Conversations with Jennifer Soh

Jennifer is currently a Cybersecurity Forensics Investigator in GovTech. She studied Engineering in Nanyang Polytechnic, went on to do a double degree in Cyber Forensics and Computer Science in university, and previously worked in the IT field. She enjoys reading up on forensic science crime cases by the CSI as well as taking care of her canine dog at home during her spare time.

Jennifer: For forensic investigation, what a forensics investigator does is to really dive into investigating the root cause of an incident, as well as the forensic acquisition of servers, laptops and machines to determine the computer activity. From there, we can actually find out what the attacker did or what the malware did to the systems, and determine the impact on those systems. From there, we also look at the surrounding environment of the systems and assess whether there has been any impact on the whole of government. We also look at whether this system is compliant with our policies and what we can recommend to secure these systems against future breaches or malware infections.

Apart from that, because incidents occur at work every day, we also need to see what tools are available out there to help enhance our forensic investigation efficiency. Therefore, research work and capability development are very important for us.

J: For the forensics part, other than the capability development, we actually have to go down to the agencies’ data centre to acquire forensic images of their servers. So, for acquisition we usually spend a day there to look at the process of acquisition to ensure that it is complete and the evidence is forensically sound.

J: This is actually my third job. I have had experience in the cybersecurity field, but a different skill set was required then. For forensics, I am new to this job. It has been challenging and interesting, because forensics actually covers a wide scope, from acquisition to analysis, and on top of that, we have to make sure that our evidence is sound and we are able to present it to our management. This line of work is actually quite interesting to me.

J: Not really. For my first job, I was actually in IT, and from there I had the opportunity to appreciate cybersecurity. Cybersecurity comprises both IT and IT security, so we actually get best of both worlds – which is interesting.

J: Firstly, whether I have the relevant knowledge and skill set to venture into cybersecurity, because IT itself does not really delve into the security aspects, focusing instead on troubleshooting, or how to dismantle a computer. Cybersecurity does not really touch on that, and instead dives into the knowledge of how systems work, how the systems are configured, and how to secure these systems. Thus, there is some knowledge gap between IT and cybersecurity.

J: Before I made the switch, I actually had no expectations, because I did not know what to expect since it is a new domain for me. And it actually turned out to be what I like and what I am passionate about – and perhaps having no expectations was good for my career switch.

J: There are many opportunities given to us by the bosses and management; for instance, in letting us go overseas for exposure since the overseas landscape is very different from Singapore’s. My colleagues have also been a great help; we are all very open-minded to sharing things that we have learnt.

J: What motivates me is the passion for cybersecurity and forensics, and the knowledge that we get to help Singapore and government agencies to find the root cause of an issue or to help secure a system – this job satisfaction really keeps me going every day.

J: Forensics is a very niche skill set, and when I ventured into the forensics world, I actually tried to do research on it but there was no comparison in Singapore to gauge the forensics landscape, so I had to look to other countries to do so. The difference between Singapore and other countries is that other countries probably have more authority, in the form of search warrants, to seize computers, but for Singapore these are usually done by the law enforcement agencies. So, for forensics investigators in the government, I knew that we would only do forensics investigation and acquisition, but for cybercrime it would be dealt with directly by the law.

J: For me, I would always want to challenge myself, so in the next 5 years I will probably still stay in this industry and explore different aspects of cybersecurity.

J: For me, it would be adaptability, because the threat landscape is constantly changing and we have to adapt to these new changes and enhance our own capabilities. Next would be developing others and building a successful team, since both tie in together. For cybersecurity, we always have to collaborate with people with different skill sets. For instance, a forensics investigator would have to work with malware analysts if there are malware samples. So, in order to achieve a successful investigation, we always have to encourage and complement each other with our different skill sets.

J: I think one should never be afraid of experiencing setbacks; the path you take might not be the one you like, but it might be a stepping stone for a career in cybersecurity. So, even if you were previously from IT or any other domains, just continue to learn. For example, participate in forums or do some courses that show that you are actually passionate about learning and venturing into this cybersecurity domain.