Introducing women with a deep interest in cybersecurity

Alina is a Senior Cybersecurity Engineer at the Land Transport Authority (LTA), contributing primarily in the area of automotive cybersecurity regulations, hands-on technical research, and engineering. She currently leads the Automotive Security practice in LTA.

Aside from work, Alina is also an active contributor to the wider cybersecurity community. She founded and leads the Car Security Quarter (CSQ)—a Singapore-based automotive cybersecurity special interest group and the Singapore Chapter of the Automotive Security Research Group (ASRG-SIN)—a global non-profit initiative that promotes knowledge sharing and development of security solutions for automotive. She set up these platforms to allow cybersecurity professionals, enthusiasts and students to interact with the wider community and perform hands-on learning and research on automotive cybersecurity.

What brought you to the cybersecurity industry?

Cars and computers have always fascinated me for as long as I can remember. I undertook an ethical hacking class during my tertiary education, and I particularly enjoyed the challenge and satisfaction of understanding and “breaking” computer programs to make them perform tasks other than what it was originally designed to do. That sparked my interest in cybersecurity and I started my cybersecurity career with Booz Allen Hamilton as a cybersecurity consultant.

As a car enthusiast myself, I started applying cyber security mental models to automotive systems to further understand these highly complex systems and challenged myself to “break” them. With this passion, I started the Car Security Quarter (CSQ) with the help of Division Zero to gather like-minded enthusiasts to work on automotive cybersecurity.

What were your defining moments in this industry, and factors or guidance that helped you achieve them?

I believe in having mentors across different circles and not just within the workspace. I had mentors guiding me throughout my career, providing me with valuable input and guidance on how to balance and navigate my career as a cybersecurity practitioner with my interest within a very niche field of cybersecurity. I also had mentors within the cybersecurity community that allowed me to gain technical hands-on experience with automotive cybersecurity through my exposure with CSQ.

Setting up CSQ was a defining moment for me, as it has given me the chance to work with a diverse group of people of varying background and specialties. From programmers to exploit developers, they have all brought to the table wonderful ideas and different perspectives on how to tackle challenges we faced.

The combination of mentorship guidance and community exposure shaped me to whom I am today.

What is it that you love most about your role?

Cybersecurity is an ever-changing landscape that requires a lot of upskilling, time, and interest to progress further. Furthermore, with emerging technologies such as autonomous vehicles that will soon be integrated towards our daily lives, it is imperative for us to secure these intelligent systems to ensure safe, resilient and robust systems.

Being able to work on my interest such as automotive cybersecurity, there is a sense of fulfilment as it keeps me constantly challenged to understand and secure the automotive cybersecurity landscape.

Prominent Cybersecurity trends:

What are some of the trends you have seen in the market lately, and what do you think will emerge in the future?

With the introduction of Connected, Electric, and Autonomous vehicles, we see that vehicles are increasingly connected and highly reliant on technology. However, this reliance on connected functionalities might expose different attack surface areas for attackers. The cyber risks of these connected vehicles have been revealed by security researchers in recent years, with attacks being conducted on various vehicular makes on the infotainment systems, in-vehicle networks, telematics etc.

However, we see that the automotive industry is rethinking cybersecurity throughout the whole value chain – The upcoming UNECE WP.29 regulations will require OEMs to implement specific cybersecurity and software-update practices and capabilities for vehicle type approval process. Similarly, the upcoming international standard, ISO 21434, aims to establish a security lifecycle throughout the entire automotive environment.

With emphasis being placed on Security-By-Design, Detection and Response, Cyber-Risk management, and Safe and secure updates; Vehicle Manufacturers/OEMs must ensure that their upstream supply chain partners are required to follow and provide evidence of complying to regulations to support the type-approval process and implement best practices to mitigate cybersecurity risks.

Females in Cyber Security

What can we do to encourage more women to join the cybersecurity sector?

As cybersecurity is a relatively large field, it can always be daunting to look for a specific career path. There are many different aspects like threat intelligence, offensive security, forensics, vehicle security, and many others. My advice is to always look for mentors that can provide good guidance to pave your career in cybersecurity. Having a curious mindset and not being afraid of failures is also very important.

I would also advise women to join local cybersecurity community groups or associations within Singapore. Division Zero, for example, has a Women in Cyber chapter that focuses on technical, hands-on, and upcoming mentorship programs for women. There are also mentorship programs within associations like AiSP, Singapore Computer Society (SCS) etc. I think it's a good way to approach other women in this industry and improve both your technical and soft skills.

Final thoughts

How can you debunk the myth that cybersecurity is only for men? Is there any indication this stereotyping is changing?

As with any fields, especially in cybersecurity, one can’t be expected to know everything. So definitely mix around with the associations and communities, attend talks and meetups and absorb all this knowledge like a sponge. Never stop trying, especially when it comes to research work, it may be frustrating at times, but the results are certainly rewarding.