber Community Program with Pen Testers Around the World

August 10th, 2023|News|

Appdome, the one-stop shop for mobile app defense, today announced the launch of its new Mobile App Defense Project, a community program aimed at improving mobile DevSecOps through collaboration with more than 50 renowned mobile app penetration testers around the world. This initiative aims to foster a more secure mobile app economy, raise the bar on mobile app defense and provide rapid, validated, continuous cyber and anti-fraud solutions for all mobile applications globally.

Talk To Us

Penetration testing, cyber security strategy, proof-of-value, or just some information? Our domain experts provide bespoke cyber security offerings to solve your digital transformation challenges.

Go to Top