CrossWise InfoTech Limited

Author: Sender Su

  • CrossWise Founder Joins Cybersecurity Technology Symposium 2025: Spotlight on Critical Infrastructure Protection and Executive Leadership in Cyber Governance

    CrossWise Founder Joins Cybersecurity Technology Symposium 2025: Spotlight on Critical Infrastructure Protection and Executive Leadership in Cyber Governance

    On January 20, 2026, Sender Su, Founder of CrossWise InfoTech Limited (“CrossWise”), participated in the Cybersecurity Symposium 2025, organized by the Digital Policy Office of the Hong Kong Special Administrative Region Government.

    This third edition of the symposium demonstrated significantly enhanced professionalism and depth compared to previous years. The featured presentations and panel discussions covered numerous cutting-edge cybersecurity terminologies and the latest industry developments, substantially increasing the event’s value for attendees. Further details about the symposium can be found at:

    https://www.cybersechub.hk/tc/eventDetail/cybersecurity-symposium-2025

    The primary focus of this year’s symposium was undoubtedly the implementation of Hong Kong’s Protection of Critical Infrastructures (Computer Systems) Ordinance. To facilitate its smooth enforcement, the Office of the Commissioner of Critical Infrastructure (Computer-system Security) (OCCICS) has specifically drafted a Code of Practice for reference and compliance by relevant stakeholders. The Code is available at:

    https://www.occics.gov.hk/tc/industry/code-of-practice/index.html

    The sessions addressed current cybersecurity hot topics, including countering nation-state hackers in supply chain attacks, the critical role of executive leadership in cybersecurity practices, effective threat intelligence gathering, the use of artificial intelligence (AI) by both attackers and defenders, the tactics and activity trends of ransomware groups, post-quantum cryptography applications, IoT security, personal data privacy protection, and digital asset safeguarding.

    Mr. Su is well-versed in all these areas. In particular, supply chain security, IoT security, and personal data privacy protection align precisely with the key objectives CrossWise successfully achieved for its clients throughout 2025. The company delivered an integrated suite of services—including penetration testing, risk assessments, source code audits, security remediation, and even business logic re-engineering—to comprehensively address these challenges.

    However, the topic that resonated most deeply with Mr. Su was the role of senior leadership in cybersecurity practice. This is indeed a familiar refrain: as far back as two decades ago, during discussions on enterprise informatization, executive buy-in was already recognized as pivotal. Today, as the focus shifts to cybersecurity, it simply reflects a formerly peripheral aspect of enterprise IT governance moving center stage. Fundamentally, the core challenge remains unchanged across time: it always comes down to people.

    It always comes down to people.

    Leveraging its extensive hands-on experience, CrossWise possesses a deep understanding of the perspectives and competing interests of personnel across different organizational levels and roles. This enables the company to design practical, actionable project solutions that effectively help clients integrate cybersecurity initiatives with software engineering projects, thereby mitigating risks at their source.

  • A Glimpse into the 2025 Hong Kong Cybersecurity Summit

    A Glimpse into the 2025 Hong Kong Cybersecurity Summit

    This year’s Hong Kong Cybersecurity Summit was postponed to November due to a typhoon. Coincidentally, Sender Su, Founder of Langji Tech, had just wrapped up a major phase of work and was able to attend this industry gathering.

    The summit’s theme—“Future-Proofing Digital Infrastructure: Harnessing AI for Enhanced Security and Resilience”—reflected the growing centrality of artificial intelligence in cybersecurity. While last year’s event featured distinguished academicians as keynote speakers, this year’s program placed even greater emphasis on practical AI applications. With AI now deeply embedded in both offensive and defensive cyber operations, discussions naturally revolved around its evolving role and implications.

    Speakers explored how AI is being deployed in cyber offense and defense, as well as the security measures needed to protect AI systems themselves—particularly large language models (LLMs). Data security surrounding LLMs emerged as a recurring focal point, aligning closely with Langji Tech’s forward-looking strategy. In fact, our team began strengthening cybersecurity frameworks for enterprise LLM adoption well before these concerns gained mainstream attention.

