#WorkinginCSA: Building Secure Cloud Adoption

1. Tell us more about your team’s work and your role as a Cybersecurity Consultant.

With my colleagues from the Cloud Cybersecurity Programme Office & Technical Architecture Office

About my Role

Cloud Cybersecurity Programme Office (CCPO) is a key pillar in ensuring secure cloud adoption within CSA and across Critical Information Infrastructure (CII) systems. We architect and deploy secure cloud environments while providing consultancy to external CII owners navigating their cloud migration journeys. We support them in harnessing the benefits of cloud technologies while effectively managing associated cybersecurity risks.

Being a Cybersecurity Consultant in the cloud computing space means stepping into a different challenge every day, no two workdays at work are alike. I might spend one day deep in my Integrated Development Environment (IDE), deploying and testing new cloud workloads. The next, I could be in spirited discussions with teammates about whether a security control should be included in our national policy. In the age of cloud and Artificial Intelligence(AI), there's never a shortage of exciting new technologies to explore and prototype.

2. What inspired you to become interested in cybersecurity/ pursue a career in this field?

I actually don't have a tech-related degree. I studied Aerospace Engineering at Nanyang Technological University (NTU). While several factors influenced my pivot to cybersecurity, including a challenging aviation job market during COVID-19, what truly sparked my interest was a personal encounter with malware.

There was a shop in my university that offered printing services to students. To print documents, students had to transfer their documents to a common PC which was connected directly to the printer. Presumably, this computer was infected with a worm that infects USB devices when plugged to it, which was what happened to me. My USB drive was infected by a "Shortcut Virus" that hid my files and created shortcuts designed to masquerade as my original files in order to trick me to click them, with the aim of executing malicious code in my personal PC. Desperate to recover my files, I spent multiple sleepless nights researching what had happened. After much effort, I eventually managed to recover everything.

The experience of scouring the web, piecing together clues, and finding a solution that worked ignited something in me, a detective spirit I didn't know I had. That feeling pushed me to apply for CSA's Cybersecurity Development Programme(CSDP), which led to my first role at National Cyber Incident Response Centre(NCIRC) as a digital forensics analyst.

3. What are some projects you’ve worked on in CSA that you found particularly interesting or challenging?

At the recent AWS re:invent 2025 conference

Photo taken at the MOT Award Ceremony with former Transport Minister Chee Hong Tat, CAAS CISO and project team

Cybersecurity is a team sport. Collaborative projects tend to be the most challenging yet the most rewarding.

In CCPO, we work closely with internal divisions, and external agencies like GovTech to develop a cloud-focused version of the Cybersecurity Code of Practice, known as the CCoP (Cloud). The Code of Practice lays out the minimum requirements that CII owners need to meet to keep their CII systems secure when it’s running on the cloud. We also collaborate with cloud service providers to create companion guides that help organisations implement these standards effectively.

Prior to that, I was seconded to Civil Aviation Authority of Singapore (CAAS) for two years to gain some ground experience. During my time at CAAS, our team identified common pain points in cybersecurity processes, particularly around vulnerability management and log analysis. We developed a suite of tools that streamlined our day-to-day workflows and reduced our dependence on external parties. Our project went on to receive the Ministry of Transport Minister's Value for Money Achievement Award – Merit.

What makes these projects particularly interesting is seeing how different perspectives and expertise come together to solve complex problems. The challenge often lies in balancing diverse stakeholder needs while maintaining security standards, but the collaborative process invariably leads to more robust and practical solutions.

4. Tell us something about your job that not many people know about.

Most people think cybersecurity is all about the classic "red vs blue" scenario, where hackers try to break in while we frantically defend against attacks. My friends and family often ask if I spend my days monitoring screens full of alerts or hunting down cyber criminals.

The reality is quite different.

I spend time architecting secure cloud environments, developing policies that help organisations adopt new technologies safely, and working with stakeholders to build robust security frameworks.

5. Outside of work, do you have any hobbies and interests? How do you unwind from work?

I'm really into homelabbing! It's like being a solutions architect, system administrator, network engineer, infrastructure engineer, security engineer, and app developer all rolled into one - roles I don't typically get to play in my day job.

Having a homelab gives me hands-on experience with work technologies like Docker and Kubernetes. Managing updates, security deployments, and free firewall/XDR solutions provides solid production environment foundations whilst helping me appreciate IT operations challenges.

My current setup is small and mostly virtualised, but I'm hoping to expand it with more hardware. The dream is to eventually have my very own small server rack at home!