1. Tell us a bit about your background and how you ended up in your current role.
I started as a developer in the year 1999. I held various roles and responsibilities in different organizations from small, medium to large corporations over the 20 years. I started from technical and slowly moved towards management roles. I transitioned to IT Security when I was involved in IT Governance, Risk, and Compliance. It started with Risk Management, and eventually, I was given an IT Security manager role in charge of the implementation of ISO27001. I started exploring Cybersecurity and that is how I ended up doing what I do now which is IT Security Audits, Cybersecurity Assessments and developing frameworks and policies.
2. What is the biggest challenge you face within your role today and how are you looking to tackle it?
One of the biggest challenges is the rapidly evolving technologies which have their complexity. We hear new vulnerabilities and new ways of exploitation it keeps changing. Hence, being in the Cybersecurity role requires one to stay vigilant and keep up with the changes as fast as it evolves. One way that I could tackle it is to make sure my knowledge and skill gap is addressed. I make sure I keep myself updated by attending training, reading, and practising.
3. Describe a way that you help your organisation understand the value of cybersecurity?
My role requires me to be able to not only look back (the auditing) but also look ahead (proactive risk approach). Identifying what may go wrong with current practices, where the business could do better and provide an early signal of risk exposures along with ways to mitigate before it causes any damage to the business and bridge the gap between the technicalities and management by translating them into ways that the business could understand better. The organization can see the value when there is clarity which provides a better understanding of the rising threats and cyber risks, along with the detrimental impact it has on them.
4. What do you wish you knew about the success of a cybersecurity journey that you know today?
That Cybersecurity is not siloed or a standalone field. It requires everyone’s participation from all levels; for example; small negligence could lead to large impact incidents and it may start even start from a reason such as lack of awareness.”
5. What strategies do you employ to keep current in a technological environment which is rapidly changing and developing?
By employing a constructive learning strategy. It involves not only upskilling by attending the training programs, webinars, participating in online community and forums but also incorporate what I learn with my own working experiences and applying it in my day to day job.
6. How do you determine what technology to invest in and how can you stay current with all the changes?
Of course, most of it is decided based on organization direction but prioritize based on the need, which is determined by must have or good to have. Because investing in technology also includes having the resources and capabilities to manage it and adapt to the changes that come with it.