Meet Matthias Lum, a systems engineer with the Singapore Computer Emergency Response Team (SingCERT), as he shares more about joining CSA’s Cybersecurity Development Programme (CSDP) and his current role in facilitating the detection, resolution, and prevention of cybersecurity incidents in Singapore
1. What sparked your interest in cybersecurity, and why did you join CSA’s Cybersecurity Development Programme (CSDP)?
I chose to join the CSDP as I was drawn to the programme’s format of continuous learning, both academically and while on the job. I also liked the idea of embarking on this journey with a group of peers who would eventually become my colleagues. In hindsight, that aspect of the programme has been very useful in helping me assimilate well into the agency and through my interactions with my peers, I have been able to gain a better understanding of the roles played by the different departments in CSA.
There is rarely a dull moment for me in SingCERT, as incidents come in various shapes and forms. Moreover, as part of our work, we often interact with members of the public and we have first-hand information on trending cyber threats and attacks that may be affecting the community. The work we do at SingCERT contributes to helping individuals and businesses as we are looking out for threats and vulnerabilities, alerting them to these, and providing guidance for incident response and recovery.
Among the myriad of experiences, my most memorable was an ASEAN CERTs tabletop exercise in 2021 where participants from different national CERTs shared their responses to various scenarios, such as simulated incidents or the handling of vulnerabilities. The exercise provided the platform for CERTs to share their experiences, best practices and lessons learned, and also allowed me to get to know my counterparts in other national CERTs. That was definitely a memorable and eye-opening experience for me.
4. What advice do you have for those with non-STEM or non-cybersecurity backgrounds but are interested in this industry?
For a start, having lots of passion for cybersecurity helps!
If you are interested in the “techie” stuff, there’s a multitude of courses available online (many of them are free! 😊) that you can explore to see if there are any particular aspects that you want to deep dive further into, such as digital forensics or penetration testing.
If you currently have a non-STEM (Science, Technology, Engineering) or non-cybersecurity background, or are less technically inclined, fret not! Cybersecurity is a multi-disciplinary and all-encompassing field. The knowledge from both STEM and non-STEM domains can have many applications in cybersecurity. In CSA alone, we have divisions working on developing a vibrant cyber ecosystem, enabling a safer cyberspace, and enhancing international cyber cooperation, among others. Many of these roles require engagement with the industry, formulating and implementing policies, and establishing partnerships as we chart our path towards a more cyber resilient nation. You might just find your non-STEM background to be invaluable to one of these roles.
5. How do you unwind from work?
Being in nature helps me relax. Sometimes, I dry-press flowers that I find on hikes to preserve them. I also like to create mini terrariums using recycled glass cups and bottles.
Recently I picked up a hobby of creating cute animal images using HTML, CSS, and SVG. This has also been helpful in brushing up my knowledge on front end development languages. Recently, I designed this amateurish image that can be seen at this link. SVG shapes and images are expressed in mathematical calculations, and it has given me an interesting perspective about art and math.