How can Singapore address the cyber security skills gap?

Singapore’s growing dependence on technology, coupled with the expanding scale of its national digital environment, exposes it to a broad range of sophisticated threats. The profile of attackers range from state-sponsored hackers to tech-savvy criminals. Their existence has also contributed to the growing fear of a skills gap, limiting the effectiveness of the existing cyber security teams.

Despite the abundance of negative press which has classified the skills gap as an industry crisis on a global scale, and with no end in sight, there actually isn’t one. What if I told you that the aforementioned issue is mainly a perception problem? What if I told you that the ‘missing’ skills are, in fact, readily available to internal and external cyber security teams?

Dispelling the Perception Issue
Cyber security is a technical space. Cyber security requires a comprehensive understanding of computers and information technology networks. Cyber security professionals must be able to conduct technical investigations.

These statements are all true. But, they are also “incomplete”.

As a discipline, cyber security goes beyond the technical space and requires an appreciation for the non-technical. It demands knowledge from topics such as social science, linguistics, criminology, psychology, law and project management. Each of these fields play a significant role in solutions like Incident Response, Threat Intelligence, Security Reviews, Anti-Phishing Training, and Compliance Audits - just to mention a few. The process of integrating other disciplines form the basis for a holistic outlook on cyber security, creating a safer cyberspace across Singapore and the greater ASEAN region.

The Singapore Perspective
In relation to Singapore’s business communities, let’s see how this interdisciplinary approach can be applied to the fields of Ex-Government Security Specialists, Linguists, Business Analysts, and Social Scientists.

The Business Analyst = The Process Guru

Turning to the corporate space, business analysts have the ability to contribute valuable contextual information to support cyber security assessments and consultancies. As cyber security remains a business challenge, security business analysts can advise on key business operations to support Disaster Recovery Plans (DRPs) or Business Continuity Plans (BCPs).

Singapore’s prime economy revolves heavily around business analytics and management. It is a key contributor that made this tiny nation the financial power horse it is today. Having business analysts assist security teams in protecting core business processes is arguably a foundational piece to the holistic puzzle of cyber security.

The Ex-Gov = Global Intelligence Expert

The identification of how other disciplines and fields can support cyber security capabilities has already been implemented in other countries. For example, in the United Kingdom, former MI6 (British Foreign Intelligence) spies have reported to have joined the cyber security community.

Singaporean citizens and Permanent Residents with experience in training, military intelligence, or skills adopted from the state’s new Defense Cyber Organization (DCO), are optimal candidates when searching for talent with skills that once played a role on the global security stage.

The Linguist = Content Investigator

Despite the complexity of code involved in the writing of malicious software, the hacker behind the screen is still a human being. Linguistic tails can sometimes be identified in the way various attacks, like phishing or ransomware, are designed. For example, analysis of the WannaCry Ransomware attack that hit the global stage, allegedly possessed linguistic ties to Chinese. These language experts, also known as linguists, have been enlisted to support key cyber security efforts by analyzing the terms used in various cyber attacks.

Singapore’s multicultural and linguistic background already gives her an edge to address similar avenues of cyber security investigations. 

The Social Scientist = Environment Modeller 

Cyber security is fundamentally the process of assuring the confidentiality, integrity, and availability of data shared across cyberspace. A key takeaway from this statement is the term, ‘shared’, which fundamentally boils down to interpersonal interactions; the concept of social dynamics. Social scientists such as Sociologists, Cultural Experts, Criminologists, Political Scientists, and Psychologists are some key specialisms that can act as force multipliers to cyber security. For example, psychologists and criminologists play a crucial role in deciphering antisocial or malicious online behavior. This provides valuable force-multiplier and threat intelligence capabilities to Cyber Emergency Response Teams (CERTs). 

Most cyber security research, which is used to inform products and security services, originates from the West. There remains limited research into this space in the Eastern corridor. Only recently have we seen researchers moving into Asia-focused criminology , a national cyber security consortium, and more emerging research from an ASEAN perspective. Singaporean institutions such as the Institute of Defence and Strategic Studies, in the S. Rajaratnam School of International Studies (RSIS), are valuable platforms to start developing (or co-developing) an ASEAN-focused approach to cyber security. After all, each nations’ application and integration of technology is heavily dependent on its cultural and geopolitical drivers.

Taking Action
After exploring some of these topics and how holistic approaches to cyber security go beyond the technical domain, what does it look like, for both Singaporeans and internationals seeking a career in cyber security? The answer is simple. Learn.

Singapore is a city of infinite opportunities, but of a singular machine. Should anyone be interested in joining the cyber security space, one simply needs to LEARN about what it means in relation to his or her current career or specialism.

If you’re a business analyst, how can you apply your knowledge of processes and continuity requirements, against a cyber-attack that takes a company’s client-facing services offline? If you’re a political scientist specializing in China, what are the correlations between key political motivations, and cyber-attacks faced in the South East Asian region? (And here’s a tip, go look up the NanHaiShu malware attack.) If you’re a UX designer, how can you help Security-as-a-Service providers deliver cyber security awareness training in a consumer-friendly manner? If you’re a language expert, can you build a framework for analyzing programmer and program connections, through the programming language used?

To join any cutting-edge community is not easy and does not come without hard work. Make it your mission to identify your WHY, hunt down the missing skills you need, and find an organisation that provides you with the opportunity to Learn, Experience, and Grow, concurrently.