1 00:00:00,000 --> 00:00:03,400 With the kind of security breaches and attacks that we are 2 00:00:03,400 --> 00:00:07,600 witnessing in this era, it becomes of Prior importance that 3 00:00:07,600 --> 00:00:10,100 we prioritize security at the top. 4 00:00:14,500 --> 00:00:17,600 Hey everyone. My name is Henry Surya. 5 00:00:17,600 --> 00:00:20,700 Juan. And you're listening to the 6 00:00:20,700 --> 00:00:24,000 tekhelet journal. The show will be bringing you 7 00:00:24,000 --> 00:00:27,600 the greatest technical leaders practitioners and thought 8 00:00:27,600 --> 00:00:30,900 leaders in the industry to discuss about their Journey 9 00:00:31,200 --> 00:00:35,600 ideas and practices that we all can learn and apply to build a 10 00:00:35,600 --> 00:00:39,300 highly performing technical team and to make an impact in your 11 00:00:39,300 --> 00:00:42,900 personal work. So let's dive into our Journal. 12 00:00:46,900 --> 00:00:49,800 Hello everyone. Welcome to a new episode of the 13 00:00:49,800 --> 00:00:52,500 tekhelet journal with me Ojos, Henry Surya. 14 00:00:52,500 --> 00:00:55,200 Where 01 before we start today's episode. 15 00:00:55,300 --> 00:00:58,100 If you would like to get notified for a new episode on 16 00:00:58,100 --> 00:01:00,400 your email inbox. You can now have it by 17 00:01:00,400 --> 00:01:02,900 subscribing to the tekhelet journal mailing list. 18 00:01:03,300 --> 00:01:06,500 You can go to the tekhelet journal dot death website, and 19 00:01:06,500 --> 00:01:09,900 submit your email address by being a subscriber. 20 00:01:10,000 --> 00:01:13,000 You also won't miss any important news, and updates from 21 00:01:13,000 --> 00:01:15,700 me including potential giveaway contest. 22 00:01:15,900 --> 00:01:19,400 In the upcoming week. Also, if you are enjoying and 23 00:01:19,400 --> 00:01:23,000 benefiting from these podcasts, so much, consider becoming a 24 00:01:23,000 --> 00:01:26,600 patron of the tekhelet journal by visiting the tekhelet journal 25 00:01:26,600 --> 00:01:30,800 dot f /, Patron. It is patr 0n. 26 00:01:31,300 --> 00:01:34,900 I will sincerely appreciate your support so much and your 27 00:01:34,900 --> 00:01:37,800 valuable support will help me to make the production of the 28 00:01:37,800 --> 00:01:41,200 upcoming episodes. More sustainable and frequent as 29 00:01:41,200 --> 00:01:44,600 a patron you'll also get exclusive access to Patron. 30 00:01:44,600 --> 00:01:47,600 Only contents. Including direct personal access 31 00:01:47,600 --> 00:01:50,200 to me. So please, pledge your support 32 00:01:50,200 --> 00:01:52,800 at tekhelet Journal dot f / Patron. 33 00:01:53,100 --> 00:01:57,200 So, in this episode, I have the pleasure to have a conversation 34 00:01:57,200 --> 00:02:02,100 with Neha Malhotra sneha just recently won the top. 20 women 35 00:02:02,100 --> 00:02:06,700 in cybersecurity in Singapore for 2020, which is an amazing 36 00:02:06,700 --> 00:02:09,500 accomplishment. I saw her LinkedIn post about 37 00:02:09,500 --> 00:02:12,800 her winning the award and I decided to personally invite her 38 00:02:12,800 --> 00:02:15,700 to join me for this episode to share with us. 39 00:02:15,800 --> 00:02:19,900 Journey for winning the award. And also importantly, to educate 40 00:02:19,900 --> 00:02:23,600 us on cyber security, including some of the resources where we 41 00:02:23,600 --> 00:02:27,400 can learn more about it. Further Neha is also very active 42 00:02:27,400 --> 00:02:30,300 in the community and volunteering, and she is 43 00:02:30,300 --> 00:02:33,200 passionate about championing women to thrive in cyber 44 00:02:33,200 --> 00:02:36,900 security and Technology. It is very inspiring to hear 45 00:02:36,900 --> 00:02:39,400 what she has done. And I hope all of you can get 46 00:02:39,400 --> 00:02:43,000 inspired by her as well. So let's jump right into the 47 00:02:43,000 --> 00:02:47,000 episode. Come to the piglet, you know, 48 00:02:47,000 --> 00:02:49,000 mija. Thank you so much Henry. 49 00:02:49,000 --> 00:02:51,200 I'm pleased to be here ready thrilled. 50 00:02:51,500 --> 00:02:55,500 I saw a link in post recently in which that I saw you just 51 00:02:55,500 --> 00:02:59,900 recently won the top. 20 women in cybersecurity in Singapore 52 00:02:59,900 --> 00:03:02,500 for 2020. Congratulations for that. 53 00:03:02,600 --> 00:03:05,500 Thank you so much. It seems like a major award. 54 00:03:05,600 --> 00:03:07,900 So can you probably share with the audience here? 55 00:03:07,900 --> 00:03:10,700 What is the word all about? What's the background? 56 00:03:10,700 --> 00:03:13,200 And then, how did you actually win the word? 57 00:03:13,400 --> 00:03:15,700 Sure. I think that's a very pleasant. 58 00:03:16,200 --> 00:03:19,300 And I feel very honored to have made it to the list of top 20, 59 00:03:19,300 --> 00:03:22,500 women in cybersecurity in Singapore about the award just 60 00:03:22,500 --> 00:03:26,700 to coat the winners of this award represent 2020 role models 61 00:03:26,900 --> 00:03:30,200 who have made significant contributions Advance the 62 00:03:30,200 --> 00:03:33,700 industry and shape the path for future generations of 63 00:03:33,700 --> 00:03:36,900 professionals among other vital contributions. 64 00:03:37,000 --> 00:03:40,100 I think to this second part, what really helped me to get to 65 00:03:40,100 --> 00:03:44,900 this level and be recognized is my overall career Journey, how I 66 00:03:44,900 --> 00:03:48,700 have paved my Into cyber security by self learning and 67 00:03:48,700 --> 00:03:51,800 have made the most of whatever opportunities I got. 68 00:03:51,800 --> 00:03:54,000 And also, my involvement with the community. 69 00:03:54,300 --> 00:03:57,800 So I have this drive to better myself and always been on the 70 00:03:57,800 --> 00:04:01,200 quest to keep learning together with taking a measured actions 71 00:04:01,300 --> 00:04:05,300 and whether it was changing roles or to move up to learn 72 00:04:05,300 --> 00:04:07,100 cybersecurity to get to the level. 73 00:04:07,100 --> 00:04:10,600 I could be trusted to drive cyber security initiatives and 74 00:04:10,600 --> 00:04:14,400 programs with big Banks, like BNP Paribas, Deutsche Bank, and 75 00:04:14,400 --> 00:04:16,300 now credit. So he's I think it's very 76 00:04:16,300 --> 00:04:19,300 important to take charge. I've worked on driving 77 00:04:19,300 --> 00:04:22,800 implementation of area cyber security, initiatives controls 78 00:04:22,800 --> 00:04:24,600 and processes with the form Style. 79 00:04:24,600 --> 00:04:27,200 Just mentioned about. I've worked closely with audit 80 00:04:27,200 --> 00:04:30,500 governance risk and compliance as well and have worked on 81 00:04:30,500 --> 00:04:35,300 several Regulatory remediations and including Mas Regulators 82 00:04:35,300 --> 00:04:39,400 that usually we deal with and I've worked on using security 83 00:04:39,400 --> 00:04:43,400 Frameworks as well as updating policies and standards. 84 00:04:43,400 --> 00:04:45,600 So, over the years in addition to Applications. 85 00:04:45,700 --> 00:04:47,800 Security. I got a great opportunity to 86 00:04:47,800 --> 00:04:51,000 work with in identity and access management on privileged access 87 00:04:51,000 --> 00:04:53,500 management. And as part of my program 88 00:04:53,500 --> 00:04:56,100 manager role. I've worked also with different 89 00:04:56,100 --> 00:04:58,300 jobs. I got opportunities to work on 90 00:04:58,300 --> 00:05:01,800 driving encryption for data at rest data in transit. 91 00:05:01,800 --> 00:05:05,600 Then with blogging and detection using security information and 92 00:05:05,600 --> 00:05:09,500 event management tools. I did some real time analysis on 93 00:05:09,500 --> 00:05:12,300 security, alerts generated by applications and network 94 00:05:12,300 --> 00:05:14,600 Hardware. So I've worked with in various 95 00:05:14,600 --> 00:05:16,800 kind of domains. Including vulnerability 96 00:05:16,800 --> 00:05:20,500 management network security and to drive a various 97 00:05:20,500 --> 00:05:24,500 implementations of security tools, processes and controls. 98 00:05:24,700 --> 00:05:27,400 And then about my various community activities. 99 00:05:27,400 --> 00:05:31,100 I really love volunteering. So I've been doing volunteering 100 00:05:31,100 --> 00:05:34,400 since several years in various forms, but specific to 101 00:05:34,400 --> 00:05:36,300 cybersecurity. For instance. 