Continuous investment in training and certification will produce professionals, enhance Malaysia’s cyber resilience

With cybersecurity threats growing more complex and transcending borders, Malaysia’s government cannot be expected to handle them alone.

Digital Minister Gobind Singh Deo today called for a collective and responsive approach involving all stakeholders – both within and outside the government – to build a more resilient cyber ecosystem.

“To ensure an effective reaction to such threats, the country requires a dynamic and collaborative cyber ecosystem. This includes the strategic participation of government agencies, industry players, technology providers and professional training institutions. This value chain must be mobilised holistically to build a strong, integrated and forward-looking security framework,” said Gobind at the launch of the Certified Chief Information Security Officer (C-CISO) programme.

He said continuous investment in internationally recognised training and certification would produce a competent line-up of professionals and strengthen national resilience against cyber threats – a key step towards safeguarding Malaysia’s digital sovereignty.

“I urge more ministries, government agencies and sector leaders to take proactive steps in joining the C-CISO Certification Programme.

“This participation is crucial in mainstreaming the role of Chief Information Security Officers (CISOs) in the public sector – as strategic leaders who not only understand technical aspects, but can also shape the cybersecurity direction of their organisations.

“This step will directly strengthen the sector’s role in safeguarding the cybersecurity of the National Critical Information Infrastructure (NCII),” Gobind said.

The C-CISO certification programme covers five key domains that form the foundation of a CISO’s core competencies:

• Governance, risk management and compliance with legal and industry standards;

• Implementation of security controls and systematic, periodic audits;

• Security programme management and day-to-day organisational operations;

• Core technical skills and data protection strategies; and

• Strategic planning, financial and procurement management, and oversight of third-party vendors.

Under the Cyber Security Act 2024, the Chief Information Security Officer will be responsible for ensuring organisational compliance – including the formulation of cybersecurity policies, implementation of effective technical controls, and comprehensive risk and compliance management.

The CISO will also lead the organisation’s preparedness plan to handle cyber incidents in a structured, holistic manner.

Beyond regulatory functions, the CISO plays a key role in fostering a security-conscious culture within the organisation. This includes continuous training and certification of staff, and ensuring systems and technologies comply with established security standards.

The CISO also serves as a strategic liaison between the government, industry, technology providers and the NCII community.

Gobind said the successful implementation of the Cyber Security Act hinges on the credibility of the CISO as a competent leader – one who can respond swiftly to crises and inspire public confidence in the nation’s digital security.

“Ultimately, the implementation of the C-CISO programme not only enables NCII entities to comply with the Cyber Security Act, but also enhances the country’s preparedness in dealing with today’s cyber threats.

“It is a long-term investment in human capital development – one that will help build strategic and dynamic digital leadership, capable of becoming the country’s primary cybersecurity shield,” he added.