This interview is part of GovInsider’s inaugural Cybersecurity Champions report featuring public sector cybersecurity officials around the world.
Please give a brief description of your job function as a cybersecurity professional, as well as what your organisation does.
As Singapore’s national HealthTech agency, Synapxe creates intelligent technological solutions to improve the health of millions of people in Singapore. Within Synapxe, I lead the Proactive Threat Defence team under the Cyber Security Office.
We provide early warning to public healthcare on cyber threats and take proactive measures to strengthen our cybersecurity posture.
This includes strategic threat analysis, examining phishing attacks within the sector, and alerting on potential vectors of attack to support the fine-tuning of defences.
What kind of cyber threats does your organisation face on a regular basis?
Healthcare organisations across the globe are considered soft cyberattack targets due to their high public visibility, significant reliance on technology and data, use of legacy systems, as well as limited resources and focus on patient care.
Singapore’s public healthcare institutions (PHIs) are similarly considered attractive targets for cyber espionage, cybercriminals, and other threats, including advanced phishing techniques, impersonation, ransomware and supply chain vulnerabilities.
In your view, what are the biggest threats and challenges (be it in the network layer, and/or in areas such as scams, phishing and identity theft) in the public sector cybersecurity scene globally?
Supply chain attacks pose a significant threat to the public sector due to the reliance on a diverse range of third-party vendors and cloud service providers.
Attackers exploit the trust relationships between organisations and their vendors, targeting vulnerabilities in these external entities to gain access to networks.
To subscribe to the GovInsider bulletin, click here.
The challenge with maintaining visibility and control over the security practices of all third-party vendors also exacerbates the threat posed by supply chain attacks.
In addition, identity theft has grown significantly with the widespread use of info stealers, Adversary-in-the-Middle (AitM) attacks, as well as quishing (QR code phishing) attacks to trick users into providing their credentials.
Many successful breaches in the last year have been from the misuse of stolen credentials to gain access into victim networks.
Many say that we are entering an age of AI-driven cyberwarfare where both hackers and cybersecurity professionals use AI tools for attack and defence. What is your view?
Cyber warfare has traditionally depended on human-driven attacks, characterised by small but highly technical teams manually crafting malicious code, exploiting vulnerabilities, and conducting reconnaissance.
However, we have entered an era of AI-driven cyber warfare, where AI acts as a force multiplier — both in offence and defence.
Threat actors are increasingly harnessing the power of AI to scale their attacks. In dark web forums, cybercriminals are exchanging knowledge on how to exploit legitimate LLMs like ChatGPT to distribute malicious content.
These attackers are using LLMs to generate highly personalised phishing content with remarkable accuracy using just a few prompts.
Additionally, AI is enabling the automation of vulnerability discovery and exploitation, and it helps simulate human behaviour to bypass authentication or outsmart security systems.
On the defensive front, AI has become essential to any reputable cybersecurity solution.
It plays a crucial role in threat and anomaly detection, enabling real-time identification of anomalies across large volumes of logs and network traffic. Notable blue team experts have also leveraged LLMs to develop plugins, such as DFIR-GPT (by Josh Lemon) and Cybersecurity Guardian.
These plugins, built on top of ChatGPT, are specially targeted to provide blue team members with accurate technical advice in Digital Forensics and Incident Response (DFIR).
An often-repeated point in the cybersecurity sector is what your Plan B is after your network is breached. Can you share your point of view on this aspect?
In public healthcare, while investing heavily in a “defence-in-depth” strategy, we are also highly cognisant of the need to plan for any potential breach of our networks.
To instill confidence in the sector’s ability to safely and effectively continue delivering core services during breach resolution, our plans go beyond technical recovery; it also focuses on resilience and mission continuity as well.
Such a plan needs to encompass all facets of an entity including IT, cyber, business units, corporate communications, operations, management and clinical staff.
It needs to incorporate business continuity plans at every level, for example, in healthcare, from determining what clinicians need to maintain patient care to bringing up backup systems that can continue to support operations.
Furthermore, it is important to include internal and external communication, as well as coordination throughout the entity during the incident. We take our plans seriously and conduct regular exercises with key stakeholders in public healthcare.
If your organisation gave you an unlimited budget for cyber defence, what would you spend it on?
An unlimited budget for cyber defence is unlikely and should not be anticipated.
To build a strong cyber defence programme, it is important to first invest in the right people – those who possess strong technical skills in the cyber domain and a commitment to integrity.
I believe it is important to speak truth to power, highlight blind spots, call out underinvestment in areas with gaps, and raise alarms about issues that put the organisation at risk.
With the right people, we would then be able to allocate our budget wisely to focus on the areas that matter most to the organisation.
What brought you to this profession and what do you love the most in your job and what would you like to improve?
Stuxnet, a sophisticated computer worm discovered in 2010, was when I witnessed for the first time how cyber threats in the digital realm could manifest as tangible real-world impact. This intersection of technology, strategy, and national security was fascinating and alarming.
Since then, the rapid digitalisation of networks across various industries, including initiatives like Smart Nation Singapore, Smart Health, and the extension of remote healthcare monitoring solutions to homes, has spurred innovation while simultaneously heightened risks.
This evolution has led to a growing demand for cybersecurity professionals.
What I love the most about my job is the opportunity to collaborate with the cybersecurity professionals at Synapxe, who bring diverse backgrounds and varied experiences to the table.
The moments when we unite to brainstorm ways to tackle cybersecurity challenges not only inspire me but also reinforce my commitment to our shared mission, even in the face of adversity.
Communication, collaboration and cross-functional sharing between the cybersecurity teams in Synapxe and our stakeholders across public healthcare is crucial to achieving strong cybersecurity.
By enhancing communication and collaboration, we can build the trust that is essential to assure our stakeholders that cybersecurity is an enabler rather than a barrier to business.
Establishing this trust and mutual understanding during peacetime will be invaluable when we encounter different situations at work.
The lack of qualified cybersecurity professionals is a global problem, how do you think this can be overcome?
Cybersecurity plays a crucial role in safeguarding people, businesses, and even nations from cyber threats.
The purpose and mission of defending against these threats, which can disrupt lives, should be communicated more frequently by role models. Their influence can inspire the younger generation to pursue careers in cybersecurity, inspiring them to make a difference in this field.
To expand the cyber talent pipeline, we can start by creating awareness and fostering interest in cybersecurity among children at an early age. Engaging them through diverse modes (computer games, animation, movies, television shows) that depict cyber hacking and network attacks can spark curiosity and entice them to delve deeper into the field.
Implementing school programmes that introduce students to the diverse opportunities within cybersecurity can also be beneficial.
In addition, I have noticed that hands-on experiences can greatly cultivate interest in cybersecurity. Activities such as hackathons, capture-the-flag competitions, and internships offer practical exposure to real-world challenges, significantly enhancing engagement in the cyber domain.
These initiatives not only educate but can also encourage students to explore careers in cybersecurity.
If you had a chance to restart your career from scratch, would you still want to be cybersecurity professional and why?
I would still choose to be a cybersecurity professional because the field is constantly evolving and intellectually stimulating.
Every day brings a new challenge — whether it is new technologies, emerging threats, or evolving attacker techniques.
There will always be new attacker techniques to examine and analyse. Concerns over whether these techniques could be used against public healthcare drive us to assess their impact on the networks and systems we protect.
Moreover, cybersecurity offers diverse opportunities, from blue team roles such as security monitoring, incident response, forensics, threat hunting and intelligence, to red team roles including penetration testing, security validations and red team operations.
With so much to do and learn, there is never a dull moment in cybersecurity.
