#WorkinginCSA: Building Singapore’s Cyber Resilience with Cyber Threat Intelligence

He enjoys board games, as explaining rules sharpens how he simplifies cybersecurity concepts.

1. Tell us more about your team’s work and your role as a Deputy Director in National Cyber Threat Analysis Centre (NCTAC).

Our team works in the field of Cyber Threat Intelligence (CTI). At its core, this means we read and write extensively, and regularly brief others on the latest and most impactful cyber threats. I oversee a team of CTI analysts who distil a sea of information on cyber and digital security developments to produce digestible, actionable “info products” for a wide range of audiences. These info products include a spectrum of reports, publications, and presentations—ranging from quick-turnaround spot reports (SPOTREPs) and information notes to more comprehensive publications such as our half-yearly Cyber Pulse reports. We also conduct tailored briefings for key stakeholders, including Chief Information Security Officers (CISOs) in the private sector.

No two workdays are the same. One day, we might be drafting a time-sensitive report to update Ministers and senior government officials on a newly disclosed software vulnerability and its implications for Singapore. The next day, we could be presenting on the global ransomware landscape to foreign delegates at an international conference. Before the week ends, we might be developing threat scenarios for national level cyber exercises. These exercises rigorously test key stakeholders’ responses to cyber threats, improving their security posture, mitigation strategies, and digital resilience. Each year, we also curate and edit the Singapore Cyber Landscape (SCL) publication, which is highly requested by both our local and foreign counterparts.

2. What inspired you to become interested in Cyber Threat Intelligence and pursue a career in this field?

I have been interested in computers from a young age, which led me to pursue both undergraduate and postgraduate degrees in Computer Science in the United Kingdom. However, the 7/7 London bombings in 2005 stirred a deeper calling to contribute to national security. This prompted a short stint at the Ministry of Home Affairs, followed by a move to an agency under the Prime Minister’s Office that coordinated cross-cutting national security matters, including cybersecurity before the Cyber Security Agency of Singapore (CSA) was formed. After CSA’s establishment in 2015 as the central agency for national cybersecurity, I had the chance to work closely with the National Cyber Threat Assessment Centre (NCTAC). A few years later, I was recommended for a position in NCTAC, marking the start of my professional journey in cybersecurity at CSA.

3. What are some projects you’ve worked on in CSA that you found particularly interesting and/or challenging? What made them interesting, and how did you navigate the challenges?

On a good day, we have a few hours to produce a first report to update Ministers and senior government officials on a concerning cyber or digital security development. This requires a delicate balance between delivering comprehensive analysis swiftly and keeping our reports succinct. Our reporting often extends beyond traditional cyber threats to cover adjacent issues, such as the impact of a widespread tech outage or the severing of subsea cables. As such, our team continually sharpens our written and verbal articulation skills to ensure we deliver clear, concise, and precise updates.

A major project we worked on this year is the Singapore Cyber Landscape (SCL) 2024/2025 publication, released as a special edition to mark CSA’s 10th anniversary. It includes additional features such as interviews with CSA’s founding leaders, a look at how Singapore’s overall cybersecurity posture has evolved over the past decade, and a self-reflection of our forecasts of key cybersecurity trends and emerging issues over the past five SCL editions. This edition also showcases a record number of contributions from private sector partners, including Cloudflare, CrowdStrike, Dragos, Google Threat Intelligence Group, and Recorded Future’s Insikt group. With this wealth of added content, our key challenge was to weave these contributions into a succinct and engaging read that would resonate with both cybersecurity practitioners and the wider public.

4. Tell us something about your job that not many people know about.

Contrary to popular belief, I do not sit in a dimly lit room, wearing a hoodie, surrounded by six monitors of green code…it’s just two screens! Well okay, yes, the hoodie part is sometimes true, but only because the office gets cold. Thankfully we have a CSA corporate hoodie for that. 😊

A fun part of my job is ‘translating’ technical jargon into something more digestible for non-technical audiences – whether it’s 'Open Shortest Path First (OSPF) flapping’ or ‘credentials of insufficient entropy’ (which is really just a fancy way of saying weak passwords). Another fun fact: the way different cybersecurity vendors name threat actors can make it feel like we’re talking about mythical beasts one moment, then insects and science experiments the next. From Velvet Chollima and Qilin (麒麟 / ‘Kirin’) to Scattered Spider and FrostyGoop... yes, these are all real names!

5. Outside of work, do you have any hobbies and interests? How do you unwind from work?

I love to travel and play board games. Exploring new cultures overseas broadens my perspectives and builds empathy – qualities that strengthen connections with international colleagues in today’s globalised world. Interestingly, my passion for board games also hones a key professional skill: clear and concise communication. Explaining complex rules sharpens my ability to articulate ideas effectively, which helps me break down intricate cybersecurity concepts for the layperson. Through these experiences, I aim to educate and empower individuals to better protect themselves online, contributing to a safer and more secure digital environment for all.