#WorkinginCSA: Safeguarding the Cybersecurity of Government e-Services and National Digital Identity (NDI) Systems

A consultant with CSA's Cybersecurity Programme Centre (CSPC), Muhd Iswandi Ismail works with other government agencies to help identify cybersecurity risks, threats and vulnerabilities, and recommends mitigating cybersecurity controls. Iswandi also finds time in his busy schedule to give back to the community and spends his weekends volunteering with Mendaki.

1. What sparked your interest in cybersecurity?

At first, I started reading up on good cyber hygiene practices such as password security and how two-factor authentication (2FA) helps to secure our daily digital activities, such as using banking applications or transacting via government e-services. Then during my university’s career fair, I chanced upon CSA’s booth and ended up applying for a position that synergised with my interests. Fast forward to the present, by coincidence, I now work closely with the same representative who first introduced me to CSA during the career fair.

Personally, the idea of protecting users on the Internet from cyber criminals and building a safe digital environment for communities to engage in resonated with me. As someone who is passionate about giving back to the community, I enjoy the role of helping to protect citizens’ livelihoods and privacy in the digital world. As more parts of our daily life are being carried out digitally, it is imperative that cybersecurity is prioritised to safeguard our digital experience.

A strong cybersecurity ecosystem is thus necessary, and this can be through initiatives that raise awareness of good cyber hygiene practices, which help to model safe, secure, and responsible digital behaviour for citizens. This is also because cybersecurity threats are increasing in sophistication and targeting groups like our elderly population. Apart from being able to help, what intrigues me also is that there are always opportunities to learn new things in this fast-moving field.

2. What is a typical day at work like for you?

I am part of a team in CSPC that provides cybersecurity consultancy services to government agencies like GovTech, and ensures the cybersecurity of Government e-services such as Singpass and Corppass (which enable citizens to transact more conveniently and securely as part of the Singapore Smart Nation initiatives). Our tasks also include working alongside the agencies’ project management team to conduct threat and risk assessments on various National Digital Identity (NDI) systems, advising stakeholders on potential gaps in security posture, and facilitating stakeholders to make risk-informed decisions in their risk acceptance and management.

I am also a member of the CSA ambassador team, where I contribute as a speaker for webinars as part of outreach efforts to help the public understand the importance of good cyber hygiene practices. This is in collaboration with partner agencies such as the IMDA, National Crime Prevention Council (NCPC) and Singapore Police Force (SPF). Earlier this year, I was involved in a CSA webinar on how to stay vigilant against phishing and online scams. This initiative was part of the SG Cyber Safe Seniors Programme to raise awareness on cybersecurity and cybercrime among seniors.

3. How do you keep abreast of cybersecurity trends and ensure your skills are relevant and updated?

During my free time, I regularly take up free online courses to continue building a strong foundation, to keep myself abreast with the technology and to stay as close as possible to the bleeding edge of cybersecurity. I also utilised my NTU alumni course credits to take up bite-sized courses that are relevant to cybersecurity. This gave me the skill set needed to understand current security techniques and effective methods for solving security management problems.

Browsing security-related topics on social media also helps to keep me updated with current cyber news. Not only is social media easy-to-use but its algorithm is personalised so that you always receive up to date posts and convenient and digestible information from cyber professionals and industry experts on Twitter and Facebook.

Staying current with cybersecurity may be a constant task but working in this industry puts me at the cutting edge of technology and keeps pace with the fast-changing economy.

4. What advice do you have for those looking to work in cybersecurity?

First of all, join open communities of cybersecurity practitioners and professionals to keep abreast of the latest cyber trends and news. Engage in conversations and participate in webinars and talks to hear about what they do and face on a daily basis. These efforts will help you embark on your cybersecurity journey.

Secondly, be curious. Being curious in this dynamic field of work helps in staying ahead of the attackers and safeguarding our cyberspace. For example, be curious about how things can and should work. This is as attackers would be equally likely to look to exploit mechanisms in ways outside of their intended purposes, in order to compromise systems and achieve their objectives.

Lastly, be prepared to fail. Try again and fail. Only to try again. It may not be a smooth sailing journey but prepare yourself for a meaningful one!

5. You volunteer with Mendaki’s KelasMateMatika programme. Tell us more about your volunteer experience.

I spend my Saturday mornings volunteering with Mendaki under the KelasMateMatika (KMM) programme. In this programme, I facilitate workshop and activities that promote the learning of basic numeracy concepts through fun and exciting games to Malay children between the ages of 4 to 6 years. These activities help to nurture their confidence levels, communication skills and critical thinking skills, as well as to help them prepare and transit to Primary 1.

The mode of conducting this KMM used to be in-person at various community centres. However due to the pandemic and in compliance with safety measures, Mendaki had introduced the virtual e-KMM so that the programme could continue to be accessible to the community despite the COVID-19 restrictions. I admit I do miss conducting in-person lessons and interacting with the children. With online workshops, I had to learn to use Zoom in an engaging manner, since kids tend to get distracted easily at home, but nonetheless I enjoy giving back to the community with eKMM!