This interview is part of GovInsider’s inaugural Cybersecurity Champions report featuring public sector cybersecurity officials around the world.
Please give a brief description of your job function as a cybersecurity professional, as well as what your organisation does.
Synapxe is Singapore’s national HealthTech agency inspiring tomorrow’s health. As the Cyber Risk Management and Services Lead, I provide Chief Information Security Officer (CISO) services to public healthcare entities.
My role involves developing and implementing strategic programmes aimed at enhancing cyber resilience, strengthening cybersecurity governance and importantly, promoting cybersecurity awareness among staff and stakeholders.
I also lead a team of Technology Information Security Officers (TISOs) to manage cyber risks for public healthcare ICT systems, ensuring compliance with Security-by-Design principles.
I also oversee efforts to proactively identify and address security vulnerabilities within our public healthcare technology ecosystem.
What kind of cyber threats does your organisation face on a regular basis?
We face and address various cyber threats prevalent in the healthcare sector, including
ransomware, phishing, scams, advanced persistent threats (APTs), distributed denial-of-service (DDoS) attacks, and supply chain vulnerabilities.
Our comprehensive security strategy incorporates multiple layers of defence to mitigate these persistent risks, ensuring a resilient HealthTech environment for Singapore.
In your view, what are the biggest threats and challenges (be it in the network layer, and/or in areas such as scams, phishing and identity theft) in the public sector cybersecurity scene globally?
Globally, public sector cybersecurity is facing significant challenges, such as state-sponsored attacks and ransomware targeting critical infrastructure. These threats are further complicated by the presence of legacy systems.
To subscribe to the GovInsider bulletin, click here.
Supply chain attacks and human-layered threats, including sophisticated, AI-driven phishing scams targeting citizen data, are also a concern. Other key challenges include budget limitations, skills shortage and insufficient employee awareness.
To effectively address these multifaceted issues, it is crucial to implement coordinated, well-funded and proactive strategies to strengthen public sector resilience worldwide.
Many say that we are entering an age of AI-driven cyberwarfare where both hackers and cybersecurity professionals use AI tools for attack and defence. What is your view?
We are entering an era of AI-driven cyberwarfare, where attackers utilise AI for automated reconnaissance and sophisticated attacks, such as phishing and polymorphic malware, which can overwhelm traditional defences with speed and scale.
On the defensive front, AI provides powerful advantages by analysing vast datasets in real-time for anomaly and threat detection, automating intelligence, enhancing vulnerability management, and implementing adaptive controls.
The future of cybersecurity will be shaped by this AI arms race, making developing and deploying advanced AI tools crucial for both offence and defence.
Cybersecurity is often described as a team sport whereby a network’s vulnerability is often defined by its weakest link. In this context, how important is having a whole-of-government or whole-of-country cybersecurity posture?
Fragmented national cybersecurity efforts create exploitable vulnerabilities. Adopting a unified, whole-of-nation approach facilitates the development of a cohesive, layered defence by leveraging shared intelligence, disseminating best practices, and coordinating responses.
This approach is crucial in reducing weak links and strengthening the entire digital ecosystem. It also promotes widespread cybersecurity awareness and responsibility, reducing weak links while enhancing overall digital resilience.
An often-repeated point in the cybersecurity sector is what your Plan B is after your network is breached. Can you share your point of view on this aspect?
In today’s cybersecurity landscape, while prevention is crucial, it may not always hold up against sophisticated threats, making a comprehensive “Plan B” essential.
This proactive strategy would encompass a well-tested incident response plan, robust backup and recovery systems, network segmentation, and data loss prevention measures.
Additionally, business continuity and disaster recovery plans are essential for operational resilience beyond IT, alongside effective clear communication and post-incident analysis.
All in all, investing in resilience is key to achieving long-term security and business continuity.
If your organisation gave you an unlimited budget for cyber defence, what would you spend it on?
Regardless of budget, my priority would be to establish a proactive and intelligent security ecosystem that enhances threat intelligence through AI and expert insights.
I would revamp the infrastructure by implementing zero-trust principles, advanced tools, as well as Security Orchestration, Automation, and Response (SOAR) systems. At the same time, it is also essential to invest in top talent and integrate security through DevSecOps.
Beyond prevention, I would focus on building resilience by implementing immutable backups, expanding the scope of the Disaster Recovery Plan, and ensuring redundancy.
A proactive security awareness programme, coupled with strategic research partnerships, are also essential for fostering a dynamic and adaptive defence that ensures long-term security and operational integrity.
What brought you to this profession and what do you love the most in your job and what would you like to improve?
My journey into cybersecurity was profoundly shaped by my former boss 12 years ago, who inspired me to pursue this field and led me to discover its potential for making a meaningful impact in protecting critical systems and data.
What I love most about my job is the deep sense of purpose that comes from safeguarding organisations and individuals against cyber threats. This work is not just a job, but a mission to contribute to a safer digital environment. It is incredibly rewarding to know that my efforts help prevent breaches, protect sensitive information, and foster trust in technology.
Looking ahead, I hope to see a greater emphasis on how security can actively contribute to business goals and innovation, evolving beyond its traditional role as a purely preventative function to becoming a business enabler.
The lack of qualified cybersecurity professionals is a global problem, how do you think this can be overcome?
The global shortage of qualified cybersecurity professionals presents a significant challenge demanding multifaceted solutions.
First, investing in education and training programmes across various levels, from schools to vocational centres, is crucial for developing a robust talent pipeline. Upskilling existing IT professionals can also help bridge the immediate skills gap.
Additionally, public-private partnerships are vital for creating innovative training and certification programmes, while incentives like scholarships can attract more students to the field.
Addressing this shortage also requires promoting diversity and inclusion to engage
underrepresented groups, while leveraging automation and AI for routine tasks can free up existing professionals to tackle more complex challenges.
Finally, raising public awareness about cybersecurity careers and providing early exposure in schools can inspire future professionals.
