In a recent trip to Austria, Xponent Leonard Lee reached the stunning 5 Fingers viewing platform at Dachstein Krippenstein in the Austrian Alps. This physical climb mirrored his career path, in which he climbed a metaphorical mountain – this time summiting at HTX’s xCybersecurity division.
Leonard, who holds a Bachelor’s degree in Computer Science from the Nanyang Technological University, started his career as an analyst programmer with Phillip Securities. His interest in cybersecurity was sparked by the security tests performed on the web applications that he had built. With his interest piqued, he signed up for the Cyber Security Associates and Technologists (CSAT) programme, and he joined ST Engineering as a cybersecurity specialist.
He subsequently joined HTX in its first year of operations, and at xCybersecurity – also known as xCyber – he provides consultancy services for the Home Team’s Information Technology (IT) project teams, guiding them to meet security and compliance standards, and reviewing their security testing results before their projects are commissioned. Leonard finds his work at xCyber fulfilling because he and his colleagues work hard to safeguard Singapore’s data and systems.
This is no simple task because of the increasing boldness of cybercriminals. In June 2023, the CSA shared that Singapore experiences an average of one ransomware attack every three days. In addition, almost 8,500 phishing attempts were reported in 2022, more than double the cases handled the previous year! The engineers at xCyber bear the deep responsibility of fortifying the Home Team’s IT systems against cyberattacks, identifying and fixing security vulnerabilities, and training Home Team officers to manage security crises and incidents.
If you are a professional seeking meaningful work, xCyber offers careers which directly impact Singapore’s safety and security. But if you don’t have a terminal degree in the field, is it possible for you to make a mid-career switch into cybersecurity? The short answer is yes – however it will require a lot of hard work. For example, Leonard had to work hard to achieve key cybersecurity credentials including the CREST Practitioner Security Analyst, the OffSec Certified Professional, and the ISC2 Certified Information Systems Security Professional (CISSP) certifications.
What is work like at xCyber? Leonard’s colleagues are experts in the field, with many having achieved the CISSP – one of the more difficult certifications to achieve in the cybersecurity industry. “Sharpening the saw” is the norm, and he observes that “the focus of training the staff at HTX is really good. I’m very grateful for this actually.”
His training at HTX is well-rounded and goes beyond cybersecurity-related courses. “I took Agile Scrum Master recently, and I am taking some soft skill courses from the Civil Service College in August and September,” he shared. Apart from the many opportunities for skills upgrading, his job satisfaction at xCyber also comes from the people working there: “I enjoy spending my time with my colleagues. We support each other when we need help. We also have nice bosses who take care of us very well.”
If you have the interest and passion, cybersecurity is actually not hard to pick up.
Was it difficult to transition from programming into cybersecurity? Leonard reflects that his work in cybersecurity had greatly benefited from his earlier experience as a programmer: “I always give this analogy of Yin and Yang – if you know how to defend or program, then you know where to attack, and if you know where to attack, then you know where to defend better.”
How challenging is it for those with no background in cybersecurity to follow Leonard’s path? He advises: “If you have the interest and passion, cybersecurity is actually not hard to pick up.” Having interest and passion is essential because you will have to sacrifice a lot of time to study for the cybersecurity certification exams. Practical training can also help: “If you have the opportunity to get your hands dirty or to observe things like how things are being set up in the IT environment, then it will probably improve your knowledge in all these theories you have learned,” he advises.