Tammie Tham, executive vice-president of enterprise and services at Ensign Infosecurity
Tammie Tham has spent her entire career fighting the good fight against hackers. In this increasingly vulnerable digital age, it’s assuring to have someone with her experience on the side of the good guys. Leveraging on her knowledge from her time in information security roles at BT Frontline, IBM, Frontline Solutions and Netrust, she founded Accel Systems & Technologies in 2012. Her start-up was later absorbed into Ensign Infosecurity, Asia-Pacific’s largest pure-play cybersecurity firm, where she now serves as its executive vice-president of enterprise and services.
Deploying an array of different point solutions may not improve an organisation’s defence against threats.
It’s more important for a company to take a holistic and balanced view when it comes to cybersecurity. Knowing what to secure and how is crucial, but understand that you may still be compromised anyway. Companies have to invest sufficiently in prevention, detection as well as response. And don’t forget user training to create and sustain awareness to drive the right behaviour.
Lately I’ve seen companies be more forward-looking with their approach to cyber defence.
Instead of adopting a reactive stance, they are investing in active threat hunting — investing in areas to hunt for vulnerability and threats that may be lurking in their environment.
Companies used to compare us to insurance agents, believing that having too many security measures was cumbersome. But I haven’t heard anything like that in the last four to five years. People now know that they have to spend and invest in cybersecurity, because it’s not just financial losses at stake, but their reputation. We don’t have to sell the importance of cybersecurity anymore. Knowing how and where to spend – that’s where we come in.
You would probably make more money as a hacker than a good person.
But this job is not about the money. Increasingly, I see people who are more interested in the challenge a job brings. To be able to defend our cyberspace is a noble aspiration and when you’re part of a company like Ensign, where we take on only large projects on a national scale, it can be very interesting.
The landscape is always changing, so it can be very tiring just trying to keep up.
I have to keep abreast of what’s happening, because everything is so dynamic and new variants of old threats are popping up every day. What you thought you knew six months ago could be obsolete tomorrow. There is constant pressure to keep learning, which can be disheartening. When the report on last year’s healthcare breach was released, I read all 400 pages of it. It was good bedtime reading.
A lot of the jobs we are familiar with are going to go away with technology.
Whether you like it or not, automation and artificial intelligence will take away white collar jobs. Becoming a data scientist or a programmer, getting training in science, technology, engineering and mathematics, and being able to mine data and write algorithms, will be the way to go.
I do a lot of pro-bono work for SGTech.
I’m passionate about working with schools and getting kids to consider cybersecurity as a career option. It may be a male-dominated industry right now – Ensign has about 500 employees and only 6 to 8 per cent of the engineering roles are held by women – but girls can do this just as well as the boys. In this day and age, it’s brains over brawn.
Digital Defence Preparation
Internet of things
“It’s exciting to think about the abilities and challenges that come with managing unmanaged devices. Singapore is going to be a Smart Nation, and yet there has been no lack of breaches globally. How do you manage the security of a voice-activated smart escalator, for example? It’s a big market with big opportunities, and we are now spending time finding solutions for every possible problem that may arise.”
Automation and AI
“We have data centres that run round the clock, with people constantly monitoring the screens for cyberthreats and risks. But with automation, we might be able to assign the more predictable and repeatable monitoring tasks to machines. That way, we can upskill the people who used to do them and give them more analytical work that requires thinking and design, which is more important.“
“People are starting to invest in this area, and it has some unique features we like: It’s transparent, it operates on a public ledger concept and the technology will be valid for a long time. The only problem is the amount of computing power needed to support it, but I’m sure we will overcome that eventually.”