Elaine Hung is a vice president in the Cyber Risk practice, based in the Hong Kong office. She has over nine years of experience in security and risk assessment. Her key areas of expertise include digital forensics and incident response, machine learning in cyber security, web and mobile penetration tests, red team exercises, and supervisory control and data acquisition (SCADA) security assessments.

Prior to joining Kroll, Elaine was Security Operation Center lead at Natixis, a global investment bank. She was the lead incident responder and assisted the bank throughout the entire incident lifecycle, from containment to eradication and remediation. She led the team conducting forensic acquisition and analysis, malware analysis and provided the IT teams with practical remediation plans. She also built worldwide machine learning detection capabilities by optimizing the application of endpoint detection and response, user and entity behavior analytics, etc.. to the bank’s environment. During this time, she was elected as one of the speakers for BSides Singapore 2020 to educate the audience on how to build their machine learning model for detection monitoring.

Elaine was the technical lead at KPMG from 2013 to 2018, where she led and performed a wide range of technical cyber security services, such as digital forensics and incident response, compromise assessment, malware reverse engineering, red and purple team attack simulations and SCADA security assessments. She has assisted organizations across diverse sectors, including leading banks, oil and gas companies and Fortune 500 conglomerates. She played a pivotal role in establishing KPMG China’s Incident Response practice.

Elaine began her career with DBS Bank as a security engineer. She has extensive expertise in managing network security devices, penetration tests and security information and event management (SIEM).

She holds a BBA in economics and information systems from The Hong Kong University of Science and Technology. She is a Certified Information System Auditor (CISA), a Certified Information Systems Security Professional (CISSP) and a Checkpoint Certified Security Administrator (CCSA). Additionally, Elaine holds the following GIAC certifications: Certified Penetration Tester (GPEN), Exploit Researcher and Advanced Penetration Tester (GXPN), Certified Forensic Analyst (GCFA) and Certified Forensic Examiner (GCFE). Elaine is also an Offensive Security Certified Professional (OSCP) and Splunk Core Certified User. She also holds the AWS Certified Security certification and QualysGuard Certified Specialist – Vulnerability Management certification. Elaine is fluent in English, Mandarin and Cantonese.

Hung /en/our-team/elaine-hung /-/media/kroll/images/headshots/vice-presidents/elaine-hung.jpg people {E39587AD-8F0B-4FE2-865F-969BC5501096} {44969BA1-47AB-4BE6-BC0C-6EE0232385DF} {7A48DD95-1A63-4784-842F-A2BE81EAFE13} {7EC13A8A-F86F-4AEB-8B10-1EE5D7371F2D} {2F9D4938-E5F0-4F9C-9A20-C4A5DCF79130} {A3E80394-4BDC-4E1D-8266-0653FE885E69} {34183564-0FD0-4B23-83DD-F39E7A73B28B} {0D8F5BE3-DF68-470D-ADFF-536F0505BF20} {6B18A490-2227-426A-A1D0-3836822E90EB}

Other Areas We Can Help

Cyber Risk

Cyber Risk

Global, end-to-end cyber risk solutions.

Cyber Risk
Kroll Nominated in Two Categories at the Advisen Cyber Risk Awards

Computer Forensics

Expert computer forensic assistance at any stage of a digital investigation or litigation.

Computer Forensics
Kroll Responder

Kroll Responder

Mature your cyber security with unparalleled visibility and constant protection.

Kroll Responder
Cyber Risk Retainers

Cyber Risk Retainers

Secure a true cyber risk retainer with elite digital forensics and incident response capabilities.

Cyber Risk Retainers
Has COVID-19 Impacted Your Ability to Preserve Evidence for Future Litigation?

Ransomware Preparedness Assessment

Helps your organization avoid ransomware attacks by examining 14 crucial security areas and attack vectors.

Ransomware Preparedness Assessment
Cyber Risk: The New Due Diligence Frontier, Identity Monitoring

Data Breach Notification Letters

Notification letters personalized by industry including healthcare, financial, legal and others.

Data Breach Notification Letters
System Assessments and Testing

System Assessments and Testing

Solutions to identify, evaluate and prioritize risks to people, data, operations and technology.

System Assessments and Testing

Insights

News