102 00:05:36,400 --> 00:05:40,500 I have been volunteering with a lot of communities with in 103 00:05:40,500 --> 00:05:44,000 Singapore including cyber security agency of Singapore. 104 00:05:44,100 --> 00:05:46,800 So last year, they had a camp. Painting called cold safe 105 00:05:46,800 --> 00:05:48,900 online. I was a cyber Champion for the 106 00:05:48,900 --> 00:05:52,800 same and the purpose was to raise cyber awareness and bring 107 00:05:52,800 --> 00:05:54,600 it to the crown to all the people. 108 00:05:54,600 --> 00:05:58,200 Because at times, we are living in each individual across all 109 00:05:58,200 --> 00:06:00,300 age. Group need to have that basic 110 00:06:00,300 --> 00:06:03,400 cyber hygiene knowledge and should know the basics. 111 00:06:03,400 --> 00:06:07,500 For instance, about email and web browser protection, using 112 00:06:07,500 --> 00:06:11,600 antivirus importance of two-factor authentication and 113 00:06:11,600 --> 00:06:12,200 setting. Right? 114 00:06:12,200 --> 00:06:15,600 Kind of passwords recognizing phishing email. 115 00:06:16,000 --> 00:06:19,100 Not to fall prey to scams and you know, so on and so forth. 116 00:06:19,100 --> 00:06:22,200 So very basic for each individual that uses internet. 117 00:06:22,300 --> 00:06:26,300 Also, I try to get involved with the community like Association 118 00:06:26,300 --> 00:06:28,900 of Information, Security Professionals, and I also 119 00:06:28,900 --> 00:06:32,300 volunteer with is e Square, Singapore chapter as a 120 00:06:32,300 --> 00:06:34,400 communications director on their exco. 121 00:06:34,600 --> 00:06:37,300 So that's a governing body for cyber security training and 122 00:06:37,300 --> 00:06:40,100 certifications. And I even brought security to 123 00:06:40,100 --> 00:06:43,900 Google developers space. Inaugural event that was focused 124 00:06:43,900 --> 00:06:47,400 on fostering speak. Our culture amongst women. 125 00:06:47,400 --> 00:06:49,700 So the objective of my two-minute speaker pitch was 126 00:06:49,700 --> 00:06:53,800 completely focused on and application Securities since 127 00:06:53,800 --> 00:06:57,500 Their audience was mostly from development background. 128 00:06:57,700 --> 00:07:01,100 So I thought, why not? And I'm a part of events from 129 00:07:01,100 --> 00:07:04,900 women in Security in Singapore. So yeah, I'm trying to do my 130 00:07:04,900 --> 00:07:08,700 best learn and share as much as possible in and out of my day 131 00:07:08,700 --> 00:07:11,700 job just focusing on good work. Irrespective of any 132 00:07:11,700 --> 00:07:15,600 expectations, but it feels great when the efforts get recognized. 133 00:07:15,700 --> 00:07:19,500 Wow, hearing what you staring. So, so many contributions you 134 00:07:19,500 --> 00:07:22,200 have done to community and its really well deserve. 135 00:07:22,200 --> 00:07:24,900 I would say, so I have a few things from the things that you 136 00:07:24,900 --> 00:07:27,000 share. The first one is about the go 137 00:07:27,000 --> 00:07:29,800 safe online campaign, right? Where you teach people about 138 00:07:29,800 --> 00:07:34,000 cyber security cyber awareness. We all know due to this 139 00:07:34,000 --> 00:07:36,700 pandemic. I think the digital adoption 140 00:07:36,700 --> 00:07:39,800 somehow gets accelerated and I think it's very important for 141 00:07:39,800 --> 00:07:42,000 all of us to be more aware about cybersecurity. 142 00:07:42,600 --> 00:07:45,400 Can you share with us some of the tips or maybe some of the 143 00:07:45,400 --> 00:07:47,800 things that That you normally share for people especially 144 00:07:47,800 --> 00:07:51,100 those who are not really much aware of cybersecurity. 145 00:07:51,100 --> 00:07:55,000 What needs to be focused on or what needs to be implemented for 146 00:07:55,000 --> 00:07:58,200 them to be secure in their Digital Book life these days. 147 00:07:58,500 --> 00:08:00,100 Yeah. Definitely, that's a great 148 00:08:00,100 --> 00:08:02,500 question. So as part of, for instance, the 149 00:08:02,600 --> 00:08:06,100 the awareness campaign that we did, it was for everyone. 150 00:08:06,100 --> 00:08:09,200 Those people who do not know technology those from various 151 00:08:09,200 --> 00:08:11,200 backgrounds. So those even who are retired, 152 00:08:11,200 --> 00:08:13,400 but they have to use online banking. 153 00:08:13,400 --> 00:08:15,500 They have an email where they do receive. 154 00:08:15,700 --> 00:08:18,600 Emails or they do have a phone where they receive phone calls. 155 00:08:18,600 --> 00:08:21,900 Nowadays fishing is not just limited to emails as we know. 156 00:08:21,900 --> 00:08:24,500 So just to have that awareness created. 157 00:08:24,500 --> 00:08:28,400 So what we did was, you know, have had games for all of those 158 00:08:28,400 --> 00:08:32,400 important things so that people can really get involved into and 159 00:08:32,400 --> 00:08:34,600 get to know what you're trying to convey. 160 00:08:34,600 --> 00:08:37,600 So for instance we had games where in there were emails for 161 00:08:37,600 --> 00:08:41,500 them to recognize which one is a phishing email and what are the 162 00:08:41,500 --> 00:08:45,300 kind of various factors that we can look into an email for 163 00:08:45,300 --> 00:08:47,200 instance. Students, who is the sender? 164 00:08:47,200 --> 00:08:50,000 Is there any urgency that it is? Implying a pain? 165 00:08:50,000 --> 00:08:52,500 Is there a link? Is it asking you your bank 166 00:08:52,500 --> 00:08:54,300 details? Is this person? 167 00:08:54,300 --> 00:08:56,700 Whoever is the cepting. You trying to give you a free 168 00:08:56,700 --> 00:09:00,700 award or reward? So all of these factors we we 169 00:09:00,700 --> 00:09:05,200 try to bring in in the form of a game and that was really a good 170 00:09:05,200 --> 00:09:08,200 eye-opener for the Masters. I would say similar to that. 171 00:09:08,200 --> 00:09:10,000 As you mentioned. We all use phones. 172 00:09:10,000 --> 00:09:13,800 So having a good secure application to detect any 173 00:09:13,800 --> 00:09:18,100 malware is and not to Click on any links that we do not know 174 00:09:18,100 --> 00:09:22,500 about checking each and every email ID where it is coming 175 00:09:22,500 --> 00:09:25,000 from. Just the basic things at least 176 00:09:25,000 --> 00:09:29,000 to have an anti-virus installed in your home computers, having 177 00:09:29,000 --> 00:09:30,200 right? Kind of password. 178 00:09:30,200 --> 00:09:34,600 So people usually have smaller length passwords, but they think 179 00:09:34,600 --> 00:09:37,400 that if they make it complicated it is difficult to break. 180 00:09:37,400 --> 00:09:41,700 But we have so many easy ways that can be used these days to 181 00:09:41,700 --> 00:09:45,500 have the passwords hacked within seconds or milliseconds. 182 00:09:45,700 --> 00:09:47,900 Their Brute Force attack or dictionary attack. 183 00:09:47,900 --> 00:09:50,200 So there's so many other kind of password attack. 184 00:09:50,200 --> 00:09:53,600 So the only factor that helps with the passwords is the 185 00:09:53,600 --> 00:09:55,600 length. The length of the password has 186 00:09:55,600 --> 00:09:59,800 to be a 12 or 13 character long, at least and obviously a mix of 187 00:09:59,800 --> 00:10:02,700 characters and special characters and so on. 188 00:10:02,700 --> 00:10:05,800 So all of these, I think are the basic things that every 189 00:10:05,800 --> 00:10:09,000 individual should know about. Not to use the same password for 190 00:10:09,000 --> 00:10:12,500 different accounts. Also, never to use public Wi-Fi 191 00:10:12,500 --> 00:10:17,400 to log into bank accounts always having Cups of our hard disks or 192 00:10:17,400 --> 00:10:19,500 whatever data that is important to us. 193 00:10:19,600 --> 00:10:22,600 And then being vigilant on recognizing fake sites. 