LADIES TALK CYBER SERIES - MAY SERIES

Introducing women with a deep interest in cybersecurity

Sandy focused on cybersecurity governance and technology risk management throughout her career, covering both public and private sector organisations such as the Monetary Authority of Singapore, the Cyber Security Agency of Singapore and KPMG. She joined OCBC Bank’s Group Operational Risk Management (ORM) function in 2019, where she works with the Cyber Risk Management team to continuously enhance cyber risk management and governance for the Bank.

What brought you to the cybersecurity industry?

It has to be the image of the cool hacker wearing a black hoodie, typing away in a dark room with dim lights and facing multiple ‘matrix screens’ in front – Not! Nothing of these sort really. It started out with a bachelor degree in IT and then the opportunity to work as a Security Analyst (‘SA’) in a Security Operations Center (‘SOC’).

What were your defining moments in this industry, and factors or guidance that helped you achieve them?

Prior to attaining a degree in IT, I worked as a IT Helpdesk in a call centre as a part-timer. Taking calls, troubleshooting Windows NT issues and logging tickets were the key tasks that I had to perform in that role. But after getting a taste of what cybersecurity career can offer in my role as a SA, I have never looked back since and I managed to explore other cybersecurity roles along the way, with great advices and guidance from people whom I called – Mentors. I was fortunate to have met a precious few and all of them had invested in my career, shaped the good values I harnessed today by being a role model themselves, provided an ‘it’s ok to fail’ environment and perhaps, risk a little of their career for my growth at some point! Would like to take this opportunity to thank one female mentor I have met, known, and continue to look up to for more than a decade now - Thank you, Ms Jean Chung!

Success definition differs from one individual to another. For me, it has to be the various cybersecurity role transformation in this industry and the continuous learnings. The latter includes learning from my co-workers because I am a firm believer of ‘your team’s success, defines yours’.

What is it that you love most about your role?

One of the many loves I have for my cybersecurity career, is that I can talk about cybersecurity with anyone who is not ‘cyber trained’ nor ‘IT trained’. Given the number of cybercrimes and major cyber incidents which are widely reported in the news these days, it can be a topic for sustaining a conversation and bringing awareness to many around me. Did I mention it became easier for me to explain what I do for a living to my parents? They almost had the impression that I was working as a security guard when I tried explaining what a SA does in SOCs!

Prominent Cybersecurity trends:

What are some of the trends you have seen in the market lately, and what do you think will emerge in the future?

Cyber warfare is definitely what every country should be prepared of. Some may even argue that this is not a trend, but have already started because unlike a physical war where the world knows exactly when there is a launch via air-raid, a cyber warfare may not be apparent until the impact can be witnessed. But certainly, state-sponsored cyber-attack is on the rise with more sophisticated ways to ‘get in’ than before. Therefore, to have a heightened cyber vigilance workforce across organisations and a pool of cyber resilience citizens in addition to all the automated defences put in place, are absolute key components in strengthening overall cyber defences against the adversaries, making it one of the trends and focuses in enterprises and countries.

Females in Cyber Security

What can we do to encourage more women to join the cybersecurity sector?

There are many roles to play (and to be filled up) in cybersecurity industry. A number of initiatives have been launched at different levels, with programs in schools and universities, as well as career switch program which encourages individuals in their mid-career to do the switch in the cybersecurity world. Personally, I know of a handful female ex-colleagues who took a pause in their careers to take care of their young children at home. The pandemic has proven that there isn’t only one way to work (in the office that is), and given the acceptance of a flexible way of working from anywhere, Moms like them can essentially be trained and offered an opportunity to join the cyber defence workforce. I’d call them – “Moms in Cyber” 😊

Final thoughts

How can you debunk the myth that cybersecurity is only for men? Is there any indication this stereotyping is changing?

Over the years, I have witnessed more ladies in the cybersecurity industry in the conferences or meetings I attended. While this is definitely a positive sign, vacancies of cybersecurity jobs still exist. Similar to how women can offer different perspectives and viewpoints in other domains and topics, cybersecurity is no different.

A more holistic and comprehensive approach is only possible when a balance mix between the 2 genders comes together in addressing issues brought upon by cyber threats today.

Finally, to any ladies out there who are keen and wish to join this profession, there is always a suited role for you in this space once you are willing to make that first move to find out more. To all the women and men out there mentoring ladies in cyber (like the ones I have the privilege in meeting from AISP!), thank you for your contributions in doing so.