#WorkinginCSA: Helping Enterprises and “Towkays” to Up Their Cybersecurity Game

08 Mar 2021

The cybersecurity industry is often thought of as a purely technical field, but in reality, it requires individuals from both technical and non-technical disciplines. Find out how Assistant Director of CSA’s newly-formed Safer Cyberspace Division, Grace Dong, plays her part in helping enterprises better protect themselves in the digital domain, despite not having a technical background.

1. What sparked your interest in cybersecurity? 
Cybersecurity is a really new discipline, and it didn’t exist as an option when I was in school (yes, I am somewhat ancient!). However, what sparked my interest in the subject was the realisation that as digitalisation becomes the way of life or of business for many (versus one of the ways), its security becomes ever so important. Working in CSA allows me to be part of this greater mission to keep Singapore cyber safe - safeguarding our digital economy and digital way of life. Security exists to protect all these things that are dear to us, and is hardly done for its sake. Cyberspace is the next frontier that we must defend to achieve this. 

2. What makes you excited about coming to work?
My team at the Safer Cyberspace Division is preparing to launch and implement the SG Cyber Safe programme in the later part of 2021. As someone who has incubated and developed the programme concept and broad initiatives, it is extremely exciting to see that we are one step closer to helping enterprises here in Singapore to become cyber safe. While the enterprise cybersecurity policy/programme space is relatively greenfield (or new in layman’s parlance), it is an exciting space to be in with a lot of possibilities to make a difference! 

3. What is a typical day at work like for you?
Following the incubation of the broad concept and plans for the SG Cyber Safe programme, we are now embarking on industry consultations to further iterate and fine-tune these ideas. We believe that this participatory process will result in initiatives that better serve the needs of our Singapore enterprises and “towkays”. My day-to-day work includes being on several virtual calls with various stakeholders, from industry or otherwise, alongside my boss to consult them on our ideas. At the same time, I also develop proposals for various initiatives such as the employee toolkit that we will be rolling out towards the end of 2021. This entails tons of research and analysis, which I enjoy immensely! 

4. Tell us something interesting about your job that not many people know about.
Cybersecurity can come across as a very technical field, but it is actually a lot more diverse than you think – especially at CSA! It isn’t quite possible to assume that one single technical archetype can cover the whole spectrum of complex issues that is cybersecurity. 

For the work for the SG Cyber Safe Programme, we have a diverse mix of officers from technical and non-technical disciplines. As a liberal arts graduate, what I bring to the table is the ability to engage with stakeholders (especially everyday towkays) and to translate the sometimes very “chim” (or difficult) cybersecurity principles for them. This is central to the programme because we need to convince stakeholders to come on board their cybersecurity journey; simply using tech speak won’t quite help the cause – if people “catch no ball” (or do not understand). We need to have to go in with a business case for cybersecurity and to speak English (versus tech speak) while doing so. 

5. What are 3 qualities that are important for someone in your role to have?
Three key qualities/abilities stand out in particular for me:  

1. Be able to connect the dots between key tech-related trends and our SG Cyber Safe policy/programme work 
Cybersecurity is very much tied to technology and its trends. In order to better support local enterprises and to develop relevant initiatives, our work requires us to study the implications of existing and emerging tech-related trends on enterprises. One such example is the inclusion of guidance regarding Bring Your Own Device (BYOD) and Work From Home (WFH) into our toolkits, which have seen heightened importance during the COVID-19 pandemic. 

2. Take charge of your learning 
Cybersecurity is a rapidly evolving field and our work will require you to keep pace with these trends. No matter where you are on the cybersecurity spectrum, there is always more to learn as new cybersecurity issues/trends emerge. As a liberal arts graduate, I have made it a point to keep up to date and to upskill my cybersecurity knowledge via on-the-job training and getting cybersecurity certifications. There are many FOC (Free of Charge) online cybersecurity courses, such as Coursera that I am taking to increase my knowledge. 

3. Collaborate across the organisation, government and industry
Supporting our Singapore enterprises is a “Whole-of-Nation” effort that requires us to partner enterprises, government agencies and other stakeholders to develop better initiatives/solutions together. The SG Cyber Safe Programme itself is a collaborative effort between many CSA divisions and government agencies, such as Infocomm Media Development Authority (IMDA), Smart Nation and Digital Government Group (SNDGG), Civil Service College (CSC) etc. We will be partnering industry via consultations to further sharpen our future plans.