Me & My Career: Keeping systems safe under virtual lock and key

27 Mar 2022

Straits Times, 27 Mar 2022, Me & My Career: Keeping systems safe under virtual lock and key
Crafty hackers infiltrated a casino in North America a few years ago in the most improbable of ways - by accessing a high-tech fish tank.

The tank was remotely monitored so the temperature could be adjusted automatically but that gave the cyber criminals a back door, allowing them to gain access to data and send 10GB of it to a device in Finland.

As network-connected devices become more commonplace - think smart lights, smart cars and automated production lines - opportunities for cyber attackers to gain access to networks have risen.

That is where cyber security professionals like Ms Shazina Zaini come in.

Ms Shazina, a senior developer at MicroSec, works on security solutions for the Internet of Things.

"A lot of these systems which were in the past just secured on a physical basis with huge locks and keys and guard dogs and that sort of thing, there's a way to now access these systems over the Internet," she says.

"And the communication methods used by these systems may not traditionally have been suitable for encryption in the way we think about it on the Internet.

"Because of the drive towards automation and the need for networking we're trying to bring these systems not just online but online securely."

One of the projects Ms Shazina is most proud of contributing to since joining the sector five years ago is a system involving smart distribution boards and smart sockets in some newer residential buildings that help residents monitor their electricity usage across different appliances.

She built one of the components of the system from scratch within her first two years in the industry.

"It was the first time I've done something of that size or significance in (programming language) C++, which at the point I was not that well-versed in," says Ms Shazina, 37.

She did not provide her salary range, but says that pay for software developers varies widely based on factors such as industry and seniority. For instance, junior software engineers may be looking at about $4,000 to $5,000 monthly, while salaries for lead developers can go up to a five-figure range, according to recent Singapore-based salary guides.

Although Ms Shazina hopes to continue growing her career in the field by taking on more managerial duties, it was not what she had originally planned to work in.

Trained as a lawyer in Australia, she worked in policy research for a few years before moving back to Singapore with her husband, who is a lawyer.

She completed another degree, in computer science, in 2016, and joined MicroSec the following year, starting out as an intern before progressing to become a network developer and then senior developer.

One of the reasons she decided to switch to cyber security is that there are lower barriers to entry compared with other science, technology, engineering and mathematics (Stem) fields.

This is shown by the fact that important work and advances in the field are done on the ground, she says. For example, people speak at cyber security conferences about things that they work on in their spare time, rather than having to work at an established university and be funded by research grants.

The field is also less subject to geographical or jurisdictional limitations, adds Ms Shazina, noting: "With an Internet connection, I could work anywhere."

Q: What do you do at work?
A: I work with a young cyber security company called MicroSec. The company builds security solutions for networks that include devices which traditionally would not have been connected to a network. When such devices connect to a network, they form the Internet of Things (IoT). IoT devices can be found pretty much anywhere, which means that IoT security solutions can be helpful in any industry.

My daily tasks include attending meetings to discuss ongoing work, having discussions with teammates about new features, programming and debugging.

Q: Why did you decide to pursue this career?
A: There is always something new to learn and get excited about. In particular, the company's work means that I get involved in both software engineering and cyber security, which are still considered quite different career paths. I also get to learn about the industry relevant to a particular project.

Solving bugs and problem solving provide a nice dose of dopamine on a regular basis. Because our systems operate in the physical environment, it is quite nice to be able to point at something and go, "we worked on that".

One great thing about working in technology is that the barriers to entry are lower than in other industries. This means that it attracts people who are self-motivated and curious, who tend to be great to work with. It is also possible to get opportunities based on things that you have done outside of a traditional work or school setting.

Q: What is your educational background and how have you upgraded your skills along the way?
A: I have bachelor's degrees in law and commerce, and, after deciding to make a career switch, now have a degree in computer science. I'm working towards the Certified Information Systems Security Professional certification.

The Internet is great for keeping up with new developments. I also enjoy attending cyber security and software development conferences.

Q: What are the biggest challenges you've faced in getting to this point in your career? How did you overcome them?
A: Coming to the career later in life can cause self-doubt because you're always comparing yourself to that mythical programmer who has been doing it since he or she was three years old.

