#WorkinginCSA: Securing Singapore’s Mobile Ecosystem for a Safer Digital Future

Published on 28 Nov 2024

Kang Sing is a Consultant in CSA’s Cybersecurity Programme Centre (CSPC) and is part of the mobile security team. She plays a key role in testing and evaluating solutions to improve the cybersecurity ecosystem in Singapore. Outside of work, she enjoys researching and caring for her plants and eagerly anticipates the day they bloom. 

1. Tell us more about your team’s work and your role as a Consultant in the Cybersecurity Programme Centre (CSPC). 

As part of the mobile team in the Cybersecurity Programme Centre (CSPC), my primary focus is on mobile security and conducting risk assessment to strengthen Singapore’s cybersecurity ecosystem. One of the team’s key initiatives is the release of CSA’s first recommended security app list, which provides the public with guidance on the security apps that best meet their needs. The list will be updated to keep pace with the ever-evolving threat landscape, alongside continuous efforts to explore new ways to secure the mobile ecosystem and protect users’ devices from emerging threats.  

Beyond evaluating solutions to protect the mobile cyberspace, my role also involves conducting threat risk assessments to safeguard government systems. This includes collaborating closely with stakeholders to identify design vulnerabilities, recommending mitigations, and ensuring security is integrated into system development from the start.

A typical day in office includes working with various stakeholders to resolve issues, while also staying ahead of scammers by researching the latest mobile threats.

2. What inspired you to pursue a career in this field? 

With a background in engineering and infocom security, I have always been my passionate about finding ways to protect people from becoming victims of cyberattacks. Joining CSPC has given me the opportunity to guide organisations and individuals in better securing their systems and devices against malicious actors. Many victims are vulnerable individuals who lack the necessary tools and knowledge to defend themselves from cyber threats. Through my work at CSPC, I strive to bridge this gap by educating and raising awareness of protective measures and tools that individuals can adopt to better safeguard themselves.

3. What are some projects you’ve worked on in CSA that you found particularly interesting and/or challenging?

One of my team’s recent initiatives was to publish a list of recommended security apps aimed at helping individuals protect themselves from mobile scams. This task posed significant challenges, as we had to thoroughly assess the current mobile threat landscape, identify the Modus Operandi (MO) used by threat actors, and develop a testing methodology that ensured a fair and comprehensive evaluation of the security apps. During the testing process, we collaborated with multiple security vendors to gain insights into how their apps are designed to detect specific threats. We also worked closely with these vendors, offering feedback and recommendations to improve their apps’ ability to detect the latest mobile malware. Ultimately, this initiative enhances overall mobile security and fosters a safer digital environment for all users.

4. Have you had a mentor whose guidance helped shape your professional journey in CSA? 

During my time at CSA, I was fortunate to be mentored by a senior colleague with extensive expertise in cybersecurity, whose guidance played a significant role in shaping my professional growth. Their insight into areas like threat risk assessments and secure system design were invaluable, they had a remarkable ability to simplify complex concepts while sharing practical advice.

One piece of advice that particularly resonated with me was, “Security isn’t about saying no; it’s about finding the safest way to say yes.” This mindset has stayed with me, reminding me to balance security with usability while effectively managing risks. Their encouragement and feedback have been instrumental in helping me navigate challenges and continually improve in my role.

5. Tell us something about your job that not many people know about.

One aspect of my job that often surprises people is the level of creativity involved. Cybersecurity isn’t just about blocking attacks or adhering to strict protocols—it’s about staying one step ahead of threat actors who are constantly finding new ways to bypass defences. It’s like a game of chess, where you need to think several moves ahead.

Another interesting part of my role is testing and analysing antivirus apps, which involves evaluating tools that many people use daily. Friends and family often think my work is all about sitting behind a computer coding, but it’s actually a mix of problem-solving, collaboration, and even a bit of detective work!

6. Outside of work, do you have any hobbies and interests? How do you unwind from work?

Outside of work, I enjoy activities that help me unwind and recharge, such as caring for my plants. Tending to them is therapeutic and teaches me patience and attention to detail - skills that often carry over into my professional life.

I also love exploring new places and diving into a good book—both of which help me reset and step away from my daily work. These hobbies not only keep me balanced but also boost my focus and creativity when tackling challenges in cybersecurity.