194 00:10:22,600 --> 00:10:25,600 Are, you know, especially banking sites being aware of and 195 00:10:25,600 --> 00:10:30,200 recognizing HTTP, https, the difference between those and not 196 00:10:30,200 --> 00:10:33,700 to click the link that comes from unknown sources and hover 197 00:10:33,700 --> 00:10:37,200 over the link to see what it is, you know, is it ready what it 198 00:10:37,200 --> 00:10:39,400 claims to be? So these are some of the 199 00:10:39,408 --> 00:10:43,000 important things for people who are not really aware of cyber 200 00:10:43,000 --> 00:10:46,900 security, but they must take care of Yeah, thanks for sharing 201 00:10:47,000 --> 00:10:50,200 hearing what you're saying. It seems like you have dealt a 202 00:10:50,208 --> 00:10:52,700 lot with cyber security throughout your career, maybe in 203 00:10:52,700 --> 00:10:53,900 your personal. I even. 204 00:10:53,900 --> 00:10:56,700 So can you share with me? What makes you interested in? 205 00:10:56,700 --> 00:10:59,300 Cyber security? Yeah, sure. 206 00:10:59,300 --> 00:11:03,400 I think while I like to manage projects or programs, working 207 00:11:03,400 --> 00:11:06,400 with in cyber security, industry is so exciting. 208 00:11:06,400 --> 00:11:09,500 And a total Game Changer. We living in the times of 209 00:11:09,500 --> 00:11:13,600 digital transformation and more. So in covid times where everyone 210 00:11:13,600 --> 00:11:16,500 is now, moving on to Little platform. 211 00:11:16,600 --> 00:11:19,700 And while with every new technology, there comes some 212 00:11:19,700 --> 00:11:21,600 benefit. It also has some security 213 00:11:21,600 --> 00:11:24,900 challenges and Tech Innovations are going to happen all the 214 00:11:24,900 --> 00:11:26,700 time. There will always be an 215 00:11:26,700 --> 00:11:29,300 Associated security challenge to be tackled. 216 00:11:29,400 --> 00:11:32,700 So there is a no dull moment here and that is what makes me 217 00:11:32,700 --> 00:11:35,000 so interested in to cybersecurity. 218 00:11:35,200 --> 00:11:39,100 I think my ingrained inquisitive and risk-based approach in life 219 00:11:39,100 --> 00:11:43,200 in general, that is completely aligned with the cybersecurity 220 00:11:43,300 --> 00:11:45,400 challenges. It's such a diverse field. 221 00:11:45,600 --> 00:11:48,100 And there's something for everyone to contribute to. 222 00:11:48,100 --> 00:11:52,000 It's become so important today and it's so evolving. 223 00:11:52,100 --> 00:11:55,600 And there's continuous changes and challenges and it's become. 224 00:11:55,600 --> 00:11:58,500 One of the things are very, very Prime importance for all the 225 00:11:58,500 --> 00:12:00,300 businesses alike. Right? 226 00:12:00,400 --> 00:12:04,200 I mean, not just bigger Banks, or bigger organizations, even 227 00:12:04,200 --> 00:12:07,700 smes are getting affected so much with data breaches. 228 00:12:07,700 --> 00:12:10,600 And so on that, we look at in news every other day. 229 00:12:10,600 --> 00:12:13,500 So a lot of action will happen in the next 10. 20, 30 Years 230 00:12:13,500 --> 00:12:15,500 also and I'm very blessed to be a part. 231 00:12:15,600 --> 00:12:18,600 Of this industry where we get to solve challenges posed by 232 00:12:18,600 --> 00:12:22,100 individuals. And also I think I love to learn 233 00:12:22,100 --> 00:12:25,400 about emerging Technologies. Every technology as I mentioned. 234 00:12:25,400 --> 00:12:28,900 It brings in some kind of Digital Risk and you name it and 235 00:12:28,900 --> 00:12:30,900 you have it. I have a security word attached 236 00:12:30,900 --> 00:12:33,600 to it these days, right, you know, Cloud security container 237 00:12:33,600 --> 00:12:37,700 security, you talk of plums in security or iot ecosystem 238 00:12:37,700 --> 00:12:41,000 security. So it's kind of field, which 239 00:12:41,000 --> 00:12:44,200 keeps us always. So excited with learning every 240 00:12:44,200 --> 00:12:47,500 new things every day. And how to implement those, you 241 00:12:47,500 --> 00:12:51,300 know, into protecting identifying or detecting or even 242 00:12:51,300 --> 00:12:54,700 responding and recovering from the cyber attacks or the 243 00:12:54,700 --> 00:12:58,800 vulnerabilities that threatened the confidentiality or Integrity 244 00:12:58,900 --> 00:13:02,500 or availability of the business or client data or triggers any 245 00:13:02,500 --> 00:13:04,700 misuse. So it's really a prime 246 00:13:04,700 --> 00:13:06,800 importance more than ever before. 247 00:13:07,000 --> 00:13:09,700 And I guess I'm totally fascinated by this field 248 00:13:09,700 --> 00:13:12,000 altogether. So many different fields. 249 00:13:12,000 --> 00:13:15,400 Is there a point like, where did you start initially which area? 250 00:13:15,600 --> 00:13:17,900 You start with in the beginning. Oh, yes. 251 00:13:17,900 --> 00:13:20,800 So quick flash back on my 15 years of career journey. 252 00:13:20,800 --> 00:13:24,500 I was a science student and I was very good in mathematics and 253 00:13:24,500 --> 00:13:27,300 I found coding pretty easy and scoring in my school. 254 00:13:27,400 --> 00:13:30,100 So I went on to complete my engineering degree in computer 255 00:13:30,100 --> 00:13:33,000 technology. And my first job in India was of 256 00:13:33,000 --> 00:13:36,000 a software developer, I transition between various 257 00:13:36,000 --> 00:13:40,500 Technologies and jobs in the initial few years and gradually, 258 00:13:40,500 --> 00:13:43,500 I took responsibilities more into business analysis and IT 259 00:13:43,500 --> 00:13:46,700 project management because that gives us Us, a holistic view of 260 00:13:46,700 --> 00:13:48,200 the business. So that's something that I 261 00:13:48,200 --> 00:13:49,800 really like doing. Finally. 262 00:13:49,800 --> 00:13:53,300 When I found myself within the identity and access management 263 00:13:53,300 --> 00:13:56,200 domain of information security that was the time. 264 00:13:56,200 --> 00:13:59,200 I realized, I finally found the purpose and direction to my 265 00:13:59,200 --> 00:14:01,700 career within the engineering team earlier. 266 00:14:01,800 --> 00:14:05,500 And even before I worked with in security teams for security 267 00:14:05,500 --> 00:14:07,500 projects. I was in a way working on 268 00:14:07,500 --> 00:14:11,200 applications with focus on security as a developer as well. 269 00:14:11,200 --> 00:14:15,200 Like, I was aware of many of the controls from over ASP, top 10. 270 00:14:15,200 --> 00:14:19,000 Like Open web application security project and other 271 00:14:19,000 --> 00:14:21,600 aspects of secure configurations etcetera. 272 00:14:21,700 --> 00:14:25,300 I was also working like on remediations from time to time 273 00:14:25,300 --> 00:14:28,500 like we had some initiative to remove all hard-coded passwords 274 00:14:28,500 --> 00:14:31,600 very very long back and I knew the importance of backups 275 00:14:31,600 --> 00:14:35,700 replicas and effective change management practices, and I used 276 00:14:35,700 --> 00:14:39,600 to work like to provide evidence to internal external audit teams 277 00:14:39,600 --> 00:14:43,800 and working on Regulatory Compliance requirements from Mas 278 00:14:43,800 --> 00:14:47,000 or so on. And even with Thin my role with 279 00:14:47,000 --> 00:14:50,100 the identity and access management role that I had, I 280 00:14:50,100 --> 00:14:53,000 was the so delicate tea. So is like technical information 281 00:14:53,000 --> 00:14:56,200 security officer. So for those applications, I was 282 00:14:56,200 --> 00:14:59,400 working on risk assessments and regulatory requirements and so 283 00:14:59,400 --> 00:15:03,800 on and gradually, as I moved to roles and jobs, I got 284 00:15:03,800 --> 00:15:07,300 opportunity to manage various cybersecurity projects and then 285 00:15:07,300 --> 00:15:10,600 of course, I accelerated my learning into this field and did 286 00:15:10,600 --> 00:15:14,400 some relevant certifications and the learning Remains the way of 287 00:15:14,400 --> 00:15:16,300 life specially in this. Industry. 