#WorkinginCSA: Keeping Skills Sharp to Respond Effectively to Cyber Incident and Threats

1. Tell us about your cybersecurity journey – what drew you to work in malware analysis, and eventually to join CSA?

It was my interest in the unknown that first drew me to Malware Analysis (MA). I was fascinated with the art of reverse engineering and CSA was a place where I could experience and apply such knowledge on a national level. The purpose of reverse engineering is to understand the functionalities of unknown binaries, often without the help of its source code. To that end, it generally involves disassembling, decompiling or debugging them. Naturally, that led me to join the MA division of NCIRC in CSA, where I was given the opportunity to learn about and understand the many different factors involved in incident response. What continues to sustain my drive are the friendly people and warm culture that makes CSA an enjoyable place to work in. 

2. What is your day-to-day work like? Are there any common misconceptions that people have about cybersecurity investigations and incident response? 

I am a team lead of an incident response team, handling incident management and overseeing operational cases. Unlike what people generally believe, most incident response work does not just take place solely during the investigation phase but also in the pre-investigation phase as well. This means that tasks like communicating with the affected organisations and arranging for the regular maintenance of field equipment are all equally important, and take up the bulk of the time prior to any proper acquisition of computer system images. 

In addition, many of our daily tasks also revolve around incident response training. Both guided and self-training are necessary to keep our skills sharp and effective for when incidents do occur. This is especially important in the field of cybersecurity, where both the technology and our adversaries are constantly evolving and improving. 

3. What has been your most memorable experience in CSA? Any interesting projects you were involved in? 

Funnily enough, the most memorable experiences that I’ve had in CSA were from crunch times, such as incident handling or emergency standby duties during critical periods. It was during those moments that our team grew closer and became more bonded. 

Another interesting experience that I recall is a work trip to the 2018 Cyber Security Challenge UK Masterclass Event held in London. The Cyber Security Challenge Masterclass is the culmination of cyber security competitions held throughout the year in the UK. While it is usually held for UK citizens exclusively, Singapore was invited to be a part of the competition that year. I was selected to help with any necessary administrative duties and to provide any technical feedback, given my background in Computer Science.

It was also through this event that I got the opportunity to engage with the representatives from Singapore, who were mostly brilliant aspiring students from our local cybersecurity scene. Seeing their performance throughout the competition truly humbled me and made me aware that there are still many talented local youths waiting to be discovered in the industry.

4. Any advice for those looking to break into the cybersecurity industry? 

A rudimentary understanding of computer internals – for instance, knowing what and how computer memories work, or what registries are for, etc – will provide proper context for any cybersecurity-related learning materials for aspiring practitioners. 

It is worth mentioning that interest can carry people far in this industry. It is only through the pursuit of interest that cybersecurity practitioners can learn to ask the right questions, and then continue to ask them in the course of their work. This is especially important when the tools and tradecraft of adversaries are always improving. 

5. So you bake in your free time – what’s the best tasting thing you’ve ever made?

Sea-salt double chocolate cookies! It is the best tasting thing by default since I can only make these and nothing else.