I find focusing on the present to be helpful; I try to find the best solution given what I know at the time.

Your experiences might also give you an advantage over someone who fits "the mould", whatever that is. Some of our work involves making sense of long specification documents that dictate how we should design systems. Thanks to my earlier studies, I am not intimidated by them.

There is also the idea that you might be giving up your investment in your earlier career. I know quite a few people who are doing well in careers related to my earlier areas of study, but they are open about the trade-offs that they have made in their own lives in order to reach that level of success.

I have a supportive spouse and my circumstances are such that the career switch is not going to be a financial problem.

Q: What are the best and worst parts of the job?
A: Being a small team means that we get to see the impact of what we do on a more immediate basis than might be the case in a larger organisation.

The work continues to be interesting, and I appreciate my teammates and the work culture. MicroSec is a very human-centric place to work at.

Being part of a small, young company also comes with challenges. For example, because the work involves software engineering, cyber security and knowledge of other areas such as cryptography and engineering, hiring people who are senior enough and with the right mix of skills is challenging.

Q: What are your tips for people who want to start or grow their careers in this field?
A: There will be a learning curve in every part of the process. You have to get comfortable with failing often, simply because there will be bugs as soon as you write code.Finally - this sounds flippant, but is earnestly meant - learn to use Google search well. A lot of answers to problems can be found online, such as on the websites of the products you're using.

Jobs in cybersecurity
About the industry
The pandemic accelerated digitalisation efforts worldwide, but as more and more of our daily life becomes automated and connected, opportunities for cyber attacks are increasing.

The Cyber Security Agency of Singapore (CSA) last year warned of several emerging trends that need watching, such as the increasing scale and sophistication of ransomware attacks, which refer to using malicious software to encrypt users' files and demand a ransom to restore access, or threaten to leak sensitive data.

Widespread remote working has exposed organisations to greater risk of cyber attacks, while hackers could even begin to target space infrastructure like satellites, the agency noted.

Data leaks and phishing - where people are tricked into revealing personal information like passwords or credit card details - are other ongoing threats.

A national SG Cyber Talent initiative was launched in 2020 with the aim of developing around 20,000 cyber security professionals in three years.

There were about 10,700 cyber security professionals in Singapore in 2020, up from 6,000 or so in 2018.

Available jobs
Technical specialists such as penetration testers (who find security gaps), red-teamers (who conduct mock cyber attacks) and digital forensics and incident responders (who identify, investigate and fix security breaches) are in constant demand, says Association of Information Security Professionals (AiSP) president Johnny Kho.

He says the biggest demand - and most acute shortage - is on both ends of the talent spectrum - entry-level roles like security operations centre analysts and management-level positions such as chief information security officers.

Here are some cyber security jobs posted on the MyCareersFuture portal, the monthly salary range offered and minimum experience required.

  • IT/Cyber security engineer (one year's experience): $3,000 to $7,500

  • Threat hunter (one year's experience): $5,000 to $10,000

  • Advanced cyber security solution architect (five years' experience): $8,000 to $9,500

  • Red-team lead (five years' experience): $8,000 to $16,000

  • Cyber threat management director (10 years' experience): $13,000 to $22,000

How to join the sector

  • AiSP's Cybersecurity Essentials course: Three-day training for people new to information security

  • AiSP's Qualified Information Security Professional programme: Five-day course on topics such as governance and management, security architecture and cyber defence

  • Cybersecurity Career Mentoring Programme: Career guidance and support from experienced industry mentors, for students and professionals

  • CSA's Cybersecurity Development Programme: 18-month scheme with fixed monthly salary for recent university graduates and mid-career professionals. Upon completion, participants will receive the ModularMaster in Cybersecurity certificate from the Singapore University of Technology and Design and may be offered a full-time position at CSA

  • Cyber Security Associates and Technologists Programme: On-the-job training and attachments

  • SGInnovate and Ngee Ann Polytechnic's Professional Certification Programme in Cybersecurity Practice: Six-month training programme leading to a specialist diploma in cybersecurity practice and two post-diploma certificates

  • Women On Cyber Cybersecurity Scholarship: Support for women to pursue the Offensive Security Certified Professional certification

  • Events, webinars and hackathons by groups such as Division Zero and the Singapore Computer Society