288 00:15:16,500 --> 00:15:19,500 Yes, the last Point here, for those of listeners who are 289 00:15:19,500 --> 00:15:22,200 thinking of switching as well. Like, from engineering, you 290 00:15:22,200 --> 00:15:24,900 know, software development into other areas specifically 291 00:15:24,900 --> 00:15:27,000 security. Is there any tips for them that 292 00:15:27,000 --> 00:15:28,800 you can share? How did you do that? 293 00:15:29,200 --> 00:15:31,800 I would say that, yes. I understand that. 294 00:15:31,800 --> 00:15:34,800 Sometimes when we are within the engineering, we are too focused 295 00:15:34,800 --> 00:15:38,100 just into the design architecture or development of 296 00:15:38,100 --> 00:15:41,400 applications, right? And what I would suggest is to 297 00:15:41,400 --> 00:15:45,300 get to know the larger business purpose to focus on, what is the 298 00:15:45,300 --> 00:15:47,400 value. Value that your applications are 299 00:15:47,400 --> 00:15:50,800 providing to the business. So for me, it so happened that 300 00:15:50,800 --> 00:15:54,000 when I moved on to be a role, even when I was within the 301 00:15:54,000 --> 00:15:57,500 engineering role, I was quite focused on the security, but 302 00:15:57,500 --> 00:16:01,200 actually, if you want to make a transition, you can maybe try to 303 00:16:01,200 --> 00:16:04,400 get into a b-roll business, analyst role or a project 304 00:16:04,400 --> 00:16:07,800 manager role where in you to interact more with the business, 305 00:16:07,800 --> 00:16:11,400 more with the stakeholders and the internal Auditors and you 306 00:16:11,400 --> 00:16:14,800 are working on to get broader insights about the breadth and 307 00:16:14,800 --> 00:16:17,500 depth of a Domain. And if you happen to be 308 00:16:17,500 --> 00:16:20,800 fortunate to be in an information security domain, I 309 00:16:20,800 --> 00:16:23,400 would definitely say You must leverage on it. 310 00:16:23,500 --> 00:16:26,700 And if you are not into a cybersecurity domain, then 311 00:16:26,700 --> 00:16:28,400 definitely, there are other ways. 312 00:16:28,400 --> 00:16:32,000 If you have a learning appetite, no one can stop one to get to 313 00:16:32,000 --> 00:16:34,600 where they want to be. There's so much to do with 314 00:16:34,600 --> 00:16:36,400 insecurity. There is the myth that the 315 00:16:36,408 --> 00:16:39,500 security is all about hacking but it is not believe me. 316 00:16:39,500 --> 00:16:42,900 There is a entire area of security policies governance 317 00:16:42,900 --> 00:16:46,800 risk and compliance, which is Where we usually start with 318 00:16:46,800 --> 00:16:49,000 developing the Frameworks and so on. 319 00:16:49,000 --> 00:16:52,300 And then we have identity and access management, which is also 320 00:16:52,300 --> 00:16:54,700 crucial to Cloud security, for instance. 321 00:16:54,700 --> 00:16:57,500 And then we have application security people who are 322 00:16:57,500 --> 00:17:00,800 developers who are working within applications, should try 323 00:17:00,800 --> 00:17:03,200 to find out, are there any vulnerabilities within the 324 00:17:03,208 --> 00:17:05,200 applications? They are designing or 325 00:17:05,200 --> 00:17:07,800 developing. So there is threat modeling that 326 00:17:07,800 --> 00:17:10,200 they can start with. I, I did a course in threat 327 00:17:10,200 --> 00:17:12,400 modeling last year, which was really insightful. 328 00:17:12,400 --> 00:17:15,300 There is a huge amount of data security. 329 00:17:15,400 --> 00:17:18,599 Prevention of breaches as well. These days that is in huge 330 00:17:18,599 --> 00:17:20,800 demand. So if you are, for instance, 331 00:17:20,800 --> 00:17:24,700 into analytics, you can also work into security. 332 00:17:24,700 --> 00:17:27,700 There's a huge demand of data scientists because we have like 333 00:17:27,700 --> 00:17:31,600 huge events and data, you know, millions of events processed by 334 00:17:31,600 --> 00:17:34,600 organizations every day. So the data scientists 335 00:17:34,600 --> 00:17:37,100 automation, experts are in huge demand as well. 336 00:17:37,100 --> 00:17:40,700 And then, there is like other areas, like the security 337 00:17:40,700 --> 00:17:43,800 awareness trainings, which are so important and also a part of 338 00:17:43,800 --> 00:17:46,600 driving campaigns. Ernst fishing and so on. 339 00:17:46,600 --> 00:17:49,800 So that is again, one area that someone can explore. 340 00:17:49,800 --> 00:17:52,900 If you are good into coding and you're very good at 341 00:17:52,900 --> 00:17:56,500 problem-solving, you can go into malware protection or analysis 342 00:17:56,500 --> 00:17:59,700 of malware. And then there is a huge domain 343 00:17:59,700 --> 00:18:02,000 called cryptography, where we learn. 344 00:18:02,000 --> 00:18:05,000 How do we protect our data by encryption? 345 00:18:05,200 --> 00:18:08,300 And so on so forth. And in this digital forensics, 346 00:18:08,300 --> 00:18:11,800 their cyber security security operations, there's so much for 347 00:18:11,800 --> 00:18:15,400 everyone to do in there. There is threat hunting a lot of 348 00:18:15,500 --> 00:18:18,700 Central authentication and risk management. 349 00:18:18,700 --> 00:18:21,800 So you have to find what you're good at and then leverage on it, 350 00:18:21,800 --> 00:18:25,500 build up from there identify the gaps read or, you know, trained 351 00:18:25,500 --> 00:18:28,200 on those get into some online trainings. 352 00:18:28,300 --> 00:18:30,600 Participate in networking events. 353 00:18:30,600 --> 00:18:34,500 The events that we have for awareness, for cybersecurity. 354 00:18:34,600 --> 00:18:38,000 We also have a lot of technical workshops that are free that you 355 00:18:38,008 --> 00:18:40,100 can attend with, in Singapore community. 356 00:18:40,100 --> 00:18:43,700 So there's no end to learning. There's just an attitude that is 357 00:18:43,700 --> 00:18:46,100 required and the drive. Right, right. 358 00:18:46,100 --> 00:18:47,900 There are so many things. We need to learn. 359 00:18:47,900 --> 00:18:50,100 Are there any favorite resources? 360 00:18:50,100 --> 00:18:53,100 Or maybe top people that you follow from the industry? 361 00:18:53,100 --> 00:18:55,800 Where you get the knowledge about the latest cybersecurity 362 00:18:55,800 --> 00:18:59,800 trends or maybe even threats. Yes for me to start with my 363 00:18:59,800 --> 00:19:02,300 learning. I started to read the nist 364 00:19:02,300 --> 00:19:05,100 cybersecurity Frameworks and they have Frameworks for 365 00:19:05,100 --> 00:19:09,200 everything for risk management. And so on Nest is National 366 00:19:09,200 --> 00:19:12,000 Institute of Standards and Technology's, there are so many 367 00:19:12,000 --> 00:19:15,000 blogs out there that you can subscribe to like information 368 00:19:15,000 --> 00:19:17,500 secure. The magazine is, for very basic 369 00:19:17,500 --> 00:19:21,000 information updates that if you want to have daily into your 370 00:19:21,000 --> 00:19:25,300 mailbox, then you can follow a lot of security enthusiasts on 371 00:19:25,300 --> 00:19:29,100 the Twitter. If you are on social media, and 372 00:19:29,100 --> 00:19:32,300 there are C is controls, you know, she is, is Center for 373 00:19:32,300 --> 00:19:34,600 Internet Security that you can start with. 374 00:19:34,600 --> 00:19:38,200 C is 20 is what they call their controls, to be the basic ones. 375 00:19:38,300 --> 00:19:41,300 So it contains like basic foundational, and organizational 376 00:19:41,300 --> 00:19:44,000 categories. And they list all of these areas 377 00:19:44,000 --> 00:19:46,000 that I mentioned about in General. 378 00:19:46,000 --> 00:19:49,700 So there are a good courses on edx udemy. 379 00:19:49,700 --> 00:19:54,400 And there is cyber read it and from Sans Institute as well. 380 00:19:54,400 --> 00:19:57,500 You know, there are many resources like cyber Aces Dot, 381 00:19:57,500 --> 00:20:00,300 o--, r-- g--. And then for news in general, 382 00:20:00,300 --> 00:20:02,700 you can subscribe with thread post. 383 00:20:02,700 --> 00:20:05,700 Then there is a hacker news and then their newsletters from 384 00:20:05,700 --> 00:20:08,800 various sources, and there are many times free courses 385 00:20:08,800 --> 00:20:11,100 available that you can just leverage on. 386 00:20:11,200 --> 00:20:14,400 You can even start to reading with some white papers, or some 387 00:20:14,400 --> 00:20:16,800 risk management. Headlines, like, we have. 388 00:20:16,800 --> 00:20:20,400 For mes Amis is monetary authority of Singapore. 389 00:20:20,500 --> 00:20:24,500 So, we have masked ERM like technology risk management 390 00:20:24,500 --> 00:20:27,200 guidelines, which is also something that's a really good 391 00:20:27,200 --> 00:20:29,000 starting point for any individual. 392 00:20:29,000 --> 00:20:32,200 Who wants to explore more into risk management and cyber 393 00:20:32,200 --> 00:20:34,700 security. Once the person has sufficient 394 00:20:34,700 --> 00:20:37,600 work experience that's required for some certifications. 