top of page

Cloud Security
How secure is your cloud data?

Our Services & Solutions


Cloud Security

Cloud Security Assessment

Assessment of cloud workloads against Cloud Security Alliance, CIS and ISO practices to create strategic action plans and actionable recommendations.

loss (1).png
Cloud Security Risk

Assessment Inventorizing cloud assets, identifying key vulnerabilities and building risk scenarions to deliver a risk register with treatment plans. Additionally, Risk assessment methodology development, implementation and training.

Cybersecurity Incidence Response Plan (CIRT)

Developing, implementing and exercising Cybersecurity Incident Response Plan - a risk mitigation measure to deal with impact of cybersecurity and data breach incidents. 

Cloud Security Alliance’s Cloud Control Matrix

Implementing, certifying and self-assessment for Cloud Control Matrix 

Singapore's SS584 
Multi-Tiered Cloud Computing Security

Implementing, certifying and self-assessment for Singapore SS584

Cloud security

Information Security

Information Security Management System

Implementing ISO 27000 as the gold standard of Information Security Management Systems in order to get certified successfully. 

 Policies and Procedures Advisory

Assist organizations make sense of  overlapping standards - ISO 27001/27002/27701/20000-1, NIST, CSA's CCM, SS584 - to select best-fit depending on organizational situation and maturity.

Additionally, developing and implementing tailored IT and IT Security Policies and Procedures

IT Security Training

We conduct frequent in-house cybersecurity training for organizations to keep their users abreast with constantly evolving threats.

  • Based on International Standards such as CREST, OWASP, SANS etc

  • Leverage use of world’s largest security awareness training and simulated phishing platform to track user performance and trends over time

  • Periodic phishing simulations to validate user awareness, benchmark against industry peers and identify improvement plans

  • Trainings are customised to align with organisation's existing IT Security/Cybersecurity Frameworks.

Information security

Vulnerability Assessment and Penetration Testing

Vulnerability Assessment

​Assessment of on-premise and cloud deployed hosts, databases, and web applications for potential vulnerabilities.

Typically covers:

  • Weaknesses in patching and configuration management

  • Configuration and patch management plans and procedures

  • Security weaknesses and aggregate level of risk

  • Test compliance for audits and regulations, including MAS TRM, PCI-DSS, ISO 27001 etc.

Penetration Testing

Tailormade penetration testing to identify threats to mobile applications (Android and iOS), web applications and network infrastructure.


Throughout the engagement, we provide ongoing insights, immediate notification of critical vulnerabilities, and knowledge transfer to development teams to mitigate identified vulnerabilities along with a management focused report providing complete understanding of exploitable vulnerabilities and recommended remediations.

Static Application Security Testing 

Source Code Review Source code reviews of mobile and web applications.


Typically involves:

  • One time code audit engagement

  • Managed service to review source code periodically to align with major releases

  • Customized report to identify weak areas & recommendations to mitigate vulnerabilities.

  • Industry leading Static Application Security Testing tools are leveraged to minimize presence of vulnerabilities.


Resiliency and Business Continuity

Business Continuity Management System

Assist in achieving resiliency by implementing, maintaining and getting certified for Business Continuity Management System based on ISO 22301.


Typically covers:
1. Gap Assessment
2. Implementation
3. Training
4. Internal Audit
5. Support during Certification Audit along with migration from ISO 22301:2012 to ISO 22301:2019, annual certification maintenance and conducting internal audits.

Monetary Authority of Singapore's (MAS) Business Continuity

Guidelines Implementing and maintaining a practical and fit for purpose Business Continuity Management Framework based on Monetary Authority of Singapore (MAS's) BCM guidelines covering all 7 principles for the  uniquely stringent needs of financial services industry.

Exercises and Trainings

We conduct frequent in-house Resiliency and Business Continuity trainings for organizations customized for their existing BCM framework. The focus is on current and relevant threats to test and validate plans and preparedness.


Data Privacy

Privacy Information Management System

Implementing, maintaining and getting certified on Personal Data Protection Management System based on ISO 27701. 

loss (1).png
Singapore Personal Data Protection Act (PDPA)

Implementing and maintaining Personal Data Protection Act (PDPA) obligations within the organization.


