LADIES TALK CYBER SERIES - JUNE SERIES
Introducing women with a deep interest in cybersecurity
Alina is a Senior Cybersecurity Engineer at the Land Transport Authority (LTA), contributing
primarily in the
area of automotive cybersecurity regulations, hands-on technical research, and engineering. She
currently
leads the Automotive Security practice in LTA.
Aside from work, Alina is also an active contributor to the wider cybersecurity community. She
founded and
leads the Car Security Quarter (CSQ)—a Singapore-based automotive cybersecurity special interest
group and the
Singapore Chapter of the Automotive Security Research Group (ASRG-SIN)—a global non-profit
initiative that
promotes knowledge sharing and development of security solutions for automotive. She set up these
platforms to
allow cybersecurity professionals, enthusiasts and students to interact with the wider community and
perform
hands-on learning and research on automotive cybersecurity.
What brought you to the cybersecurity industry?
Cars and computers have always fascinated me for as long as I can
remember. I
undertook an ethical hacking class during my tertiary education, and I
particularly enjoyed the
challenge and
satisfaction of understanding and “breaking” computer programs to make
them perform tasks other than
what it
was originally designed to do. That sparked my interest in cybersecurity
and I started my
cybersecurity career
with Booz Allen Hamilton as a cybersecurity consultant.
As a car enthusiast myself, I started applying cyber security mental
models to automotive systems to
further
understand these highly complex systems and challenged myself to “break”
them. With this passion, I
started
the Car Security Quarter (CSQ) with the help of Division Zero to gather
like-minded enthusiasts to
work on
automotive cybersecurity.
What were your defining moments in this industry, and factors or guidance that helped you achieve them?
I believe in having mentors across different circles and not just within
the
workspace. I had mentors guiding me throughout my career, providing me
with valuable input and
guidance on how
to balance and navigate my career as a cybersecurity practitioner with
my interest within a very
niche field
of cybersecurity. I also had mentors within the cybersecurity community
that allowed me to gain
technical
hands-on experience with automotive cybersecurity through my exposure
with CSQ.
Setting up CSQ was a defining moment for me, as it has given me the
chance to work with a diverse
group of
people of varying background and specialties. From programmers to
exploit developers, they have all
brought to
the table wonderful ideas and different perspectives on how to tackle
challenges we faced.
The combination of mentorship guidance and community exposure shaped me
to whom I am today.
What is it that you love most about your role?
Cybersecurity is an ever-changing landscape that requires a lot of
upskilling,
time, and interest to progress further. Furthermore, with emerging
technologies such as autonomous
vehicles
that will soon be integrated towards our daily lives, it is imperative
for us to secure these
intelligent
systems to ensure safe, resilient and robust systems.
Being able to work on my interest such as automotive cybersecurity,
there is a sense of fulfilment
as it keeps
me constantly challenged to understand and secure the automotive
cybersecurity landscape.
Prominent Cybersecurity trends:
What are some of the trends you have seen in the market lately, and what do you think will emerge in the future?
With the introduction of Connected, Electric, and Autonomous vehicles,
we see
that vehicles are increasingly connected and highly reliant on
technology. However, this reliance on
connected
functionalities might expose different attack surface areas for
attackers. The cyber risks of these
connected
vehicles have been revealed by security researchers in recent years,
with attacks being conducted on
various
vehicular makes on the infotainment systems, in-vehicle networks,
telematics etc.
However, we see that the automotive industry is rethinking cybersecurity
throughout the whole value
chain –
The upcoming UNECE WP.29 regulations will require OEMs to implement
specific cybersecurity and
software-update
practices and capabilities for vehicle type approval process. Similarly,
the upcoming international
standard,
ISO 21434, aims to establish a security lifecycle throughout the entire
automotive environment.
With emphasis being placed on Security-By-Design, Detection and
Response, Cyber-Risk management, and
Safe and
secure updates; Vehicle Manufacturers/OEMs must ensure that their
upstream supply chain partners are
required
to follow and provide evidence of complying to regulations to support
the type-approval process and
implement
best practices to mitigate cybersecurity risks.
Females in Cyber Security
What can we do to encourage more women to join the cybersecurity sector?
As cybersecurity is a relatively large field, it can always be daunting
to look
for a specific career path. There are many different aspects like threat
intelligence, offensive
security,
forensics, vehicle security, and many others. My advice is to always
look for mentors that can
provide good
guidance to pave your career in cybersecurity. Having a curious mindset
and not being afraid of
failures is
also very important.
I would also advise women to join local cybersecurity community groups
or associations within
Singapore.
Division Zero, for example, has a Women in Cyber chapter that focuses on
technical, hands-on, and
upcoming
mentorship programs for women. There are also mentorship programs within
associations like AiSP,
Singapore
Computer Society (SCS) etc. I think it's a good way to approach other
women in this industry and
improve both
your technical and soft skills.
Final thoughts
How can you debunk the myth that cybersecurity is only for men? Is there any indication this stereotyping is changing?
As with any fields, especially in cybersecurity, one can’t be expected to know everything. So definitely mix around with the associations and communities, attend talks and meetups and absorb all this knowledge like a sponge. Never stop trying, especially when it comes to research work, it may be frustrating at times, but the results are certainly rewarding.