This interview is part of GovInsider’s inaugural Cybersecurity Champions report featuring public sector cybersecurity officials around the world.
Please give a brief description of your job function as a cybersecurity professional, as well as what your organisation does.
As the Secretary General of the National Cyber Security Agency (NCSA) in Thailand, I am responsible for leading the strategic direction of the country’s cybersecurity initiatives.
My role involves coordinating efforts to secure national critical infrastructure, setting policies that guide both public and private sector cybersecurity activities, and promoting cooperation across all levels of government.
NCSA is dedicated to creating a resilient cybersecurity ecosystem through national preparedness, risk mitigation, and fostering strong international collaborations.
Our mission is to safeguard critical services and data, ensuring the continued safety and growth of Thailand’s digital economy.
What kind of cyber threats does your organisation face on a regular basis?
NCSA routinely handles a wide range of cyber incidents, with the most frequent involving intrusion attempts, online fraud, and misuse of digital content.
In the most recent reporting period, we responded to over 1,300 cases across various sectors, with education, finance, and government services being the most affected.
We’re seeing a sharp rise in both technically driven attacks and socially engineered threats, such as phishing and financial scams. These trends reflect the growing sophistication and scale of cyber threats.
To address them, we focus on proactive monitoring, rapid incident response, and cross-sector collaboration at the national level.
In your view, what are the biggest threats and challenges (be it in the network layer, and/or in areas such as scams, phishing and identity theft) in the public sector cybersecurity scene globally?
Globally, we’re witnessing a significant rise in both technical and human-centric cyber threats.
From Thailand’s experience, intrusion attempts and digital fraud are among the most persistent challenges, particularly in education, finance, and government services.
These incidents often exploit basic security gaps or human error, such as through phishing or social engineering.
Another growing concern is the misuse of information content—ranging from disinformation to data leaks—which can undermine public trust and national stability.
The public sector must address these challenges through greater investment in cyber hygiene, workforce training, and regional cooperation to defend against increasingly coordinated and cross-border attacks.
To subscribe to the GovInsider bulletin, click here.
Many say that we are entering an age of AI-driven cyberwarfare where both hackers and cybersecurity professionals use AI tools for attack and defence. What is your view?
AI will undoubtedly play a pivotal role in both offensive and defensive cyber operations. On one hand, cybercriminals are already using AI to automate attacks, quickly identify vulnerabilities, and scale their efforts.
On the other, cybersecurity professionals can leverage AI to analyse vast amounts of data, detect threats in real-time, and predict potential attacks before they happen.
While AI offers immense potential for improving defenses, it also presents challenges, as adversaries can exploit the same tools.
This necessitates a balanced approach, ensuring that AI is used responsibly to enhance cybersecurity while remaining vigilant against its potential misuse.
Cybersecurity is often described as a team sport whereby a network’s vulnerability is often defined by its weakest link. In this context, how important is having a whole-of-government or whole-of-country cybersecurity posture?
A whole-of-government and whole-of-country cybersecurity approach is essential for addressing today’s multifaceted cyber threats.
The strength of a nation’s defence is only as strong as its weakest link, and when sectors fail to collaborate, vulnerabilities can arise.
It is vital for governments, industries, and regulators to align their strategies and work in concert to safeguard critical infrastructure, share threat intelligence, and ensure a coordinated response to incidents.
By unifying efforts across all sectors, we can create a stronger, more resilient cybersecurity ecosystem capable of responding to the ever-growing range of cyber threats.
An often-repeated point in the cybersecurity sector is what your Plan B is after your network is breached. Can you share your point of view on this aspect?
From a national standpoint, a cyber incident is not just a technical disruption—it’s a test of coordination, leadership, and preparedness.
“Plan B” is not simply about containment and recovery at the system level, but about ensuring that the right governance, communication, and decision-making structures are already in place.
At NCSA, we emphasize incident response frameworks that involve cross-sector coordination, rapid information sharing, and clear public communication. Recovery must include not just restoring operations but reinforcing trust—both within institutions and among citizens.
Post-incident, we focus on systemic improvements, using each breach as a case study to enhance national resilience.
If your organisation gave you an unlimited budget for cyber defence, what would you spend it on?
If resources were no limitation, I would focus on building long-term national cyber resilience—beyond tools and technologies.
This includes strengthening the cybersecurity workforce, investing in early education, supporting local innovation in security solutions, and embedding cybersecurity into every level of digital transformation.
I would also invest in national-level simulation exercises, real-time monitoring infrastructure, and deeper cooperation with international partners.
Most importantly, I would fund sustained public awareness campaigns, because cybersecurity is not only a technical issue—it is a societal one.
Empowering every sector and citizen to play a role is the true foundation of national defense.
What brought you to this profession and what do you love the most in your job and what would you like to improve?
I was drawn to cybersecurity because of its critical importance in today’s world and the opportunity to have a direct impact on protecting national security and public trust.
What I love most about my role is the opportunity to work collaboratively with talented individuals from various sectors, solving complex problems and ensuring the country’s resilience against cyber threats.
One area I would like to improve is the development of a more agile and adaptable cybersecurity workforce that can respond quickly to the ever-evolving threat landscape.
Continuous training and knowledge-sharing are vital in this fast-paced field.
The lack of qualified cybersecurity professionals is a global problem, how do you think this can be overcome?
Solving the cybersecurity talent shortage requires coordinated national effort and sustained investment.
We need to develop a clear pipeline—from foundational education to specialized training—so that young people can see cybersecurity as a viable and rewarding career path. This also includes upskilling the existing workforce through hands-on programs and certification opportunities.
Collaboration between government, academia, and the private sector is key to ensuring training aligns with real-world challenges.
In parallel, we must foster a culture that values cybersecurity awareness across all professions, making it part of our national mindset, not just a technical domain.
If you had a chance to restart your career from scratch, would you still want to be cybersecurity professional and why?
I believe I would, though I didn’t plan for this path from the beginning. Over time, I came to see how important cybersecurity is—not just technically, but in terms of national stability and public confidence.
It’s not an easy field, and there’s always more work than time. But the ability to support others, respond to real challenges, and keep improving how we protect our systems and people makes it worthwhile.
I don’t think any career is perfect, but this one has given me a meaningful sense of responsibility.