395 00:20:37,700 --> 00:20:41,100 You can build up, you know, from there to get, for instance, what 396 00:20:41,100 --> 00:20:45,300 I benefit from was the learning path to cissp certification. 397 00:20:45,400 --> 00:20:49,200 And I learned a lot about the very domains within the security 398 00:20:49,400 --> 00:20:52,600 and the exam also inculcate. So kind of discipline more than 399 00:20:52,600 --> 00:20:55,500 anything else. So I think one has to just 400 00:20:55,500 --> 00:20:58,900 figure out which area is of interest and then they can build 401 00:20:58,900 --> 00:21:01,700 up on that with all the valuable learning resources. 402 00:21:02,000 --> 00:21:04,900 Wow, there's so many places that we can all start to learn about 403 00:21:04,900 --> 00:21:07,500 this cybersecurity in the beginning. 404 00:21:07,500 --> 00:21:10,500 You shared a lot about your community contribution 405 00:21:10,500 --> 00:21:13,000 volunteering, right? And also working in the 406 00:21:13,000 --> 00:21:16,000 industry. So what makes you so Interested 407 00:21:16,000 --> 00:21:19,600 in doing a lot of volunteering and Community contributions. 408 00:21:20,000 --> 00:21:21,800 Yeah. I think that's something that 409 00:21:21,800 --> 00:21:24,900 comes from within. I kind of like to get involved 410 00:21:24,900 --> 00:21:27,600 with the community and to give back is something that's 411 00:21:27,600 --> 00:21:30,000 inherent in me. I mean if it was not for 412 00:21:30,000 --> 00:21:33,300 cybersecurity or technology, I used to do other volunteering 413 00:21:33,300 --> 00:21:35,700 work with other associations in Singapore. 414 00:21:35,800 --> 00:21:39,400 I really like to add value and encourage people. 415 00:21:39,500 --> 00:21:42,700 And specially, you know, the younger generation to leverage 416 00:21:42,700 --> 00:21:45,200 on their skills and to build up from there. 417 00:21:45,400 --> 00:21:50,000 And I also try to Mentor a few women in specific because as we 418 00:21:50,000 --> 00:21:53,300 know that women are usually lack that kind of confidence, even if 419 00:21:53,300 --> 00:21:56,600 they possess the skills. So I think getting there and 420 00:21:56,600 --> 00:22:00,300 helping out people is something that's kind of really good way 421 00:22:00,300 --> 00:22:04,100 even to learn ourselves because even with the kind of campaign 422 00:22:04,100 --> 00:22:07,300 that I mentioned about, it gave me so much happiness and it was 423 00:22:07,300 --> 00:22:11,000 such a great opportunity for me to connect with individuals on 424 00:22:11,000 --> 00:22:13,100 the ground level. As in PV, just through our day 425 00:22:13,100 --> 00:22:16,000 job. And if that is all we Doing. 426 00:22:16,100 --> 00:22:18,500 I think it's a real big gap in there. 427 00:22:18,800 --> 00:22:22,000 There has to be something out of your day job that you must be. 428 00:22:22,000 --> 00:22:25,000 Actively involved in that keeps you active that keeps you 429 00:22:25,000 --> 00:22:28,600 Humane, that keeps you very grounded and I think some of 430 00:22:28,600 --> 00:22:32,400 these also come from my core values and being spiritually 431 00:22:32,400 --> 00:22:35,900 inclined person that I am. So yeah, I think it really gives 432 00:22:35,900 --> 00:22:40,100 me a great deal of happiness. I have also always volunteered 433 00:22:40,100 --> 00:22:43,600 with an organization CSR programs at present. 434 00:22:43,600 --> 00:22:47,700 Also, I volunteer as a mentor Or for halogen Foundation that our 435 00:22:47,700 --> 00:22:50,900 form supports, it is basically to support building young 436 00:22:50,900 --> 00:22:54,700 leaders and entrepreneurs. It is very important to help and 437 00:22:54,700 --> 00:22:56,800 collaborate with the community and Henry. 438 00:22:56,800 --> 00:22:59,300 You also do so much collaboration yourself. 439 00:22:59,300 --> 00:23:01,700 I mean, I'm truly amazed by your initiatives. 440 00:23:01,700 --> 00:23:05,200 So we definitely get further inspiration when we look at our 441 00:23:05,200 --> 00:23:08,500 peers and it's really great that more people follow the path, 442 00:23:09,000 --> 00:23:10,900 right? Thanks for sharing all that. 443 00:23:10,900 --> 00:23:13,000 So I want to pick out one thing that you mentioned. 444 00:23:13,000 --> 00:23:15,200 Just now about women lacking confidence. 445 00:23:15,400 --> 00:23:18,700 The industry, what do you think are some of the probably root 446 00:23:18,700 --> 00:23:21,100 causes of this lack of confidence? 447 00:23:21,500 --> 00:23:24,000 I think there can be multiple reasons for it. 448 00:23:24,000 --> 00:23:28,500 Maybe they do not have the time to devote or they somehow do. 449 00:23:28,500 --> 00:23:31,000 Not believe that they can make a difference. 450 00:23:31,100 --> 00:23:33,300 Maybe they have all the skill sets. 451 00:23:33,300 --> 00:23:36,500 But they think that technology or cyber security is not for 452 00:23:36,500 --> 00:23:38,900 them. So them can be multiple reasons 453 00:23:39,000 --> 00:23:42,500 as of now, you know, if I were to give you statistics, just for 454 00:23:42,500 --> 00:23:45,200 cybersecurity in 2013. There were only 11. 455 00:23:45,300 --> 00:23:48,400 Even percent in cyber security, Workforce globally, that 456 00:23:48,400 --> 00:23:50,300 accounted for women, counterparts. 457 00:23:50,300 --> 00:23:54,900 And this number though, is reported like 20% in 2019 and 24 458 00:23:54,900 --> 00:23:58,200 percent in 2020. So I think we're still very far 459 00:23:58,200 --> 00:24:01,200 from the perfect situation, but we are definitely on the right 460 00:24:01,200 --> 00:24:05,400 track in trying to improve the awareness and taking all these 461 00:24:05,400 --> 00:24:08,800 initiatives. So I guess they should not just 462 00:24:08,800 --> 00:24:11,900 believe stereotypes. When people say that technology 463 00:24:11,900 --> 00:24:15,100 is all about coding or cyber security is all about hacking 464 00:24:15,100 --> 00:24:16,800 and Shouldn't lose their confidence. 465 00:24:16,800 --> 00:24:19,400 Their they should research. They should take things on their 466 00:24:19,400 --> 00:24:21,500 hands and to find out and explore. 467 00:24:21,500 --> 00:24:25,300 What it is really all about. What are the domains areas and 468 00:24:25,300 --> 00:24:28,800 things that really need contribution to and would also 469 00:24:28,800 --> 00:24:31,000 give them a great career opportunity. 470 00:24:31,100 --> 00:24:33,900 Also, on the confidence part. I think they have to be more 471 00:24:33,900 --> 00:24:36,600 participative and more involved with the community. 472 00:24:36,700 --> 00:24:38,600 When I attend events to be honest. 473 00:24:38,600 --> 00:24:42,300 I usually find only two, three, or maybe maximum 10, women, 474 00:24:42,300 --> 00:24:45,300 participants around. Its it really something that I I 475 00:24:45,308 --> 00:24:50,100 would want to change and even for women who attend these 476 00:24:50,100 --> 00:24:52,800 events, they are shy to speak out. 477 00:24:52,800 --> 00:24:55,800 So I think that the lack of confidence might be coming from 478 00:24:55,800 --> 00:24:59,200 thinking that, oh, we are in such a huge group out there. 479 00:24:59,200 --> 00:25:02,200 And what if we fail, what if we are? 480 00:25:02,200 --> 00:25:06,000 Not accepted, you know, and also maybe we all try to be perfect 481 00:25:06,000 --> 00:25:09,200 in some way or the other. But I guess no one out there is 482 00:25:09,200 --> 00:25:12,900 perfect and we are learning. So if you do not know it all to 483 00:25:12,900 --> 00:25:16,800 begin with just leverage on what you are, really That and find 484 00:25:16,800 --> 00:25:19,600 your strengths and speak out for yourself. 485 00:25:19,600 --> 00:25:21,800 Either. It is to pave a path on your 486 00:25:21,800 --> 00:25:25,600 career Journey or to speak in an event that you are passionate 487 00:25:25,600 --> 00:25:27,800 about. There would always be a time 488 00:25:27,800 --> 00:25:29,800 where you feel. I'm not well prepared, you know, 489 00:25:29,800 --> 00:25:31,900 like what happens when we have an exam. 490 00:25:32,300 --> 00:25:35,500 We never feel fully ready. But when we go to the exam and 491 00:25:35,500 --> 00:25:38,800 we have done enough preparation for it, I think we will do well 492 00:25:38,900 --> 00:25:41,300 and we would pass it. So I think we all face 493 00:25:41,300 --> 00:25:45,200 challenges but the key is to keep believing in yourself and 494 00:25:45,300 --> 00:25:48,900 Do not look at if at all there's any criticism that comes across 495 00:25:48,900 --> 00:25:52,600 as just move Beyond it, move Beyond self-doubt perfectionism. 