Recent cybersecurity incidents such as WannaCry ransomware and the cyber-attacks on four Singapore universities in April underscore the importance of a forward looking and strong cybersecurity community in our increasingly digitally connected world. The IT Society found out from Emil Tan, winner of the Professional Award at the inaugural Cybersecurity Awards, how it is like to be combatting these emerging threats on a professional level.
Q: Question, ET: Emil Tan
Q: What are your views about cybersecurity gaining interest among the media and the public recently?
ET: Cybersecurity is not something new. But much has changed in the past 10 years – not so much the specialisation, but the way people perceive it. For example, while we continue to hold strong to the mantra (1) protect, (2) detect, (3) response and (4) recover; governments, organisations and even the man on the streets have come to recognise cybersecurity as a backbone to empower progress today. Particularly, it is encouraging to see greater awareness in cybersecurity among everyday users.
On the flip side however, media has oversimplified what cybersecurity EMIL TAN Member, SCS Assistant Manager, Cyber Security Management, Infocomm Media Development Authority (IMDA) Age: 29 Favourite Way to Relax: Playing Hearthstone (a collectible card game played online) Currently Reading About: IoT Security Pet Topic of the Moment: Cyber-physical Security Professional Hero: Bruce Schneier Heart Facts: DNA of a Passionate Cybersecurity Defender professionals do at work, causing people to think that our job is glamorous, all about hacking, or only starts when a system build is complete.
Q: How have these perceptions impacted the growth of the industry?
ET: We see a growing number of aspiring cybersecurity professionals. But, because they join the industry thinking that they will be fighting hackers every day, they are likely to drop out once the initial excitement wears off and realisation sets in that the job can be rather process driven. Plus, having to advocate security to people, including developers and users, who sometimes have little knowledge about cybersecurity can be frustrating. Hence, we see people leaving the industry before they get to appreciate the workings of the job or rotate around different roles without being passionate about what they do.
Q: Then how did you become so passionate about cybersecurity?
ET: For me, my love for cybersecurity can be traced back to my polytechnic days. I enjoyed many modules in my course and was hungry to learn more. This led me to engage with special interest groups, which provided interaction opportunities with industry professionals. I also gained first-hand experience during my polytechnic and university internships. These exposures cemented my understanding of the industry and seeded my passion to specialise in the field.
Q: Is there any point when you lost your passion?
ET: Compared to others who entered the industry after completing their studies, I have kept in touch with the industry throughout my tertiary years. Therefore, I did not have any “culture shock” when I eventually joined the industry.
However, I did get distracted during my varsity days when I chose to do a topic on big data and machine learning – nothing about cybersecurity – for my bachelor dissertation. Being in the creation space was different, and exciting.
But all it took was an attempt to fuse cybersecurity into the programming and analytics project I was working on – and my passion for security was rekindled afresh. I was like a child all over again – excited to explore, ecstatic about every discovery and wanting to do more. It dawned on me that security is really what I enjoy and where I will like to build my career.
Q: You founded Edgis, a special interest group dedicated to cybersecurity. What drove you to do so?
ET: I was following cybersecurity conversations closely online through Twitter and podcasts, and was inspired by how close the community was overseas. This is different from our local community, which is more business-oriented. So I set up Edgis in the hope of creating a platform for enthusiasts and hobbyists to gather and share their thoughts and knowledge.
Q: Besides Edgis, you also give talks and take part in conferences. Why is knowledge sharing important to you?
ET: The global technology community has always been big on sharing. And I have benefitted from this sharing culture through participation in various seminars and conferences. Being part of the community, I see it as my duty to keep this sharing going. In my personal experience, sometimes just by sharing for ten minutes, it could well be what is necessary to help someone with their job or project.
Q: What are your hopes for the community in the future?
ET: While we have made good progress in the last few years, our community is still very much in the infancy stage as compared to some other countries. Getting people to speak is still difficult. I would really like to see more Singaporeans stepping up, and becoming more active in international collaborations, so we try to facilitate such activities at Edgis. I hope more can join us!
“Like everything else, it all comes down to passion in cybersecurity. The technology landscape will only continue to change. Therefore, we have to be fired up to keep learning. Otherwise, what we know now will soon become obsolete, and we won’t be able to keep up.”