Published on 19 Aug 2024
Ng Koh Yew is a Consultant in CSA’s Critical Information Infrastructure (CII) Division, and he is part of the Utilities Cluster, working on strengthening the cyber resilience of Singapore’s Energy Sector. Outside of work, he takes pleasure in crafting the perfect cup of coffee.
1. Can you describe your work as a sector officer for the Energy Sector within the Critical Information Infrastructure (CII) Division, and how your team enhances cyber resilience?
As a sector officer for the Energy Sector, my role focuses on governance, risk management and compliance to strengthen the sector’s cyber resilience. This is achieved through close collaboration with the sector via engagements, exercises and regular discussions.
On top of that, I am also part of the organising team for the Operational Technology Cybersecurity Expert Panel (OTCEP) Forum. I work closely with various stakeholders such as OTCEP members, solution providers and other industry partners to curate relevant content as part of our journey to make Singapore’s OT ecosystem more secure.
2. What inspired you to pursue a career in this field?
My background was not in cybersecurity or IT. In fact, I trained as a mechanical engineer and spent three years running plant operations on Jurong Island. My daily outfit then was a safety helmet, fire-retardant clothing, grease-covered hands. My interest in Operational Technology (OT) stems from this engineering background where I had to handle OT equipment and components for the plant operations to run smoothly.
I was first exposed to cybersecurity at the plant, thanks to the Cybersecurity Act designating the plant as a CII. It was challenging to put plant operations with cybersecurity in the same conversation because of the different focus. This experience got me pondering about how to address these challenges.
When I had the opportunity to join CSA’s CII division, I saw it as an opportunity to bridge the gap between engineering operations and cybersecurity. With my engineering experience, I aim to make a significant contribution to OT cybersecurity.
3. What are some projects you’ve worked on in CSA that you found particularly interesting and/or challenging?
An interesting and challenging project for me was leading the organisation of OTCEP Forum in 2023. This annual conference brings together experts in OT cybersecurity from around the world to share their experiences, best practices, and knowledge with the local OT community.
Preparing for the forum was not easy, as it involved coordinating many moving parts while still managing my daily tasks as a sector officer. I had to coordinate and work with the team members from various divisions in CSA for different work streams. However, thanks to an amazing team, we successfully organised a memorable and impactful event. I – and I dare say many! – learned a lot from conversations with the experts and participants.
I am excited that I am part of the planning team for 2024 OTCEP Forum again. In addition to the different tracks in the Operations, Engineering and Governance domains as well as hands-on workshops, this year’s Forum will feature OT Master Classes for the first time! These classes aim to equip the attendees with fundamental knowledge and know-how for the Industrial Control System (ICS) environment.
4. Have you had a mentor whose guidance helped shape your professional journey in CSA?
I am fortunate to have received guidance from many incredible people. The officers in the CII division are always happy and ready to provide guidance, and their support has been invaluable in deepening my understanding of cybersecurity. They have also significantly enhanced my knowledge on governance, risk management and compliance.
5. Tell us something about your job that not many people know about. What advice would you give to engineers looking to transition into cybersecurity roles?
I don’t think people will associate cybersecurity with safety boots and helmet but I have to put them on them in my visits to plants and ports.
These visits are essential for me to gain a better understanding of the plant processes and equipment – at the end of the day, these essential services are what we are protecting 365 days a year!
For engineers considering a career switch to cybersecurity, do note that your experience as an engineer is valuable. The first step is to learn and equip yourself with cybersecurity skills. The biggest step is to keep an open mind and be ready to embrace the perspective differences between the cyber and engineering fields.
6. Outside of work, do you have any hobbies and interests? How do you unwind from work?
Lately, I’ve taken up the challenge of making espresso at home. After plenty of trial and error, I’ve mastered the art of pulling a decent shot, which certainly demands patience. Making a good cup of coffee has become my latest enjoyable hobby.
Patience is also crucial in my daily work, especially when we try to integrate cybersecurity with plant operations, given their vastly different focuses. Engaging in such collaborations requires a lot of patience and persistence.