Insights on Cybersecurity

By Charles Windle

On 15 December 2019, Advisory brought together professionals and students at Discover: Cybersecurity to demystify and share some of their insights on cybersecurity. Discover: Cybersecurity was organized by Advisory, alongside the Cyber Security Agency of Singapore (CSA) and the Association of Information Security Professionals (AiSP).

Attending the young professionals’ panel were: Ms Shaily Shah, Founder and CEO of BluePhish (which engages with all users to spread cybersecurity awareness); Mr Eugene Ng, a Senior Cybersecurity Specialist at GovTech; Mr Emil Tan, Lead and Co-Founder of Division Zero (an open community of cybersecurity experts and enthusiasts); Ms Juhi Ramireddi, a Security Consultant at Accenture Security; and Ms Sharmine Low, System Engineer at the National Cyber Incident Response Centre in the Cyber Security Agency of Singapore. The panel was moderated Eugene Lim, a security researcher and white hat hacker who has worked on several bug bounty programs. 

All the professionals shared important insights about cybersecurity and the future of the industry. They emphasized that as the world becomes more and more digitalized, digital platforms will present increasingly profitable targets of cybercrime and hackers. Therefore, cybersecurity is more important than ever to ensure that confidential information is not stolen or compromised.

  1. Many people believe that spending money on anti-viruses and other cybersecurity software will reduce the risk of cyberattacks. However, many cyber attacks occur due to a human error, such as an ignorant employee inserting a compromised USB into a workplace PC, giving away sensitive information unknowingly, or even forgetting to log out. These issues are almost impossible to rectify with technology alone.
  2. Cybersecurity, unlike in the movies, is not just about “hacking”, where mysterious figures in hoodies type lines of code and break into systems. The field of cybersecurity is much more diverse, ranging from penetration testing (similar to hacking in movies) to designing security software to responding to cyberattacks.
  3. Unlike the classic stereotypes where hackers can gain full access to a system within seconds, malware analysis and system penetration often takes much longer. It can take around half an hour to determine if a software is malicious, and days to weeks to discover the full capabilities of a malware.

1. Cybersecurity is an extremely diverse field and everyone is a specialist in one small area. In order to stay relevant, you have to constantly learn and improve your skills, and there are a plethora of websites and resources available online for you to do so. 

In the same vein, many skills are applicable across cybersecurity fields. Good offensive (“penetration testing”) skills and knowledge are often necessary to build adequate defenses and design good countermeasures. 

2. For those interested in cybersecurity but unsure of where to start, a good starting point is to search in a library or online for resources with hands-on content. As one learns, one will discover more content to explore and expand one’s knowledge. The ability to code/script and other fundamental skills are also very important across all aspects of cybersecurity and are invaluable if one wishes to enter a cybersecurity career. 

Alternatively, interested individuals can also participate in online Capture-The-Flag (CTF) competitions, where a series of cybersecurity-related challenges are available to test one’s skills. While attempting each challenge, one will be able to glean practical experience and lessons.

After the breakout sessions, we hosted 2 senior professionals who are veterans from the industry: Mr Darren Teo (Chief Executive, CSIT, MINDEF) and Mr Freddy Tan (Vice-President, Cyber Security Solutions & Services, Ensign Infosecurity (EIS)). Mr Freddy Tan is also an EXCO Member with the AiSP.

  1. Ten years ago, many cyber-attacks originated from simple loopholes in cyber hygiene or negligence. Now, cyber-attacks have evolved to become much more powerful and complex. To defend against such sophisticated attacks, a different set of skillsets are required for those looking to join the profession. It is thus important that one keeps updated on the latest threats and technologies.
  2. Cybersecurity is extremely important for Singapore, which aims to be a Smart Nation. As Singapore becomes increasingly digitalized, many aspects of society will move into the digital realm. Just as criminals in the past used to rob banks, modern criminals will now seek to attack digital infrastructure. 
  3. Cybersecurity may seem very technical on the surface and appears to require lots of coding and IT experience. However, cybersecurity is not just about computers and machines. It is also a very human problem; after all, those committing cybercrimes are people, not machines, and the most common causes of cyberattacks are due to human negligence. 

Therefore, it is extremely important to be able to communicate basic cybersecurity awareness and practices to end-users so that they can better protect themselves and organizations they work in from cyber threats. Similarly, technical knowledge is not the only skill required in cybersecurity; knowledge of legislation, for example, can also be very useful.

One of the youth participants, Ahmed Bahajjaj, a second-year Computer Science student at the National University of Singapore, signed up for the event after coming across an email from his institution as he saw it as a good opportunity to hear from professionals first-hand about cybersecurity careers and industry trends.

“Interacting with different professionals in various parts of the industry helped to broaden my perspectives beyond what I initially thought of the cybersecurity industry”, Ahmed shared of his experience at the session.

A big thank you to the CSA, AiSP, as well as the professionals and students who have joined us – we hope to see you again at future events!