    Beyond AI, the summit also addressed significant shifts across the broader security landscape—from infrastructure design to regulatory compliance.

    Globally, for instance, SSL/TLS certificate lifespans are being progressively shortened. According to the CA/Browser Forum’s approved roadmap, starting March 15, 2029, all newly issued SSL/TLS certificates will have a maximum validity period of 47 days. While this enhances overall security, it introduces new operational risks—most notably, a higher likelihood of accidental certificate expiration due to more frequent renewal cycles. Meanwhile, the integration of post-quantum cryptographic algorithms into digital certificates is also gaining momentum, with gradual adoption expected in the coming years.

    On the local front, Hong Kong’s first Cybersecurity Law—the “Security of Critical Infrastructure (Computer Systems) Ordinance”—will take effect on January 1, 2026. This legislation will impose clear compliance obligations on responsible personnel within critical sectors. Compounding the pressure, threat actors are increasingly leveraging AI to conduct sophisticated intrusion, data theft, and ransomware campaigns. As in last year’s summit, many attendees were seen snapping photos of presentation slides during threat landscape briefings—a telling sign of the mounting anxiety in the room.

    Full text of the ordinance (in English):
    https://www.legco.gov.hk/yr2025/english/ord/2025ord004-e.pdf

    Among exhibitors, one mainland-based headline sponsor stood out for its strong localization efforts—particularly in building a capable local team well-integrated into the Hong Kong market.

    As a final note—and a uniquely Hong Kong touch—the summit doubled as a civic engagement platform ahead of the upcoming Legislative Council elections. Campaign flyers were distributed throughout the venue, and nearly every government-affiliated speaker concluded their talk with an earnest call for attendees to vote. CrossWise InfoTech joins in this spirit of civic participation and encourages everyone to cast your ballot on December 7!

    References:
    CA/Browser Forum 官網:
    https://cabforum.org/

    Ballot SC081v3:Introduce Schedule of Reducing Validity and Data Reuse Periods
    https://cabforum.org/2025/04/11/ballot-sc081v3-introduce-schedule-of-reducing-validity-and-data-reuse-periods/

  • Know Yourself and Know Your Enemy: Enterprises Need Cybersecurity Audits to Combat Online Fraud

    Know Yourself and Know Your Enemy: Enterprises Need Cybersecurity Audits to Combat Online Fraud

    The founder of CrossWise InfoTech Limited as full member of HKCS, recently attended an online seminar titled “Let’s Secure as we Digitalise”, jointly organised by the HKDPO, co-organised by the CSTCB/HKPF, supported by the HKCS. During the event, professionals from each participating organisation shared real-life cyberfraud cases and practical countermeasures from their respective areas of expertise.

    Cyberfraud has been a persistent issue in Hong Kong in recent years, with victims losing increasingly large sums of money — a trend that many readers are likely already aware of. The reason this seminar was named “Let’s Secure as we Digitalise” is that frequent fraud incidents can significantly affect businesses, especially small and medium-sized enterprises (SMEs), that are planning or undergoing digital transformation. These scams may even hinder the government’s broader efforts to promote digitalisation across society.

    However, a seminar is just the beginning. For enterprises that are considering or have already embarked on the path of digital transformation, taking the first step towards cyber fraud prevention is crucial. In reality, however, many business owners struggle to identify exactly what that first step should be.

    From the perspective of CrossWise InfoTech’s founder, the answer lies in the ancient wisdom of Sun Tzu’s “Art of War“: “Know yourself and know your enemy, and you will never be in peril.

    Since we are already aware of the various fraud tactics used online, it makes sense to evaluate whether our own defences are strong enough.

