Strengthening our cyber defences

Cyber security = job security for Singapore grads

From Singapore to Moscow, such is the demand for professionals in this sector that the sky's the limit

From left: Mr Ang Yihan, 25, Mr Winwin Lim, 26, Mr Ian Yeo, 28, Mr Kelvin Tan, 28, and Mr Lee Wei Yan, 27, at the Kaspersky Lab headquarters in Moscow. The fresh graduates were in Russia for a one-year IT security attachment and training programme.
From left: Mr Ang Yihan, 25, Mr Winwin Lim, 26, Mr Ian Yeo, 28, Mr Kelvin Tan, 28, and Mr Lee Wei Yan, 27, at the Kaspersky Lab headquarters in Moscow. The fresh graduates were in Russia for a one-year IT security attachment and training programme. PHOTO: KASPERSKY LAB

When Mr Winwin Lim decided to study computer science at university, he had expected to take the well-trodden path of becoming a computer programmer, writing code in an office in Singapore.

But upon his graduation, a leap of faith saw him pack his bags and move 8,000km to Moscow last year to work at the global headquarters of software security company Kaspersky Lab.

The 26-year-old and four other local fresh graduates had signed up for a one-year attachment in the Russian capital, in a programme offered by the Economic Development Board and Kaspersky Lab.

While his friends worked on phone-based malware and documented new strains of computer viruses, Mr Lim's task was to search for threats that come through the Web browser.

As a junior malware analyst, his daily task was to take apart close to 100 suspicious webpages that had been flagged for closer inspection by Kaspersky's software.

Many of these pages were booby-trapped and had their malicious code hidden to appear safe for browsing.

"The most common ones targeted the vulnerabilities of an operating system to allow hackers to install malware on the surfer's computer," he says.

"Most of the time, you won't be aware that your computer has been targeted, as the malware is triggered automatically."

Mr Lim quickly realised that there would be much on-the-job learning. His role required him to reverse-engineer software to analyse it and draw conclusions, something that had not been taught in school.

"It's like trying to figure out the ingredients and write the complete recipe by looking at a cake," he says. "You need to be detail-oriented, methodical and enjoy problem-solving."

Mr Lim says the year-long experience, which ended last month, opened his eyes to the breadth of opportunities available in cyber security, which has convinced him to stay in the industry.

"If I never left Singapore, I probably would have stuck with normal computer programming and wouldn't have stepped into cyber security and found my interest," he says.


Rising demand for cyber security professionals, coupled with the Government's drive to support the sector's growth, means that more new graduates like Mr Lim will become aware of the opportunities available at home, and can expect good career prospects.

The global cyber security market, worth US$63 billion in 2011, is expected to double to over US$120 billion (S$167 billion) next year.

The sector is growing at a faster clip in the Asia-Pacific, and is expected to reach US$26 billion next year.

Employers tell The Sunday Times they are feeling the shortfall of information technology security professionals acutely.

Information and communications technology graduates in recent years, especially those entering the cyber security field, generally get a starting salary that is 10 to 15 per cent higher than their peers from other faculties, says Mr Vincent Goh, vice-president of sales for Asia-Pacific and Japan with IT security firm CyberArk.

"It's the law of supply and demand at work.

"There are not enough people to fill the jobs that have been created in the security space, especially in the last few years."

This "light-speed" growth is the natural result of the rise in volume, complexity and speed of threats hitting both businesses and governments, says Mr Foo Siang-tse, managing director of home-grown cyber security vendor Quann.

"This is a growth industry that's built on certain fundamentals. It's not a bubble, but a sector that will grow sustainably for at least the next five to 10 years, especially as countries and businesses become much more connected," he says.

The burgeoning sector means that there is a wide variety of roles and skill sets wanted.

These include security architects who craft computer security policy within an organisation and identify risks, cyber security specialists who deal with attacks and track down the source, and developers who code the cyber security tools and perform research and development work.

With the National Cyber Security Strategy launched earlier this month, the Government intends to more closely align what is taught in schools with what the industry needs, while putting in place more scholarships and sponsorships.

It will also lead the way in building clearer career pathways for professionals by developing a cyber security scheme of service for the public sector, and encourage practitioners to go for certification courses.

Mr Goh, meanwhile, points out that today's cyber security professionals need the detective skills of a policeman and the diagnostic skills of a doctor to be able to think on their feet and keep attackers at bay.

"When you see a threat, you are trying to understand who are the players, who are the possible actors, what are their motivations and what are their possible mediums of attack," he says.

"Instead of a policeman looking for a blood trail, the guy on the computer is trying to find the source of a breach.

"The concept is very similar."

The upside of a career in cyber security, as Mr Lim has found out, is that these skills will increasingly be sought after around the world.

Mr Foo says: "There's a chronic shortage of people with such skills around the world, so if you have them, you have a strong bargaining chip and a career waiting almost anywhere in the world.

"People may speak different languages, but computers speak the same machine language."


So will Singapore succeed in bulletproofing its cyber security infrastructure, while developing an indigenous cyber security industry that can compete on the world stage?

That will depend on how committed the Government is to meeting the lofty goals set out in the National Cyber Security Strategy and how quickly it can do so, given that it is not the only country in the world looking to carve out a niche for itself in the cyber security market.

A friendly rival in this space is Israel, which launched its Cyber Initiative in 2010 with the goal of becoming one of the top five countries in the world in terms of cyber defence capabilities within five years. The Israeli experiment has been a resounding success, with the country today commanding a 10 per cent share of the global cyber security market.

Its architect, retired Israeli major-general Isaac Ben-Israel, thinks Singapore has a good shot at success, saying: "You need three key things to succeed in this area: government, systems and good computer infrastructure. You already have advantages in that you have strong government and you're a high-tech hub, with the telco and banking sectors all heavily based on computers.

"You don't need to be a big country. You already have the ingredients to do this."

Join ST's Telegram channel and get the latest breaking news delivered to you.

A version of this article appeared in the print edition of The Sunday Times on October 23, 2016, with the headline Cyber security = job security for Singapore grads. Subscribe