Typically covers:

  • Identifying risks and gaps using PDPA Assessment Tool for Organizations (PATO) 

  • Document data assets and flows using a Data Inventory Map

  • Data Protection (DP) Policy

  • Action plan for data breach response 

  • Training, monitoring and audit

Singapore Data Protection Trustmark (DPTM)

Implementing and getting certified on Data Protection Trustmark (DPTM).

Typically covers:

  • Gap Assessment

  • Policies and procedures

  • Implementing controls

  • Training, monitoring and audit

  • Support during Certification

Data Privacy
PCI-DSS Compliance

PCI-DSS Compliance

Assist organizations in complying with PCI-DSS (12 requirements comprising 300 controls).

  • Scoping and Segmentation

  • Gap Assessment

  • Policies and procedures

  • Implementing controls

  • Assessment

  • Training, monitoring and maintaining certification


SaaS Spend and Security Risk Assessment

Assessment of SaaS deployment and configuration, conducting audit for cybersecurity risks and leveraging proven solutions to reduce spend and maximize Return on Investment:

  • Analyze licenses spend vs usage

  • Identify users and account at risk

  • Identify high exposure processes

  • Compare Baseline vs Changes over time

  • Reclaim licenses and eliminate risks


Freshworks Implementation and Support Services

End-to-end Freshworks implementation and maintenance services.

  • Assessment, re-engineering and streamlining Helpdesk and Service Processes.

  • Implementing FreshDesk/FreshService tailored for the organization's specific situation.

  • Support for existing deployments.

  • Optimization of current deployment to maximize return on investment.

  • Training.

About Us

About Us


Our Approach

As a consulting firm who are vendor, platform and product agnostic, our aim is to be able to effectively engage with organizations and counsel them on industry insights, advice, guidance and services in a way that is most appropriate for the organization's situation. We strive to ensure that our proposed solutions are aligned with clients’ strategy, business objectives, wider IT architecture and business environment.

Our leaders and seasoned resources are intensively engaged, and lead all engagements with decades of experience in understanding and managing client requirements and expectations. In a typical client engagement, our team will represent at least 40+ years of consulting experience.


Our Work

Having work extensively with fortune listed, mid-sized, start-ups and government organizations across various industry segments throughout Asia, Europe and North America, we have a proven track record of delivering projects successfully while adhering to timelines and costs. Our services are also availed on an ongoing basis by some of the largest technology behemoths, established Small and Medium Enterprises, Government  bodies and cybersecurity conscious new-age upcoming start-ups as a testament to the quality of our deliverables.

A global Information Technology major
An investment firm
Start-up with user count approaching 100 million
A renewed global university
Government-linked research entity
Communications gateway and carrier services provider
A global biologics firm
Law enforcement and Government security services provider

Our Partners

We work in concert with the world's leading SaaS Solution Providers as our partners in the areas of Cybersecurity, Customer Relationship Management, Resiliency and Risk Management Data Privacy.

We are also in longstanding partnerships with global certification bodies in Singapore to guide and train industry leaders and stakeholders.


Our Story

Nestor is a management consulting firm originally envisioned in Singapore with the aim of providing highest quality professional services in the areas of Cybersecurity and Risk Management backed by Subject Matter Experts to assist businesses in protecting their online presence, data, reputation and customer trust.

Vineet Photo.jpg
Vineet Sinha


Vineet has over 28+ years of Consulting experience. He has spent more than 18 years leading a Big 4 consulting team in Singapore and Asia Pacific. He has personally led over 200+ engagements. He has served government, financial services/fintech, telecom and manufacturing industries. He has extensive experience in cybersecurity, IT risk management, business continuity, data protection, regulatory compliance and SaaS solution implementation.

  • LinkedIn
Vijay Photo.jpg
Vijay Gour


Vijay has 16+ years of consulting experience. He has more than 4 years with a Big 4 consulting firm in Singapore and South East Asia. He has served numerous public and private sector clients across Southeast Asia. He has extensive experience in Cybersecurity, PMO, Risk Management, Business Continuity Management and SaaS Solution Implementation.

  • LinkedIn
Our Approach
Our Work
Our Partners
Our Story

Contact Us

Request a Quote
Become a Partner

We are always on the lookout for partners providing groundbreaking and radical products which can assist our customers in their needs. If you are similarly passionate about assisting organizations  achieve improvements and are keen to partner with us for providing this service then click here


No opening currently

Contact Us
bottom of page