When the COVID-19 outbreak struck in 2020 and spread across the globe, it caused wide and profound disruptions to our lives. Almost overnight, everything pivoted to the digital space. From studying, working, ordering food, shopping, Netflixing and even doing yoga, these were all made possible online thanks to the advent of digital technologies.
Navigating the cyber world became the new way of life and most of us now enjoy the convenience of accessing products and services at our fingertips, from wherever we are. Given the pervasive role of technology in our lives, how safe are we from the other invisible “virus” that is just as lethal as the coronavirus? How do we protect ourselves from cyber attacks? What should we do to embrace the digital trends of the future?
To find out more, I asked SMU Master of Laws alumnus Teo Xiang Zheng (LLM CL 2015), a passionate cyber strategist now working as the Head of Advisory at Ensign InfoSecurity.
Atricia: The digital platform is a huge space, encompassing many spheres. You handle multiple fields within the digital world, but particularly specialising in cybersecurity. Before we go on to learn more about your experiences, what does digital transformation mean to you?
Xiang Zheng: Opportunity. I see the wave of digitalisation as an opportunity to digitise the physical world, through technologies such as the Internet of Things (IoT) and Cloud. With IoT, we see the prospects of two effects, the sensors and actuators, which are the drivers of efficiency and automation in our environment, providing access to data through the creation of the digital twin which allows for simulations and predictive models.
If you have not noticed, there is a tangible shift in the way businesses operate—from manual and physical platforms, into one that leverages technology. The wave of “uberization” has reduced the friction in all touchpoints and brought about more efficiency and productivity. This was most prominently observed during the COVID-19 pandemic which we are still living in. The pandemic management measures accelerated the need and move to adopt digital services. Despite the long running smart nation drive (another coined term for digitalisation), the “mom-and-pop” stores had resisted the move towards electronic payment methods, the use of digital services for point of sales, and supply and logistics management. As a result of the uncertainty which was brought about by the pandemic, they were forced to become more digital savvy when payments and deliveries moved towards digitisation.
Atricia: In layman’s term, how would you describe “Cybersecurity”?
Xiang Zheng: Cybersecurity is analogous to physical security which everyone is more familiar with.
‘Cyber’ is the digital domain, which operates on the basis of hardware and software, allowing one access into the World Wide Web through the Internet. Protecting your data requires the effort to build multiple layers of defences—such as looking into protection for your hardware (laptops etc), and your software (respective apps and tools). The last step is on securing your data and the exchanges in cyberspace.
There are 3 main principles to adhere to for your data protection. These are: Confidentiality, Integrity and Availability. You should always take appropriate measures to prevent breaches, and take the time to understand one’s risk appetite before giving away and maintaining data.
As for ‘security’, it is no different from the sense of safety which its root word denotes. Think of it as something like hiring a security guard to protect your office, while having doors and locks to secure the contents of the office.
The protection aspect is usually the most challenging, especially for the older generation who weren’t brought up in the digital era. The cyber domain in and of itself exists beyond the physical. The concept of data and applications are abstract constructs which cannot be always related in the physical form. Hence, there is a need to understand how individuals address cybersecurity, and educate them about data protection.
Atricia: You majored in Commercial Law in SMU back in 2013 for your postgraduate studies. Thereafter, you went to study Cybersecurity (Managing Risk in the Information Age) at Harvard University. What prompted you to move from Commercial Law, into the digital space?
Xiang Zheng: There are a few reasons.