496 00:25:52,600 --> 00:25:56,300 Also, you know, because we all make mistakes, the point is just 497 00:25:56,300 --> 00:25:59,500 to keep improving for instance, you know, just for me as an 498 00:25:59,500 --> 00:26:01,700 example. I would say I never spoken in 499 00:26:01,700 --> 00:26:04,700 any event, but I have taken a challenge and I would be 500 00:26:04,700 --> 00:26:07,600 speaking on a cybersecurity topic next month. 501 00:26:07,700 --> 00:26:10,700 So there's a first time for a lot of things out in our career 502 00:26:10,700 --> 00:26:14,600 but one thing leads to the next. So take charge, do not hold back 503 00:26:14,700 --> 00:26:17,200 is what? My advice would be for all of it 504 00:26:17,200 --> 00:26:19,800 out there. Thank you for your message. 505 00:26:19,800 --> 00:26:23,000 There's so many good tips. You mentioned speaking out. 506 00:26:23,000 --> 00:26:26,000 Don't be too perfectionist. Don't criticize yourself. 507 00:26:26,000 --> 00:26:28,000 I think that's all. I'm very good suggestions. 508 00:26:28,200 --> 00:26:32,400 So, is there any Community for cybersecurity or women in 509 00:26:32,400 --> 00:26:35,500 cybersecurity in Singapore, or maybe around the world that 510 00:26:35,500 --> 00:26:38,200 people can probably participate. Oh, yes. 511 00:26:38,200 --> 00:26:41,700 There are so many communities. And with the current covid 512 00:26:41,700 --> 00:26:43,300 times, while everything is virtual. 513 00:26:43,300 --> 00:26:46,500 We are not confined. And to even the boundaries of 514 00:26:46,500 --> 00:26:49,500 cities or countries, you know, we can participate in global 515 00:26:49,500 --> 00:26:51,700 events. I do all the time and it's 516 00:26:51,700 --> 00:26:55,200 really admirable that people are coming forward to volunteer to 517 00:26:55,200 --> 00:26:58,500 conduct workshops and events. And most of these are free of 518 00:26:58,500 --> 00:27:00,100 cost. So, there is something for 519 00:27:00,100 --> 00:27:03,500 people at all levels. In cybersecurity to start with, 520 00:27:03,500 --> 00:27:06,500 people can join a great meetup group, that's pioneered by an 521 00:27:06,500 --> 00:27:08,400 amazing lady. In the u.s., It's called 522 00:27:08,400 --> 00:27:11,700 cybersecurity Career talks, they conduct live streams. 523 00:27:11,700 --> 00:27:14,700 So there are multiple videos available on YouTube by this 524 00:27:14,700 --> 00:27:17,200 channel. Then there are conferences, like 525 00:27:17,200 --> 00:27:20,700 RSA apj. That is Asia Pacific Japan, 526 00:27:21,000 --> 00:27:25,300 which was in July this year, and it was free to attend for anyone 527 00:27:25,300 --> 00:27:28,100 who registers and then there is blackhead and various 528 00:27:28,100 --> 00:27:32,100 conferences coming up as well. There are many security Summits 529 00:27:32,100 --> 00:27:35,700 that happen and you can register free of cost and you have access 530 00:27:35,700 --> 00:27:38,000 to a lot of events and keynote sessions. 531 00:27:38,200 --> 00:27:41,700 There are focused talks as well, organized by various communities 532 00:27:41,700 --> 00:27:45,100 and organizations, for instance, for cloud security. 533 00:27:45,300 --> 00:27:48,800 Ciot, security. And with in Singapore itself. 534 00:27:48,800 --> 00:27:51,600 We have Association of Security Professionals. 535 00:27:51,600 --> 00:27:56,400 A is B division, 0, cyber risk, meetups and those are specific 536 00:27:56,400 --> 00:27:59,400 to cybersecurity. And there are specific groups 537 00:27:59,400 --> 00:28:02,800 that focus on bringing forward women in security. 538 00:28:02,800 --> 00:28:06,600 So, there is women of security in Singapore and there are 539 00:28:06,700 --> 00:28:11,800 subchapters from division 0 is Sokka like she leads deck and 540 00:28:11,900 --> 00:28:15,000 there's no end to I think to meet up groups and it's similar 541 00:28:15,000 --> 00:28:18,500 to As we have it for various Technologies, like you conduct 542 00:28:18,500 --> 00:28:22,100 events for Google developer space And Then There are agile. 543 00:28:22,100 --> 00:28:26,900 Devops AI blockchain forums for people who hold a certification 544 00:28:26,900 --> 00:28:28,600 like cissp. For instance. 545 00:28:28,600 --> 00:28:31,700 They can be a part of is e Square chapter where we have 546 00:28:31,700 --> 00:28:33,600 been conducting. So many knowledge sharing 547 00:28:33,600 --> 00:28:37,500 webinars all through and there are women focus groups as well, 548 00:28:37,500 --> 00:28:39,900 which are four generic technology. 549 00:28:40,000 --> 00:28:44,300 Something like linen girls in Tech and just that one has to 550 00:28:44,300 --> 00:28:47,500 figure out his or her area of interest and then actively 551 00:28:47,500 --> 00:28:50,900 register or get involved and get into that roller coaster 552 00:28:50,900 --> 00:28:53,300 learning path. In fact, women of security, 553 00:28:53,300 --> 00:28:57,500 Singapore is launching cyber women, X Series event just 554 00:28:57,500 --> 00:29:00,500 upcoming in September, and that's also supported by cyber 555 00:29:00,500 --> 00:29:04,800 security, agency of Singapore, a ISP and other associations. 556 00:29:04,800 --> 00:29:07,500 So there are multiple workshops CTF. 557 00:29:07,500 --> 00:29:09,500 A number of great talks lined up. 558 00:29:09,500 --> 00:29:12,000 So there's always something or the other happening. 559 00:29:12,000 --> 00:29:14,600 In fact, LinkedIn is another great source, you know, build a 560 00:29:14,608 --> 00:29:16,900 network. And for people who work in the 561 00:29:16,900 --> 00:29:20,600 area that you are interested in and just follow their posts. 562 00:29:20,600 --> 00:29:23,800 There are so many announcements for events that you can register 563 00:29:23,800 --> 00:29:26,200 for free and you know, take it from there. 564 00:29:26,300 --> 00:29:29,300 I have also personal question. I mean like obviously 565 00:29:29,300 --> 00:29:32,300 implementing the best security is a trade-off, right? 566 00:29:32,300 --> 00:29:34,400 Sometimes it's about convenience as well. 567 00:29:34,500 --> 00:29:37,100 I mean, sometimes even personally myself about changing 568 00:29:37,100 --> 00:29:40,700 password or making the password secure or even like, making sure 569 00:29:40,700 --> 00:29:43,900 that everything that I use is fully secure your data, your 570 00:29:43,900 --> 00:29:46,700 application, your version. Updates patches and things like 571 00:29:46,700 --> 00:29:48,300 that. There's so many things right and 572 00:29:48,300 --> 00:29:51,200 sometimes you probably kind of lose your convenience. 573 00:29:51,400 --> 00:29:55,000 So my question here is, what is the balance between convenience 574 00:29:55,000 --> 00:29:57,300 versus security? Is there any somewhere in the 575 00:29:57,300 --> 00:30:00,600 middle or one should probably open more about security rather 576 00:30:00,600 --> 00:30:02,400 than anything else? What's your take on that? 577 00:30:02,900 --> 00:30:06,300 Yeah, there has to be balance. You're right, but I think with 578 00:30:06,300 --> 00:30:09,500 the kind of security breaches and attacks that we are 579 00:30:09,500 --> 00:30:13,700 witnessing in this era, it becomes of Prior importance that 580 00:30:13,700 --> 00:30:16,600 we prioritize. The top though, it is. 581 00:30:16,600 --> 00:30:20,400 I understand not very convenient when organizations have to 582 00:30:20,400 --> 00:30:22,600 patch. For instance, thousands of their 583 00:30:22,600 --> 00:30:26,300 infrastructure assets overnight or within a tree or five days, 584 00:30:26,300 --> 00:30:29,700 but we have all seen examples. It started I think big on 585 00:30:29,700 --> 00:30:32,900 awareness with the Wanna Cry, ransomware attack somewhere in 586 00:30:32,900 --> 00:30:35,800 2017, right? Which had more than 300 thousand 587 00:30:35,800 --> 00:30:39,500 computers, infected and the vulnerability that was exploited 588 00:30:39,500 --> 00:30:43,600 was Windows Server, message block protocol and while 589 00:30:43,600 --> 00:30:45,900 Microsoft had already released East patches. 