Hello! I am Wai Tuck, a third year PhD student at the School of Computing and Information Systems at Singapore Management University in the System Analysis and Verification (SAV) Group. My interests are wide, but primarily lies in game theory, mechanism design, machine learning and their intersection with cybersecurity. I am lucky to be co-advised by Arunesh Sinha and Sun Jun, who are experts in this area.
I graduated with top honours with a Bachelor of Science in Information Systems (2nd major in Applied Statistics) from Singapore Management University. My undergraduate research was the research and implementation of a tool to analyze syntactic dependencies of software to measure change effort required for a proposed change in a given codebase. I performed empirical analysis to see if the heuristic holds for several large open source Java programs. The tool was later adapted to teach students design patterns in software engineering. My advisor, Kevin Steppe encouraged me to take it up and guided me through every step of the reserach process, and I am grateful for the introduction to research at such an early stage in my academic career.
I later took a Master of Science in Information Security from the Information Networking Institute at Carnegie Mellon University as part of the SMU-CMU Fast-Track program. My graduate research at CMU looked at studying and using dynamic taint analysis to find bugs in node.js, in particular to find code injection vulnerabilities in packages in the NPM ecosystem. I was advised by Limin Jia, and had the guidance and help from a PhD student, Darion Cassel, that made the research project a success.
In my free time, I play CTFs. I currently play with CTF.SG, a team I co-founded with a couple of amazing friends. We won our first DEFCON Black Badge in 2018 at the Red Alert ICS CTF in DEFCON 26. I previously played with the Plaid Parliament of Pwning back in Carnegie Mellon University.
I also do martial arts, and am an avid fan of Bruce Lee, hence the title of the blog :)
I hold a number of professional certificates that I did for fun, some were graciously sponsored by the SG:D Scholarship. They are listed below:
- Offensive Security Certified Professional (OSCP) (completed Summer 2016)
- Offensive Security Certified Expert (OSCE) (completed Spring 2018)
- Offensive Security Web Expert (OSWE) (completed Summer 2019)
- Offensive Security Wireless Professional (OSWP) (completed Summer 2019)
- Splunk Core Certified User (completed Summer 2019)
- Deep Learning Specialization (completed Summer 2021)
You may find a copy of my CV here. You may also contact me at
As always, hack on!