My first degree was in computer engineering, and my first job was a consultant in the technology field. Back then, the initial concepts and understanding of cybersecurity that we know today were called Information Security. Thereafter it evolved into IT security, and now cybersecurity. There, I deliberately invested in the range of competencies through the different projects I was involved in, going into digital forensics and participating in numerous cybersecurity and fraud investigations. I was into my 5th year of work when it dawned on me that I was liaising with many legal counsels, lawyers, law enforcement and the judicial system. I struggled to understand the full context of what the legal professionals were concerned about, which did not make sense to the engineering-focused me then. I sought to challenge myself to bridge my understanding gap by exploring the feasibility to study Commercial Law in SMU. I was awarded the SMU School of Law scholarship whilst doing so. Throughout that process, it gave me a greater appreciation of how the Law, society and security interact, which in turn, grew my interest in public policy, i.e., building better lives for people in a secure cyber space. I have since been participating in many public policy programmes and initiatives, with the most recent being an Industry Partner Representative at the Geneva Dialogue for Responsible Behaviour in Cyber Space.
I am also a firm believer in continuous learning. It is too easy to feel safe, complacent and content with what one is doing at a given time, if there are no significant challenges and life seems manageable. I believe in driving myself towards progress and personal development. I realised that the fear of failure holds people back to achieving excellence, and I often challenge the people around me to embrace the mindset of becoming comfortable with being uncomfortable.
Atricia: You began your foray into cybersecurity before joining Ensign InfoSecurity. In your opinion, how has the perception on digital landscape shifted from then to now?
Xiang Zheng: There is a shift in the pace of changes. Currently, change is happening rapidly with many forms of emerging technologies and likewise, we too must adapt rapidly. People are becoming more aware of the world around them, driven by their increasing access to data. In the past, like simple daily things, ways of communication were mostly done through physical newspapers or snail mails. Now, there is a direct shift to digital papers, and emails. Technologies continue to be developed to accelerate communications over long distances, bringing the world closer together.
Time waits for no man; I firmly believe that we need to push our younger generation to be ready to face the new and emerging challenges in order to keep up with societal demands. The young today need to become more committed and comfortable in making decisions. They have to learn to embrace failures so that they can quickly learn from them and innovate on new approaches to do things in better ways. There needs to be a deliberate discipline to move away from “decision paralysis” by being hopeful, and make a fully informed decision through extensive information collection. Decisions today are made without enough information; and such is the reality of modern living, despite the accessibility to more sources of information at hand.
Atricia: Acceleration and awareness- we can all resonate with that, for example when we consume information on our ubiquitous mobile phones. Back to your role as Head of Advisory at Ensign InfoSecurity, what is a typical workday like for you? Were there any particular moments in your life that made you proud of what you’re doing and contributing to the field of cybersecurity?
Xiang Zheng: My day is usually filled with action. A portion of my day is allocated to clients to engage, understand and advise on their cyber problems, while other aspects of my day would include working with various teams to ensure quality of delivery, and guidance on the project challenges we face. Internally, I work with the respective leads to strategise and innovate on new service offerings. This includes sharing consulting perspectives in industry groups, and building frameworks as intellectual property to support client deliveries.
In addition, apart from speaking at industry forums such as the Association of Information Security Professionals and the Singapore Computer Society, I am also an industry partner representative at the Geneva Dialogue for Responsible Behaviours in Cyber Space. It fills me with pride in representing Singapore, flying the Singapore flag high by sharing the industry knowledge and experience, and knowing that I played a part, and contributed at an international platform.
With that said, no matter what role it is, I take pride in all my work, and in delivering quality outcomes for the stakeholders I work with.
Atricia: With the digital landscape being a complicated one, have you faced any roadblocks or setbacks? How did you overcome them?
Xiang Zheng: I suppose the greatest roadblock I faced was in the earlier stages of my career. Being new to the industry, it was a challenge to identify the issues and address them without prior knowledge or experience. It gets easier with time, but this industry is one that is constantly moving, and there is always something new to explore. Therefore, we need to put ourselves out there, and consistently learn to address any challenges that may arise.
Atricia: Recently, there were numerous reports of data breaches and cyber attacks. What can we do to protect our information and prevent data leakages?
