#WorkinginCSA: Investigating Cyber Threats Through Digital Forensics

1. Tell us more about your team’s work and your role as a Cybersecurity Engineer.

With my team from National Cyber Incident Response Centre

With my team from Digital Forensic & Incident Response

I specialise in Digital Forensic & Incident Response (DFIR) and my primary responsibility is investigating and containing cyber threats to safeguard Singapore’s critical systems and essential services.

During a cyber incident, I analyse digital artefacts and system telemetry from affected machines to identify signs of compromise. These indicators are instrumental in uncovering the tactics, techniques, and attack vectors employed by threat actors, allowing us to better understand the nature and scope of the intrusion. The insights derived from this analysis directly impact recovery and remediation efforts, ensuring that vulnerabilities are addressed and systems are securely restored to normal operations.

2. What inspired you to become interested in cybersecurity/ pursue a career in this field?

Unlike many of my peers, I did not begin my career with a traditional background in IT, cybersecurity, or computer science. My entry point into the field was through my previous role in Corporate Services, where I had the opportunity to contribute to the development of the Cybersecurity Competency Framework (CSCF) - an initiative aimed to establish a unified training framework for cybersecurity professionals across the Whole-of-Government (WOG).

In the course of this work, I collaborated closely with technical experts from a wide range of cybersecurity domains to ensure that the framework accurately reflected the diversity of roles within the ecosystem. While I initially found some of the technical concepts challenging, the experience sparked a growing curiosity. As I gained greater exposure, I became increasingly fascinated by the depth and breadth of the field, and the critical role it plays in safeguarding systems and society.

This growing passion eventually led me to take a leap of faith and apply for CSA’s Cybersecurity Development Programme (CSDP), where I gained valuable hands-on experience. The transition was not without its challenges, as I spent many evenings after work building my technical foundations, but it was immensely rewarding to see that effort translate into practical skills on the job.

Looking back, I am glad that what began as a policy-focused role gradually evolved into a genuine interest and, ultimately, a career in cybersecurity.

3. What are some projects you’ve worked on in CSA that you found particularly interesting or challenging?

One of the most meaningful experiences I had at CSA was the opportunity to support incident response efforts during Operation Cyber Guardian. Over several months, I was deployed on-site at affected organisations, where I worked closely with teams conducting investigations.

Being part of a multi-agency effort underscored the importance of operating as a cohesive unit. Each team member brought distinct expertise to the table, and our ability to collaborate effectively was critical in enabling us to respond decisively and efficiently to evolving threats.

Cyber incidents often unfold under significant time pressure, particularly when threat actors remain active within compromised environments. This created a highly dynamic operating context, requiring us to rapidly assess situations, adapt our approach, and implement containment measures to minimise further impact. Navigating these challenges demanded both technical agility and clear communication across teams.

The experience was particularly eye-opening in terms of exposure to the sophisticated tactics and methodologies employed by Advanced Persistent Threats (APTs). Witnessing firsthand the potential real-world impact of such attacks on critical infrastructure deepened my appreciation of the stakes involved in cybersecurity work.

Ultimately, this experience not only broadened my technical perspective but also strengthened my ability to collaborate under pressure. It was a defining opportunity that reinforced the significance of our role in protecting essential systems and services.

4. Tell us something about your job that not many people know about.

For instance, during Operation Cyber Guardian, I worked alongside colleagues from multiple agencies, affected organisations, internal teams, and external vendors.

We had to communicate clearly, align quickly, and trust one another’s expertise to respond effectively to evolving situations. What stood out to me was how important teamwork and rapport were in such high-pressure environments.

Despite coming from diverse backgrounds and specialisations, building that sense of trust and camaraderie not only helped us stay focused, but also enabled us to work more cohesively towards our common goals. It’s a reminder that beyond the technical challenges, cybersecurity is ultimately a people-driven field.

How do you unwind from work?

Outside of work, I enjoy pursuing a mix of creative and physical interests that help me recharge and stay balanced.

Music has always been a significant passion of mine. I enjoy exploring different genres and make it a point to attend live concerts whenever my favourite artists are in town. Over time, this interest evolved into DJ-ing, where I experiment with mixing tracks and crafting smooth transitions between songs. It serves as a creative outlet, allowing me to curate sets that flow cohesively and take listeners on a musical journey something I enjoy sharing with friends.