    Therefore, the right first step is to conduct a cybersecurity audit — a comprehensive assessment of an enterprise’s cyber defence capabilities based on industry standards. Through such an audit, companies can identify the risks they face in daily operations, with particular focus on areas most vulnerable to cyberfraud or other cyber threats. Based on the audit findings, and taking into account the company’s risk tolerance and financial resources, appropriate cybersecurity management measures can be designed and implemented, along with necessary technical safeguards.

    CrossWise InfoTech Limited offers customised cybersecurity audit services tailored specifically for SMEs and organisations across different sectors. Leveraging the founder’s extensive experience in enterprise IT governance and threat response, we provide actionable and effective recommendations to help clients strengthen their cyber resilience.

    At its core, cybersecurity is a battlefield of attack and defence. Thus, age-old military wisdom like that found in Sun Tzu’s “Art of War” remains highly relevant today. Both cybersecurity professionals and business leaders would benefit from reflecting deeply on these timeless strategies.

    • HKDPO: Hong Kong Digital Policy Office
    • CSTCB/HKPF: Cyber Security and Technology Crime Bureau (CSTCB) of Hong Kong Police Force (HKPF)
    • HKCERT: Hong Kong Computer Emergency Response Team Coordination Centre by HKPC
    • HKCS: Hong Kong Computer Society

    Photo of this article is shot by CrossWise InfoTech Limited.

  • Founder of CROSSWISE INFOTECH LIMITED Participates in the “Future Visions: AI in Governance and HR – Overcoming Challenges and Unlocking Opportunities” Seminar as a Professional Member of HKCS

    Founder of CROSSWISE INFOTECH LIMITED Participates in the “Future Visions: AI in Governance and HR – Overcoming Challenges and Unlocking Opportunities” Seminar as a Professional Member of HKCS

    On May 16, 2025, Sender Su, founder of CROSSWISE INFOTECH LIMITED, participated in the seminar titled *“Future Visions: AI in Governance and HR – Overcoming Challenges and Unlocking Opportunities”*, jointly organized by the Hong Kong Computer Society (HKCS) and the Hong Kong Institute of Human Resource Management (HKIHRM), in his capacity as a professional member of HKCS.

    article banner

    The two-hour session was fast-paced, focused, and packed with insightful content. Speakers from different organizations shared their experiences of adopting AI in corporate governance and human resources management. They discussed the challenges encountered during implementation, explored both proactive and reactive solutions, and answered several thought-provoking questions from the audience.

    At the heart of these discussions was a common issue: how to deal with the negative impacts that may arise during the adoption of new technologies.

    Drawing from over two decades of experience in the IT industry and as a senior executive leading technology projects, Sender believes that whenever a new technology is introduced into a non-IT company — from initial awareness, evaluation, and adoption to eventual value creation — it often faces skepticism or even criticism from people at all levels of the organization.

    The key to handling such resistance lies in building and maintaining a culture of responsibility.

    Whether applying AI at the strategic level of corporate governance or in specific functions like HR management, the ultimate goal remains the same — to empower sustainable business growth and enable both employees and the company to grow together.

    However, unlike previous technological advancements, AI based on large language models demonstrates an unprecedented level of “human-like” capability. It not only mimics human language but, in some cases, can be difficult to distinguish from real people. This feature brings great potential for efficiency gains, but also introduces new management challenges.

    On the positive side, effectively integrating AI into business operations can significantly improve the efficiency of management processes, enhance decision quality, and accelerate execution. On the flip side, without proper guidance and oversight, employees across all levels may become overly reliant on AI, leading to complacency and a decline in critical thinking — ultimately weakening individual accountability.

    But in business, accountability always rests with people, not machines. AI cannot be held responsible, nor can it be punished — unplugging it as a form of punishment is simply a joke.