Xiang Zheng: There are many steps that organisations can take to defend themselves, such as taking note of cyber hygiene and applying software patches on a timely basis. It is also important for organisations to educate their employees on the meaning of cybersecurity. Some frameworks for organisations to adopt are: Identify, Protect, Detect, Respond, Recover. These help to profile the organisations’ capability to identify risk and threats, take measures to protect themselves when incidents happen, and thereafter, respond and recover. The guidelines ensure that each organisation has ample opportunities to establish the defence lines.
Individuals should begin using complex passwords, and where possible, take advantage of password wallets and multi-factor authentication (MFA). Users should protect the passwords and multi-factor passphrases as though they are the keys to their homes. Adopting MFA is likened to having two doors with different keys and potentially even having a security guard watching. Now isn’t that more secure?
Individuals should also be vigilant in monitoring the use of their mobile contact numbers and emails to watch out for phishing content aimed at obtaining sensitive information which can be used to access their bank information and other personal information to commit financial crimes.
Atricia: Apart from your role, you are also a member of the Alumni Advisory Council, and an Alumni Mentor. What keeps you motivated to share your experiences with your juniors?
Xiang Zheng: It could be because of my nature as a curious learner, but throughout my life as a Boy Scout from primary school to my junior college days, I have found that through helping others, I was building up my character to be a servant leader and to be a person for others. Through these experiences of taking care of the junior members, sharing my experience and knowledge, and at the same time encountering the different problems they brought to me for advice, I was amassing knowledge and gaining the know-hows of navigating challenges for myself– these are life skills that cannot be bought.
As for my motivation towards mentoring, perhaps it could be because I know the struggles of finding a mentor. I had challenges finding a mentor in my younger years, so now I hope to use my collected experience and knowledge to help others.
I often question how I should give guidance to my mentees as there is no fixed template on pursuing success, especially in the modern day where the possibilities are limitless. I see coaching and mentoring performing two very different roles. Coaches drill and provide steps, but mentoring is different. A mentor is not there to provide a standard pathway, but in fact, to expose mentees to the different outcomes to make informed decisions. Fortunately, I have been able to help my mentees consider the different opportunities beyond their preconceived pathways.
Atricia: And here at OAR, we can’t thank you enough for offering your time and sharing your experiences with our mentees. On that note, how should alumni embrace the digital trends that are upon us?
Xiang Zheng: I can’t stress this enough. One should always be aware of the happenings around you. First and foremost, do invest in taking the time to follow trends and taking note of reputable sources. There are many opportunities out there to analyse digital trends, news agencies, interest blogs and journals that are tech-oriented. Once you are more familiar and comfortable with technology, then you can begin to choose your methods of engagement and retention. This can be reinforced by interest and practical use.
Be aware of your objectives and choose the right methods of participation—matching your interests and objectives and applying it to the right platform (i.e., engaging robo-advisors for growing your personal wealth). Also, do learn how to filter noise and fake news with information verification techniques.
Take your time. Slowly, but surely!
Atricia: Thank you for your advice. One last question before we wrap up, what does the future of cyber security look like?
Xiang Zheng: The significance of the digital space will definitely grow into becoming common place such that the hype becomes diminished—business as usual. There are many emerging pathways and solutions that industries are looking into, such as automation to elevate talent shortage issues.
The challenge to employers and employee candidates would be to broaden the mindset of stereotyping job roles—cyber needs can only be accomplished by cyber professionals. In fact, for transformation to take place, it encompasses many other disciplines such as behavioural sciences. Ultimately, there needs to be a shift in the mindset, and active encouragement of individuals to embrace cyber use and be better equipped to be more cyber safe. After all, it is people who make the technology, and people who use the technology. One result of this is having automation in place to replace repetitive tasks so that people can be freed to focus on more value-added outcomes.
Further into the future, I’m sure we can look towards quantum computing, which would lead to a paradigm shift in how we view computing today. Think of the potential that presents. While it is still a work in progress, I look forward to what the future will hold and what the young will bring to bear.
Connect with Xiang Zheng at: https://sg.linkedin.com/in/xiangzhengteo