590 00:30:45,900 --> 00:30:48,700 There were not yet. Applied, the point I'm trying to 591 00:30:48,700 --> 00:30:52,500 make is that consequences of not following security? 592 00:30:52,500 --> 00:30:56,100 Best practices or security hygiene are way higher than some 593 00:30:56,100 --> 00:30:58,400 inconvenience that we have to go through. 594 00:30:58,500 --> 00:31:01,800 The, even installing an antivirus solution is something 595 00:31:01,800 --> 00:31:05,100 that people question, right? That the machine would get 596 00:31:05,100 --> 00:31:07,500 slower or maybe some or the other thing. 597 00:31:07,500 --> 00:31:11,000 How do we keep paying $30? Maybe you're near for it? 598 00:31:11,000 --> 00:31:16,000 But just imagine how valuable, or how much value your Entails. 599 00:31:16,000 --> 00:31:19,400 And then compare it to the kind of small price that you're 600 00:31:19,400 --> 00:31:21,900 paying for it. So, I think, once that kind of 601 00:31:21,900 --> 00:31:26,200 mindset shift happens, it doesn't really seem like a point 602 00:31:26,200 --> 00:31:28,800 of inconvenience anymore. Right? 603 00:31:28,800 --> 00:31:30,700 So, moving to the next big topic. 604 00:31:30,700 --> 00:31:33,900 Obviously, these days, we are exposed to social media and your 605 00:31:33,900 --> 00:31:37,300 data and privacy, right? What's your take on using social 606 00:31:37,300 --> 00:31:40,700 media and about the security risks of using that? 607 00:31:41,000 --> 00:31:44,700 Oh, yes. Everyone is so intrigued by the 608 00:31:45,200 --> 00:31:47,800 The media these days and the information we are sharing out, 609 00:31:47,800 --> 00:31:50,600 there is a lot more than we should ideally be doing. 610 00:31:50,600 --> 00:31:54,400 So right, people do share their, they are what they're doing and 611 00:31:54,400 --> 00:31:56,700 everything else there has to be again. 612 00:31:57,000 --> 00:32:01,300 Kind of awareness that we do not go make it public. 613 00:32:01,300 --> 00:32:04,400 I think it's good to share and some things with our friends and 614 00:32:04,400 --> 00:32:07,000 family. So that's the reason the privacy 615 00:32:07,000 --> 00:32:09,200 settings exist in the first place. 616 00:32:09,300 --> 00:32:13,300 So making use of those and really, really being aware of 617 00:32:13,300 --> 00:32:16,700 what our social media. Actions can lead to. 618 00:32:16,900 --> 00:32:20,200 I think it's a very important topic to pay attention to. 619 00:32:20,600 --> 00:32:24,000 I think I remember one of the incidents where person posted 620 00:32:24,000 --> 00:32:27,300 something publicly on Facebook about his children studying 621 00:32:27,300 --> 00:32:30,700 wherever and you know, there was some kidnapping incident that 622 00:32:30,700 --> 00:32:33,000 took place due to the coordinates of the child that 623 00:32:33,000 --> 00:32:37,000 were released via the social media unintentionally just, you 624 00:32:37,008 --> 00:32:40,400 know, for the sake of fun or for the sake of just sharing the 625 00:32:40,400 --> 00:32:44,800 information around so things can lead to really disastrous ending 626 00:32:44,800 --> 00:32:46,700 side. Guess if at all, you are not 627 00:32:46,700 --> 00:32:49,200 aware of what social media handles. 628 00:32:49,200 --> 00:32:51,800 We are using. And how do we use our privacy 629 00:32:51,800 --> 00:32:56,300 settings in the better way, then what I believe in while we do 630 00:32:56,300 --> 00:32:59,300 have different passwords. Hopefully everyone follows this 631 00:32:59,300 --> 00:33:02,600 basic practice. So we also should have separate 632 00:33:02,600 --> 00:33:06,100 email IDs for sharing and putting out there because we 633 00:33:06,100 --> 00:33:09,000 register too many webinars. We are required to provide an 634 00:33:09,000 --> 00:33:12,800 email, ID, on many occasions. Like we booked flights hotels. 635 00:33:12,800 --> 00:33:16,100 So to keep those IDs separate from the one We use for our 636 00:33:16,100 --> 00:33:18,100 banking or important transactions. 637 00:33:18,400 --> 00:33:21,700 That is important as well because we all are aware of so 638 00:33:21,700 --> 00:33:25,400 many data breaches that happen and we do not know who's using 639 00:33:25,400 --> 00:33:30,000 those email IDs and how and we all have examples of Marriott 640 00:33:30,000 --> 00:33:33,800 data breach, which had impacted millions of users and Yahoo data 641 00:33:33,800 --> 00:33:36,300 breach, that had affected like 3 billion users. 642 00:33:36,400 --> 00:33:39,800 So it's always a good practice as well to follow, I would say, 643 00:33:40,100 --> 00:33:43,400 and how about fake news, which is another big Topic in the 644 00:33:43,408 --> 00:33:46,200 recent years because how Much influence. 645 00:33:46,200 --> 00:33:49,600 It could make a seeing in so many different places in the 646 00:33:49,600 --> 00:33:51,700 world, right? Where people generate fake news 647 00:33:51,700 --> 00:33:55,300 for us as a normal people. How should we go about fake 648 00:33:55,300 --> 00:33:57,300 news? How do we identify them? 649 00:33:57,300 --> 00:34:01,300 And how do we avoid them? Yeah, fake news is a big deal 650 00:34:01,300 --> 00:34:04,900 these days and we must be practicing some awareness and 651 00:34:04,900 --> 00:34:08,400 common sense to detect the sources that this news is coming 652 00:34:08,400 --> 00:34:11,699 to us from, for instance, it just to believe any WhatsApp 653 00:34:11,699 --> 00:34:14,699 forward. Or any post on Facebook is not 654 00:34:14,699 --> 00:34:16,900 an idea. Way to deal or, you know, go 655 00:34:16,900 --> 00:34:19,300 ahead in this world even for covid-19. 656 00:34:19,300 --> 00:34:23,600 I think there were so many fake news coming across, right, from 657 00:34:23,600 --> 00:34:26,100 how different countries are dealing with and what are the 658 00:34:26,100 --> 00:34:29,400 best Solutions are even up till this medicines that people 659 00:34:29,400 --> 00:34:31,100 should consume or things like that. 660 00:34:31,100 --> 00:34:34,800 So, false information is dangerous because of its ability 661 00:34:34,800 --> 00:34:38,100 to affect public opinion and that can lead to dire 662 00:34:38,100 --> 00:34:40,199 consequences. Sometimes, you know, fake 663 00:34:40,199 --> 00:34:44,400 stories are Amplified and news are disseminated quickly through 664 00:34:44,400 --> 00:34:46,000 false. Counts as well. 665 00:34:46,000 --> 00:34:49,400 These are like sometimes automated Bots and more spots 666 00:34:49,400 --> 00:34:53,000 are benign in nature and some major sites like Facebook. 667 00:34:53,000 --> 00:34:55,400 They ban Bots and seek to remove them. 668 00:34:55,400 --> 00:34:58,500 But there are social boards that are malicious entities, you 669 00:34:58,500 --> 00:35:02,200 know, design specifically with a purpose to harm and these Bots. 670 00:35:02,200 --> 00:35:06,300 Mislead exploit and manipulate social, media discourse with 671 00:35:06,300 --> 00:35:10,700 rumors malware, misinformation, or just even noise. 672 00:35:10,800 --> 00:35:13,900 And in some countries, if started regulating false news 673 00:35:13,900 --> 00:35:17,300 app for Facebook since Dean, it has been actively shutting down 674 00:35:17,300 --> 00:35:21,000 accounts that are responsible for spreading hoaxes, in some 675 00:35:21,000 --> 00:35:23,800 countries, especially those holding general elections. 676 00:35:23,900 --> 00:35:26,900 So Facebook's measures include removing fake accounts and 677 00:35:26,900 --> 00:35:30,600 reducing the reach of articles that have been debunked by 678 00:35:30,600 --> 00:35:32,900 independent third party fact, Checkers. 679 00:35:33,200 --> 00:35:36,200 And there are initiatives with a lot of organizations. 680 00:35:36,200 --> 00:35:39,700 Otherwise as well. WhatsApp has recently in August 681 00:35:39,700 --> 00:35:44,000 2020, has rolled out a new fact. Check feature to step up the 682 00:35:44,000 --> 00:35:46,700 fight against this. Us information and fake news. 683 00:35:46,700 --> 00:35:50,200 So this feature allows users to check the contents of viral 684 00:35:50,200 --> 00:35:52,700 messages as they call these messages to be. 685 00:35:52,700 --> 00:35:55,900 So, how can we figure this out? While we see a forward sign, 686 00:35:55,900 --> 00:35:59,200 like mostly on all the four words that we send and receive? 