Women in cybersecurity – GovTechies on life as cyber guardians
Cyber-guardians at GovTech! Photo: GovTech
Did you know that women make up just over 40 per cent of Singapore’s tech workforce, a significantly higher proportion than the global average of a little under 30 per cent? Still, the government has continually encouraged more women to join the tech sector, both to ease the talent crunch in the industry and to foster diversity.
As we celebrated International Women in Cyber Day last month, we spoke to three GovTechies in cybersecurity roles on what it’s like as a woman in the industry, how they got started, and their hopes for the future.
Hi, thanks for taking the time to speak with us! Why don’t we start by hearing about what you do at GovTech?
Janice Chua, Deputy Director, Cybersecurity Strategy and Planning: The Cyber Security Group’s (CSG) strategy and planning team is responsible for the entire government’s cybersecurity strategy.
We work with internal stakeholders within GovTech and other agencies like the Cybersecurity Agency of Singapore (CSA). This could mean monitoring emerging cyber trends, identifying gaps in our existing strategies, and architecting cybersecurity development plans for the government. Ultimately, our work contributes to building a more secure digital government for Singapore.
Tham Mei Leng, Chief Information Security Officer, deployed to Ministry of Sustainability and the Environment (MSE): My team is in charge of the ministry’s overall ICT security strategy and ensures that it is aligned with the organisation’s business needs.
It’s part of the job to continually pick up new skills in the evolving realm of IT and data security so that we stay relevant and prepared. In particular, there are numerous cross-sharings at the Whole-of-Government (WoG) level by both GovTech and CSA, where I get to learn about cyber incidents and defensive measures beyond MSE.
Because my colleagues know the work I’m involved in, they often approach me for generic cybersecurity advice, even for non-work-related cyber hygiene.
Yvette Tay, Senior Cybersecurity Specialist, Security Operations Centre Engineering and Operations: My team in CSG runs two Security Operations Centres (SOCs). The first SOC provides a platform for vulnerability management across WoG central services. Security vulnerabilities are quickly identified and acted upon.
The second provides cybersecurity monitoring. My team is responsible for the service management of the SOC, establishing the operations processes, streamlining operations tasks, and ensuring there is no disruption to service availability.
What’s your proudest moment in your cybersecurity career so far?
Yvette: In a previous role, I was the only female business critical Cybersecurity Engineer in my Asia Pacific team, supporting accounts for premium customers on a wide range of cybersecurity products. The role was challenging and there were several occasions where I had to go onsite at short notice for high-priority escalations to resolve urgent product issues. Despite having to work across time zones, cultures and teams on mostly novel technical problems, my support team and I managed to get all the issues resolved for my premium customers.
Janice: It’s gratifying to see the government’s cyber defence plan coming together and having a sound strategy backed by a motivated and committed team. It’s what enables us to spring into action and respond when incidents like the SolarWinds attack occur.
Mei Leng, you were named one of the top 30 women in cybersecurity at the ASEAN Region Awards this year. What was that like?
Mei Leng: I am humbled and grateful to be the recipient of the award. I felt thankful that my work had been recognised. It motivates me to continue to challenge myself to achieve greater heights.
What inspired you to pursue a career in cybersecurity?
Janice: My bosses in CSG took a chance on me and gave me the opportunity to pursue a career in cybersecurity even though I came from an economics background. I embarked on this path as I thought it was important to build knowledge and gain skills in cybersecurity as we move towards an increasingly connected and digital world.
Yvette: Cybersecurity is an interesting field, and I get a sense of job satisfaction knowing that my work has a direct impact on not just the company, but the country.
Mei Leng: I started out in IT development and project management. After years of rushing out systems and code deployments, it suddenly struck me during a quiet moment, to question whether our common practice of leveraging open-source codes and libraries would post robustness and security issues for the systems we had developed. This “aha” moment piqued my interest to read up more on computer security, and I decided to make a bold move to pivot into cybersecurity.
How has GovTech supported your career in cybersecurity?
Mei Leng: My bosses and colleagues in CSG are warm and collaborative, often sharing their knowledge.
CSG has also been generous in ensuring we have the time and resources to continually improve our capabilities, keeping us abreast of wider developments in digitalisation and cybersecurity. This enables us to make sound recommendations in balancing the changing operational needs and evolving cybersecurity situations.
Janice: Indeed, I have had good bosses who gave me opportunities to expand my knowledge in cyber by attending courses from renowned cybersecurity organisations like the Sans Institute and EC Council. Above all, I’ve learnt a lot on the job from my fellow colleagues as they have been most generous in sharing their knowledge and explaining complicated cybersecurity concepts.
Lim Bee Kwan (the Assistant Chief Executive of Governance and Cybersecurity at GovTech) has also served as a good role model of a female leader in the cybersecurity space.
Any words of advice for women who aspire to a cybersecurity career?
Yvette: It is never too late to start picking up new skills, especially in your areas of interest. You will be rewarded with a great sense of achievement as you slowly build and expand your technical and business domain knowledge.
Janice: Build your networks. There are many good platforms and communities to join like the Singapore Computer Society and the Association of Information Security Professionals. Speak to people in the field and learn more about what they do to see if the work truly excites and interests you.
Mei Leng: Cybersecurity is not a “high wall”, but a “long-run”. It requires passion, regardless of gender, to continue the journey as technology changes quickly and cyber threats are always evolving. It is not a job where muscular strength is an advantage. What it needs is mental grit, agility, and resilience.
I am glad to see more women in different disciplines within cybersecurity.