This interview is part of GovInsider’s inaugural Cybersecurity Champions report featuring public sector cybersecurity officials around the world.
Please give a brief description of your job function as a cybersecurity professional, as well as what your organisation does.
The national HealthTech agency, Synapxe, bolsters the local public healthcare sector by providing secure and reliable digital systems. This support empowers healthcare professionals to deliver safe care while ensuring that patients can access services with confidence.
As the Director of Cyber Operations & Technologies at Synapxe, I lead a multi-disciplinary team of over 100 specialists dedicated to safeguarding our public healthcare institutions from cyber threats. We work round the clock to detect, prevent, and respond to potential cyberattacks.
Our team also analyses global trends — examining attackers’ tactics, operational methods, and emerging risks — to ensure we stay one step ahead. We regularly test and enhance our systems to ensure that they remain resilient and ready.
Additionally, we plan strategic investments to keep our defences strong and future-ready.
Beyond my day job, I also serve as President of the ISC2 Singapore Chapter, where I contribute to growing and supporting the wider cybersecurity community in Singapore.
What kind of cyber threats does your organisation face on a regular basis?
The cyber threat landscape is constantly evolving. Globally, we are witnessing an increase in ransomware, advanced persistent threats (APTs), sophisticated phishing scams, and supply chain attacks.
In Singapore, the Cyber Security Agency of Singapore (CSA) consistently identifies ransomware and phishing as top concerns, along with the rising threats to essential services and critical infrastructure.
To subscribe to the GovInsider bulletin, click here.
The healthcare sector is particularly vulnerable. In the United States, the 2024 Change Healthcare ransomware attack disrupted medical services nationwide and affected over 100 million individuals.
Such incidents highlight a growing global trend: healthcare systems are attractive targets due to their sensitive data, complex environments, and the critical nature of their services.
At Synapxe, we proactively address these challenges by closely monitoring global and local threat developments, strengthening our defences, and investing in the right mix of people, processes, and technology to protect Singapore’s public healthcare sector.
This ensures that healthcare professionals can deliver care with confidence and that patients can trust the systems that support them.
In your view, what are the biggest threats and challenges (be it in the network layer, and/or in areas such as scams, phishing and identity theft) in the public sector cybersecurity scene globally?
One of the most significant challenges globally is that public sector systems are high-value targets.
They contain sensitive citizen data, deliver essential services, and often operate within large, complex digital environments, making them attractive to both cybercriminals and state-linked attackers.
At the network layer, attackers seek out weaknesses like unpatched systems or misconfigured infrastructure to infiltrate and navigate through systems undetected.
However, the more pressing and growing threat today lies in the human element — phishing, scams, and identity theft — where attackers circumvent technology altogether and deceive people instead.
A notable example is the 2024 incident involving UK engineering firm Arup, where scammers employed deepfake technology to impersonate the company’s CFO and other executives in a video call.
An employee in the Hong Kong office was misled into transferring US$25 million to fraudulent accounts. This incident underscores the increasing sophistication and danger of scams, particularly with AI-powered tools now accessible to cybercriminals.
In the public sector, where services must remain open and accessible, the challenge is finding the right balance between usability and security.
That’s why strong identity protection, layered defences, awareness training, and proactive monitoring are more important than ever.
Many say that we are entering an age of AI-driven cyberwarfare where both hackers and cybersecurity professionals use AI tools for attack and defence. What is your view?
We truly seem to be entering a high-tech game of chess, with both sides utilising super-powered AI assistants.
Picture your favorite action movie, but instead of spies and lasers, it features hackers
with chatbots and defenders with AI copilots.
In the past, a hacker might spend hours crafting a convincing phishing email. Now, they can simply prompt an AI to generate one instantly — complete with perfect grammar, multiple languages, and even tailored to your LinkedIn profile. It is quite alarming, right?
However, here is the twist: cybersecurity professionals also have AI on their side. While hackers attempt to infiltrate, AI defenders are analysing billions of data points, detecting unusual behaviour, and raising alarms — often before a human even realises something is amiss.
Both sides are equipping themselves with faster, smarter tools, but ultimately, it still comes down to who has the better strategy, the sharper team, and the most vigilance.
So yes, we are in an AI-powered cyber arms race.
But the good guys have powerful allies too — and they are not backing down anytime soon.
Cybersecurity is often described as a team sport whereby a network’s vulnerability is often defined by its weakest link. In this context, how important is having a whole-of-government or
whole-of-country cybersecurity posture?
While it is often said that a system is only as strong as its weakest link, I prefer to focus on the strength that arises from unity.
Cybersecurity is truly a team sport, and when we collaborate effectively, our collective strength can overcome individual weaknesses.
An often-repeated point in the cybersecurity sector is what your Plan B is after your network is breached. Can you share your point of view on this aspect?
I don’t view it as a Plan B; it is Plan A.
