Introducing women with a deep interest in cybersecurity

As a Deputy Director in Infosecurity at Ensign InfoSecurity, I work closely with business leaders on a strategic and operational level, providing a consolidated and comprehensive view of the organisation’s cybersecurity posture; ensuring that information security policies, procedures and control techniques support Ensign’s business objectives and the industry’s best practices. I am responsible for the cyber threat intelligence management in the organization and my role is to provide an oversight on the entire intelligence cycle to deliver actionable insights for informational advantages in the domains of cybersecurity, governance, risk, and compliance.

What brought you to the cybersecurity industry?

I majored in Engineering in NUS. It trained me to form connections between disciplines and sharpened my problem-solving skills. My first role was as an Application Developer in systems that combined signal processing and terrain analysis. This sparked a strong interest in system development, and it was a critical learning phase where the security-by-design mindset was ingrained right from the start. I moved from application development to specializing in enterprise applications, information architecture, and to IT Security. Information security is an essential pillar in the design of enterprise applications and architecture. The impetus to balance usability, accessibility and the security of data and the applications was a driving force for deepening my knowledge in cybersecurity.

The more I learn, the more I develop an interest in cybersecurity, as it is challenging yet exciting to be part of cybersecurity and cyber defence. So, when I was offered a role in security operations, I took it.

What were your defining moments in this industry, and factors or guidance that helped you achieve them?

At its core, cybersecurity is about protecting people and organizations from cyber threats. The opportunity to transit into strengthening my forte in IT Security and security operations especially during the COVID-19 period was for me, a defining moment. The attack surface expanded very quickly with everyone working from home, and it created new a mix of challenges. No two days are the same and there are challenges, but the satisfying part is knowing that the work that I do is impactful and fulfilling.

What is it that you love most about your role?

Cybercriminals and threat actors are always looking for new ways to create higher impact cyber offensive platforms. The ever-changing cyber threat landscape and fast-paced environment keeps me on my toes and the challenges in cyber defence motivates me to accelerate the offence-defence divide.

Prominent Cybersecurity trends:

What are some of the trends you have seen in the market lately, and what do you think will emerge in the future?

There are many interesting cybersecurity trends . However, I thought I would call out first, on Social Engineering threats that can impact anyone regardless of age, education level, tech-savvy, Gen-Z or not, because social engineering is about the human mind. The definition of social engineering can be described as a psychological manipulation of people into performing actions or divulging confidential information. With the ease of mobile phone accessibility and the use of social media platforms, the speed at which successful social engineering attacks are faster than ever.

Common social engineering techniques include phishing, spear phishing, vishing, smishing (phishing links sent via SMS messages), impersonation, baiting, quid pro quo. While some of these techniques may not always be linked to cybersecurity threats, technology and the acceleration of digital adoption has made it much easier for attackers to achieve success.

On the global front, organizations are increasingly vulnerable to ransomware attacks. In many cases of ransomware attacks, the motivation is often monetary. Threat actor groups may also target organizations to steal data that can be sold in underground marketplaces and forums on the Deep Dark Web (DDW). Access brokers who support ransomware operators selling compromised initial access, significantly reduce the amount of time ransomware operations conduct an attack.

Poor software development security practices combined with untimely patch and vulnerability management practices open doors to threat actors targeting supply chain upstream. Cloud misconfigurations are opportunities for threat actors to leverage on, leading to cyber exposures.

Operational technology (OT)-related cyber threats are evolving as more OT-specific malware is discovered. With the expansion of the OT cyber threat landscape drastically, OT asset owners and operations are looking at ways to secure their operations and keep critical infrastructures running safely.

Threat actors are invested into uncovering vulnerabilities in IoT devices, many of which are vulnerable to botnet attacks. The security of IoT middleware and platforms are often overlooked in the IoT value chain leading to botnet deployment and cyber-physical implications when integrated with OT systems.

Trends in cyber defence technologies advancements are pushing the boundaries of what organizations can achieve. Leveraging on Artificial Intelligence (AI)-powered cyber analytics in threat detection models to detect unknown threat in behavioral trends and anomalies. Secure data encryption in preparation of post-quantum cryptographic standards are evident that cybersecurity technologies are also evolving at lightning speed.

Females in Cyber Security

What can we do to encourage more women to join the cybersecurity sector?

Being in the industry and as a mentor in AiSP, I believe that it is important for gender diversity in the cybersecurity sector. In a role that calls for various lens, shaped by our experiences and strengths; female perspectives are necessary. I also believe that education plays a role, and women can make an impact by presenting at schools and teaching technology related courses. This way, school-going children have role models to look up to and can be encouraged and developed to be interested in cybersecurity.

The Ladies in Cyber Charter in AiSP was founded on the firm belief that having access to women in the cybersecurity sectors, and by forming networks and connections that women can leverage on for confidence to step into the cybersecurity workforce. So, join us for the various events and I look forward to meeting you!

Final thoughts

How can you debunk the myth that cybersecurity is only for men? Is there any indication this stereotyping is changing?

It was an embedded belief from all the years of engrained misconceptions that women are not technical. Daughters have always been told to be doctors, nurses, bankers or secretaries but they have never been encouraged to take IT or cybersecurity as a career. Times have changed.

It is heartening to know from the latest (ISC)2 Cybersecurity Workforce Report – Women in Cybersecurity Young, Educated and Ready to take Charge (https://www.isc2.org/Research/Women-in-Cybersecurity#), that the percentage of women in cybersecurity sector is roughly 24%, which is significantly higher finding from 2017, when only 11% of the study respondents were women. The report figures show that women are forging a path to management in the cybersecurity sector as well.

This is an inspiring reflection of women increasing their presence in the cybersecurity sector, and an encouraging sign for those who are considering on a career in the information security and cybersecurity industries.