    Therefore, CROSSWISE INFOTECH LIMITED advocates that as companies adopt AI, they must simultaneously strengthen internal systems of responsibility. This includes, but is not limited to:

    Restructuring governance frameworks to ensure ethical and compliant use of AI;

    Optimizing institutional design to align responsibilities with AI-related tasks;

    Upgrading employee training to build understanding, analytical skills, and critical thinking around AI outputs;

    Adjusting performance mechanisms to incorporate AI-related duties into KPIs and reinforce a sense of accountability.

    In short, organizations need to cultivate both the ability and mindset for employees to question, evaluate, and apply AI-generated outputs responsibly — only then can they truly overcome challenges and seize opportunities.

    Only by doing so can businesses build a governance system that not only addresses the challenges brought by AI, but also fully unleashes its potential. In fact, the successful adoption of any new technology depends heavily on a clear framework of accountability and a strong organizational culture — principles that CROSSWISE INFOTECH LIMITED has consistently upheld throughout its digital transformation journey.

    Article photo is shot by CrossWise.

  • The First Question in Implementing AI: Cloud AI or On-Premises AI?

    The First Question in Implementing AI: Cloud AI or On-Premises AI?

    The founder of CrossWise InfoTech Limited, as a full member of the Hong Kong Computer Society (HKCS), recently participated in an offline seminar hosted by HKCS titled “Retail Tech Industry Group Seminar – Unlocking AI with Proven Use Cases.”

    The topic discussed at the seminar was highly relevant and appealing to SMEs: leveraging AI technology can significantly boost productivity without increasing headcount.

    Having previously served as the IT Director of a large enterprise group, the founder of CrossWise InfoTech Limited is well-versed in using IT to enhance operational efficiency. Therefore, we strongly believes that appropriate adoption of AI can bring even greater productivity gains than conventional IT solutions.

    However, any decision must be made from a multi-dimensional perspective. For SMEs, the primary consideration has always been — and will always remain:

    Cost-effectiveness.

    If the investment does not justify the return, then talk about AI implementation or digital transformation becomes meaningless.

    Therefore, when potential returns are uncertain, how to effectively control the cost of adopting AI while ensuring the business keeps up with technological trends—without overextending and becoming a casualty—is a key dilemma for business owners.

    Deploying AI on-premises requires purchasing and setting up AI all-in-one servers, costing anywhere from tens of thousands to over one hundred thousand Hong Kong dollars. More importantly, businesses must have a suitable environment to house these machines for stable operation. In a space-constrained city like Hong Kong, this is often a major challenge. Fortunately, electricity costs remain relatively low.

    On the other hand, cloud-based AI services are typically charged per “token.” Since this is a technical term, and different languages, word choices, sentence structures, and even particles can affect token consumption, CrossWise recommends estimating costs assuming 1 Chinese character equals 1 token.

    For standard use cases that do not involve complex computations or analysis, the cost is actually very affordable. Processing one million Chinese characters costs approximately HKD 35 — roughly equivalent to a two-dish lunch set.

    Of course, some business owners may wonder: one million Chinese characters sounds like a lot, but how long would that really last?

    The answer depends entirely on the specific use case. If AI is used internally for non-text-intensive operations, based on CrossWise’s experience, each transaction typically generates around 5,000 characters of data. One million characters could therefore support around 200 transactions.

    From this perspective, the cloud-based AI services clearly offers better value.

    However, for text-intensive operations, each transaction may generate at least 20,000 characters — four times more than non-text-heavy processes. In this case, one million characters would only cover around 50 transactions. The good news is that such operations usually command higher fees, helping to offset the costs.

    Taking the above calculations into account, along with the challenges associated with on-premises deployment, it becomes clear that for SMEs in Hong Kong, the preferred option for AI implementation remains cloud-based AI services.

    Yet, implementing AI involves more than just calculating operating costs. There are also hidden expenses such as process automation reconstruction, integration with existing systems, and more.

    Even more overlooked by many business owners is what CrossWise will explore in our next article:

    Data compliance and privacy protection.

    * Article photo is shot by CrossWise.