Penetration testing is also known as a pen test or ethical hacking. As cyber crimes have escalated, businesses worldwide are turning to cyber security companies that provide this authorised simulated cyberattack on a computer system to evaluate the security of their companies’ systems. In this issue, Top 10 of Malaysia shares with you its Top 10’s pick’s list of Crest-approved cyber security companies in Malaysia (presented in random order) that provide penetration testing and other first-rate cyber security related services to their clients.  

Albert Chai, Managing Director of Cisco Malaysia
Albert Chai, Managing Director of Cisco Malaysia


Led by Albert Chai, Cisco Malaysia has over 25 years of history in Malaysia, inspiring organisations with innovation and solutions that are prepared for a global and inclusive future. As a worldwide technology leader that continues to build on the power of the Internet, Cisco has hundreds of dedicated security engineers and researchers throughout the company and around the globe, who use the latest and greatest tools and techniques to conduct penetration testing on products, services, and networks – including its own – in order to closely identify weaknesses to develop better protection against cyberattacks. In doing so, Cisco has resolved countless bugs and vulnerabilities and continue to improve the security of our products with what it has learned.

CF Fong, CEO of LGMS
CF Fong, CEO of LGMS


LGMS is one of the leading cyber security experts in Asia and trusted by multinational corporations around the world. Led by CF Fong, it is a cyber security consulting company that focuses on delivering specialised cyber security assessments, penetration testing, consultation, and advisory services. Headed by Fong Choong Fook, LGMS was established in 2005, and has since built a reputation for integrity, value, and best practices by providing world-class professional services to local, regional, and international clients across various industries and backgrounds. LGMS remains uniquely neutral as an agnostic, professional cyber security services provider. LGMS does not believe in selling conflicting auxiliary services, software, or hardware that could potentially compromise client’s interest which contradict its core beliefs, as it strives to avoid any indiscriminating services that could potentially compromise client’s interests.


The history of KPMG in Malaysia can be traced back to 1928, and the firm has grown to be a part of KPMG’s global organisation of independent professional services firms operating in 147 countries, collectively employing more than 219,000 people. With a nationwide team comprising over 2,200 staff across 8 offices, it works shoulder-to-shoulder with its clients to integrate innovative approaches and deep expertise to deliver real results. KPMG’s Emerging Tech Risk & Cyber team helps leading organisations effectively manage and protect their most valuable data across a broad spectrum of evolving threats and scenarios. It also provides penetration testing. KPMG views cyber security not as a one-time project, but rather an adaptive strategy aligned to clients’ business goals and focuses on delivering long-term value for their businesses. In this respect, KPMG can provide the following services: Unified Compliance, IT GRC, Information Security Strategy and Governance, Information Security Assessment, BCM, and Information Security Technology.


Deloitte is a leading global provider of audit and assurance, consulting, financial advisory, risk advisory, tax and legal and related services. With more than 150 years of hard work and commitment to making a real difference, its organisation has grown in scale and diversity with approximately 312,000 people in 150 countries and territories. Its organisation serves four out of five Fortune Global 500® companies. Deloitte’s leading Cyber Risk Services team helps organisations address pressing and pervasive strategic information and technology risks, such as cyber security, data leakage, identity and access management, penetration testing, data security breaches, operational resilience and system outages, privacy and application integrity. The company provides industry-tailored solutions, using demonstrated methodologies and tools in a consistent manner, with the goal of enabling on-going, secure and reliable operations across the enterprise.

Samu Konttinen, CEO of F-Secure

F-Secure Consulting

Led by Samu Konttinen, F-Secure Consulting provides penetration testing and services that close the gap between detection and response, utilise the unmatched threat intelligence of hundreds of its industry’s best technical consultants, millions of devices running its award-winning software, and ceaseless innovations in artificial intelligence. Top banks, airlines, and enterprises trust F-Secure’s commitment to beating the world’s most potent threats. Together with the company’s network of the top channel partners and over 200 service providers, it is on a mission to make sure everyone has the enterprise-grade cyber security everyone needs.

PricewaterhouseCoopers (PwC)

PwC’s purpose is to build trust in society and solve important problems. It is PwC’s focus which forms the services it provides and the decisions made. Every day more than 276,000 PwC employees in 153 countries are committed to delivering quality in assurance, advisory and tax services, while working hard to build strong relationships with others and understand the issues and aspirations that drive them.

In Malaysia, PwC employs more than 3,000 employees in seven locations such as Kuala Lumpur, Penang, Ipoh, Melaka, Johor Bahru, Labuan and Kuching who are dedicated to solving the complex problems businesses are facing in today’s changing market place.


Aon is a leading global professional services firm providing a broad range of risk, retirement and health solutions. Its 50,000 colleagues in 120 countries empower results for clients by using proprietary data and analytics to deliver insights that reduce volatility and improve performance. In an increasingly volatile world, the ability to use data to enable better decision-making has never been more important. Aon develops insights that are driven by proprietary data, technology and advisory services such as penetration testing that helps its clients reduce volatility and improve performance in their businesses.

BSI Group

As a global leader in helping organisations improve, BSI Group’s clients range from high profile brands to small, local companies in 193 countries worldwide. Its solutions and services improve performance and support the United Nations Sustainable Development Goals. Its mission is to share knowledge, innovation and best practices to help people and organisations make excellence a habit. This is underpinned by its role as the national standards body and through its prestigious Royal Charter. BSI has invested heavily in Information Resilience, boosting its global expertise and it now has a full range of solutions to support its clients to manage cybersecurity threats. It provides services from best practice frameworks such as ISO/IEC 27001 and cyber essentials, through to penetration testing, incident response and certified training courses.


Established in 2008 by Alan See, Firmus is one of the industry leaders in cyber security services and solutions. It is CREST-accredited for the provision of penetration testing services and is also a MSC-Status company. Firmus’ mission is to build a secured business environment for its clients. Through Firmus’ integrated team of domain experts in assessment, assurance, operational technology and solutions; it helps its clients to capitalise on new opportunities, assess and manage their cyber threats and risks in order to achieve their business growth.

Nexagate Sdn Bhd

Nexagate Sdn Bhd is one of Malaysia’s and Asia’s leading cybersecurity consulting and services provider. Led by Khairil Effendy Dato’ Ahmad Dhman HuriIt, the company has provided trusted security solutions to over 250 clients across Asia since 2010 with more than 300 projects completed. Nexagate provides penetration testing and aims to assist organisations to improve their security processes, achieve compliance and protect their data with its range of cloud-based managed security solutions and its patent-pending NSI Unified Security platform.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.