In my younger days as Scout, our motto was “Be Prepared” and that mindset has stayed with me. In cybersecurity, it’s not a question of “IF” an incident will occur, but “WHEN”. Thus, preparation is not a backup plan — it is the primary strategy. It is about building resilience and ensuring we can recover quickly.
The role of cybersecurity is to restore business operations, minimise downtime, and
maintain trust. In today’s interconnected world, cyber threats disregard boundaries, targeting individuals, organisations, and nations alike.
Adversaries often collaborate on the dark web, sharing tools and intelligence.
To combat this, we must adopt a whole-of-government and whole-of-country approach, where public agencies, private sectors, professional associations, and individuals work
together, sharing information and resources.
By building a cohesive cybersecurity ecosystem, we enhance our collective resilience, ensuring that our defenses are robust and adaptive against evolving threats.
If your organisation gave you an unlimited budget for cyber defence, what would you spend it on?
Regardless of whether resources are limited or abundant, the fundamental pillars remain the same: people, processes, and technology.
People should always be our top priority. We need to attract talent and provide continuous training to stay ahead of evolving threats. Investing in our team’s development ensures we have the expertise to tackle emerging challenges.
Furthermore, we must remember that security should be an enabler, not a barrier. This means investing in seamless security solutions that enhance user experience rather than impede it.
By integrating intuitive tools and fostering a culture of security awareness, we can protect our systems without compromising usability.
Ultimately, it is about cultivating a secure environment where innovation can flourish and users feel empowered rather than restricted.
What brought you to this profession?
My journey into cybersecurity began in the 1980s during my primary school years, where I developed a fascination with computers and coding.
This passion deepened throughout secondary school and junior college, where I dedicated countless hours to exploring programming and understanding systems operations.
Influences from cyber-themed movies like Hackers (1995) also played a significant role, showcasing the captivating of hacking and digital exploration.
I was also intrigued by the exploits of Kevin Mitnick, the legendary hacker from the late ’80s and early ’90s, who infiltrated major corporations and government networks — not just through code, but also via clever social engineering.
This sparked my curiosity about not only how systems functioned worked, but also how they could be secured.
That curiosity drove me to pursue a Bachelor of Engineering in Electrical and Electronic Engineering, specialising in computing, followed by a Master of Science in Information Assurance in 2006, which, fun fact, was the term used before “cybersecurity” became the more popular label for the field.
My journey has been shaped by curiosity, and I am grateful it has led me to this point.
What do you love the most in your job?
There is so much to love, but if I had to choose, it is the hands-on tinkering and problem-solving that truly energises me.
Whether analysing a cyber incident, testing a new detection method, or figuring
out how to harden our defences, I enjoy rolling up my sleeves and diving into the technicalities.
Even more than that, it is the people I have the privilege to work with. I am fortunate to be surrounded by a passionate and talented team that is mission-driven, collaborative, and fun to work with.
Tackling challenging problems together and knowing that our efforts contribute to the protection of the public healthcare system makes the work all the more meaningful.
The lack of qualified cybersecurity professionals is a global problem, how do you think this can be overcome?
The cybersecurity talent shortage is a pressing global challenge. According to the World Economic Forum’s Global Cybersecurity Outlook 2025, the cyber skills gap increased by 8% in 2024, with two-thirds of organisations experiencing moderate to critical talent shortages.
Moreover, only 14 per cent expressed confidence in capabilities of their current teams.
Additionally, a key challenge is the misconception that cybersecurity is exclusively for individuals with deep technical expertise. In reality, the field encompasses a wide range of roles, including policy development, risk management, and user education.
Promoting diversity is essential; while Singapore has made strides, women still represent less than half of the tech workforce, highlighting significant opportunities to enhance their participation in cybersecurity roles.
To bridge the talent gap, we need to invest in comprehensive training and education programmes. This includes integrating cybersecurity into school curricula, offering scholarships, and providing accessible certification courses.
In Singapore, the Skills Pathway for Cybersecurity. This initiativelaunched by the Singapore Computer Society with 13 founding employers including Synapxe, offers structured training and certifications for aspiring professionals.
This initiative provides clear guidance for individuals entering the field, supported by industry-recognised certifications and opportunities for internships and job interviews.
On a global scale, collaboration among governments, educational institutions, the private sector, and professional associations is crucial to develop a robust pipeline of cybersecurity talent.
By demystifying the field and providing clear pathways for entry and advancement, we can attract a diverse range of individuals to this vital profession.
If you had a chance to restart your career from scratch, would you still want to be cybersecurity professional and why?
110% yes! Getting paid to do something I love, why not? Also, I get to say things like “I work in cyber” at parties, which sounds cool – even if no one truly understands what it entails.
On a serious note, it is incredibly rewarding to protect critical systems and help others navigate the digital world safely. Plus, there is always something new to learn which keeps the job exciting.
