The Association of Information Security Professionals (AiSP) are pleased to be supporting the Top Women in Security ASEAN Region Awards 2023.
In contribution to promoting women in security, we present an interview with Sandy C.,
1. A writeup of yourself sharing where you work and what make you joining the Cybersecurity?
Am currently with the leading healthcare technology firm in Singapore – Integrated Health Information Systems Pte Ltd (IHiS). In my career thus far I focused on cybersecurity governance and technology risk management covering both public and private sector organisations such as the Monetary Authority of Singapore (MAS), the Cyber Security Agency of Singapore (CSA), KPMG and OCBC Bank.
Joining the Cybersecurity workforce didn’t quite start out with a plan.
I started in the days when it was known as the ‘computer security’ era, when I was working as a Data Centre Security Operator, fresh out of school. The industry then moved on to the ‘information security’ era before we got to today’s ‘cyber security’. It was then I worked as an IT Security Analyst in a Security Operations Centre (SOC), followed by an IT Auditor role in an international consultancy firm and transitioned to my recent roles in the Cybersecurity Risk Management domain. Through these 14 years in the cybersecurity industry, the journey has been exciting and colourful for me and is one that I never looked back on with regrets.
2. Your daily work and what motivate you to stay?
As a member of the cybersecurity risk management team within the Cyber Defense Group in IHiS, my daily work involves driving towards a key goal which is to continuously enhance cyber risk management for public healthcare.
When I had the opportunity to work with various critical sectors during my time at CSA, I learned that the financial sector which I was most familiar with, is the most mature in terms of cyber defence. Naturally so because for decades, they had been the most (cyber) targeted by monetary-driven adversaries.
Unlike healthcare, it was probably over the last 10 – 15 years that various threat actors have shown great interest to exploit, ransom and cripple the systems in this sector. In 2018, we were not spared by a cyber-attack initiated by unidentified state actors which resulted in the largest data breach in the nation. To add to the complexity of cyber defense, healthcare is also transforming rapidly with digitalization involving new technologies.
My main motivation in joining the cyber defence workforce in the healthcare sector was derived from all of these few key challenges described above, and to be able to contribute in ways I can in my current role.
3. What experience and what you want to tell the rest of the females out there?
Be a ‘TLC lady’ – not the common Tender, Loving, Care attributes but:
‘Try’ – Take that first step and overcome any doubt you have, even if it means walking out of your comfort zone at times. As women, we tend to undermine what we can do, with what we have. But we can only have more when we dare to try!
‘Learn’ – Cybersecurity field is ever-evolving where the only constant is change. You will never find yourself in a boring industry where you perform similar work for the next 20 or 40 years in your career.
‘Create’ – If you are someone who likes to effect positive change to friends and families around you, or maybe enjoys collaboration and brings new perspectives, cybersecurity is definitely an industry for you to onboard or stick to because this field is ever-evolving therefore, enabling opportunities for creations to be made possible.
4. A story that you want to share.
Not everyone in the cybersecurity workforce started with a plan.
Not me for sure. I am a living example of how one person in the cybersecurity industry can keep learning and transitioning between a variety of roles and not thinking of calling it quits. However, if you are someone that is considering embarking on a cybersecurity career, there are many avenues available today for you to do so such as participating in cybersecurity conferences.
If you are considering being a woman in security in particular, associations such as AiSP Ladies in Cyber Chapter offer an ideal platform for interactions with seasoned professionals, career-switched individuals and even students.
With a clear destination in sight, a plan can be worked out!
5. Anything that you wish to share.
Perception of men being more technical than woman exists. This is not only happening in cybersecurity. The same goes for other industries that are more ‘male dominant’ such as engineering.
While indeed there are differences in strengths and weaknesses between Mars and Venus, they should be looked upon as complementary compositions in a balanced cybersecurity workforce and never a battle between the sexes.