687 00:35:59,400 --> 00:36:03,400 Now, the fact check feature appears as a magnifying glass 688 00:36:03,400 --> 00:36:05,000 icon. Just next to the message 689 00:36:05,000 --> 00:36:07,500 forwarded. The criteria is that message has 690 00:36:07,500 --> 00:36:10,100 already been forwarded to five or more people. 691 00:36:10,300 --> 00:36:12,800 So if you click on this magnifying glass, it would 692 00:36:12,800 --> 00:36:15,000 prompt like would you like to search for this on? 693 00:36:15,200 --> 00:36:18,300 A verb and then this would upload the message to Google for 694 00:36:18,300 --> 00:36:20,700 instances. If it's a covid-19 related news, 695 00:36:20,700 --> 00:36:26,000 it would reflect the mythbuster section from who and so on also 696 00:36:26,000 --> 00:36:29,500 in Singapore the government agencies debunked about like 40 697 00:36:29,500 --> 00:36:33,700 instances of speculation. Rumors spam and outright 698 00:36:33,700 --> 00:36:38,400 falsehoods about covid-19 in specific overall social media 699 00:36:38,400 --> 00:36:42,400 Platforms in just about first five months of 2020, so you can 700 00:36:42,400 --> 00:36:44,400 also go directly to factcheck.org. 701 00:36:45,100 --> 00:36:48,300 To verify information, of course, always check the sauce 702 00:36:48,300 --> 00:36:51,200 and examine, the evidence has before you believe anything. 703 00:36:51,300 --> 00:36:54,600 Thank you for sharing that because I myself sometimes also, 704 00:36:54,600 --> 00:36:58,300 you know, trying to verify. Oh, is this news true or not? 705 00:36:58,300 --> 00:37:01,600 Especially if it's shared on the messaging applications, like, 706 00:37:01,600 --> 00:37:04,200 WhatsApp telegram, just like what you mentioned, right? 707 00:37:04,300 --> 00:37:07,200 Sometimes this also takes effort, like, to Kino. 708 00:37:07,200 --> 00:37:11,500 This is news that I'm reading, find it on the right sources and 709 00:37:11,500 --> 00:37:14,300 I mean, it takes time sometimes. And people sometimes tend to 710 00:37:14,300 --> 00:37:16,500 like forward, the I said straight away without actually 711 00:37:16,500 --> 00:37:19,400 thinking and that probably could create even more fake news in 712 00:37:19,400 --> 00:37:20,600 the next phase. Right? 713 00:37:20,700 --> 00:37:23,800 Absolutely. So I mean, we can talk all day 714 00:37:23,800 --> 00:37:26,500 long about security. But I guess before we wrap up 715 00:37:26,500 --> 00:37:29,500 here, I would like to ask a question which I normally ask 716 00:37:29,500 --> 00:37:31,600 for every guest that I have in this podcast. 717 00:37:31,600 --> 00:37:34,900 So can you share with us? What are your three technical 718 00:37:34,900 --> 00:37:37,100 leadership wisdom for the audience to learn? 719 00:37:37,100 --> 00:37:42,000 From sure. Let me think, I think a 720 00:37:42,000 --> 00:37:44,300 technical leader Foster's technical. 721 00:37:45,100 --> 00:37:48,200 Ocean and understands the technology lifecycle. 722 00:37:48,200 --> 00:37:50,900 Well, so just start with the first wisdom. 723 00:37:50,900 --> 00:37:55,000 I would like to share would be whenever we have any Innovation 724 00:37:55,000 --> 00:37:57,700 that one tends to share with the community. 725 00:37:57,700 --> 00:38:01,100 It should make some business sense, implementing a technology 726 00:38:01,100 --> 00:38:04,400 just because it gets someone excited wouldn't work. 727 00:38:04,600 --> 00:38:08,100 I think leader initiates and steers the commercialization of 728 00:38:08,100 --> 00:38:09,900 the technological advances. Right? 729 00:38:09,900 --> 00:38:13,300 So if one is Building Services and technologies that are 730 00:38:13,400 --> 00:38:17,800 incredibly useful that It impact that is a clear sign of being in 731 00:38:17,800 --> 00:38:20,300 the right direction. So I think every technical 732 00:38:20,300 --> 00:38:23,100 implementation has to make business sense. 733 00:38:23,200 --> 00:38:26,400 Even in cybersecurity, for instance, is to keep businesses 734 00:38:26,400 --> 00:38:29,400 secure and uninterrupted. So there is a purpose to it and 735 00:38:29,400 --> 00:38:32,400 there's a business sense to it. The second great. 736 00:38:32,400 --> 00:38:35,500 An important skill I would say, is having the right 737 00:38:35,500 --> 00:38:38,500 communication skills, because the tech leader is someone who 738 00:38:38,500 --> 00:38:40,900 links the business and technology strategies. 739 00:38:41,100 --> 00:38:44,900 And the tech leader is a bridge between the business teams and 740 00:38:45,000 --> 00:38:47,000 equal teams working on the ground. 741 00:38:47,000 --> 00:38:50,900 So how do you translate that strategy from your business into 742 00:38:50,900 --> 00:38:54,200 how it should really work? Or look, in terms of technology, 743 00:38:54,200 --> 00:38:58,000 is something that has to be very, very clearly specified and 744 00:38:58,000 --> 00:39:00,500 well, communicated. So that is an important crucial 745 00:39:00,500 --> 00:39:04,400 part of being a tech leader. And I think Beyond this, there 746 00:39:04,400 --> 00:39:06,800 are subtle apps aspects of communication that are Way 747 00:39:06,800 --> 00:39:10,500 Beyond just the basics, the way our leader communicates with the 748 00:39:10,500 --> 00:39:13,600 team and especially in challenging times. 749 00:39:13,600 --> 00:39:17,100 How stable Calm. The leader can be, you know, 750 00:39:17,100 --> 00:39:20,000 that actually goes in for a communication with their own 751 00:39:20,000 --> 00:39:22,800 self. So how much positivity one has 752 00:39:22,800 --> 00:39:26,800 and how one takes feedback and how much greater persistence one 753 00:39:26,800 --> 00:39:29,700 has to continue to have that positive communication with 754 00:39:29,700 --> 00:39:31,800 oneself. And with others in times of 755 00:39:31,800 --> 00:39:35,500 challenges being timely and effective in communication with 756 00:39:35,500 --> 00:39:39,200 the teams with being transparent and confident about your 757 00:39:39,200 --> 00:39:41,900 decisions. So that their shareholders or 758 00:39:41,900 --> 00:39:44,600 the stakeholders, do have that confidence as well. 759 00:39:45,000 --> 00:39:47,500 A high level. And also I think giving due 760 00:39:47,500 --> 00:39:49,800 credit recognition and respect to the team. 761 00:39:49,800 --> 00:39:53,500 All is a part of communication. And then, thirdly, I guess a 762 00:39:53,508 --> 00:39:56,200 leader has to keep questioning the architecture. 763 00:39:56,200 --> 00:39:57,800 Goals. There are Paramount. 764 00:39:57,800 --> 00:40:01,700 It's like laying down foundation for building, scalable apps in 765 00:40:01,700 --> 00:40:04,400 future. So this doesn't mean that they 766 00:40:04,500 --> 00:40:07,300 don't trust the technical team or so, it reflects that 767 00:40:07,300 --> 00:40:10,700 involvement and their experience and expertise that they bring to 768 00:40:10,700 --> 00:40:14,700 the picture especially when they have that strategic vision, and 769 00:40:14,800 --> 00:40:18,200 they Just have to get inquisitive about how the 770 00:40:18,200 --> 00:40:21,900 architecture is being laid down because they are the ones who 771 00:40:21,900 --> 00:40:23,800 understand the technology called revolutions. 772 00:40:23,800 --> 00:40:27,700 They are supposed to be the ones who know the scale and the 773 00:40:27,700 --> 00:40:31,200 performance and so on. So for the criterias, that 774 00:40:31,200 --> 00:40:35,100 surround the technology further down the line, so I think these 775 00:40:35,100 --> 00:40:38,200 three are the core according to me, right? 776 00:40:38,300 --> 00:40:41,500 Great wisdoms in it, for all the technical leaders out there. 777 00:40:41,600 --> 00:40:44,700 Thank you for your time and ha, it's been a great pleasure 778 00:40:44,700 --> 00:40:46,700 talking. Thing about security, I myself 779 00:40:46,700 --> 00:40:50,200 am not like a super security aware kind of person. 780 00:40:50,300 --> 00:40:51,600 Definitely. There are many things that I 781 00:40:51,600 --> 00:40:55,700 learned today from you and also a big message to all the people 782 00:40:55,700 --> 00:40:56,400 out there. Right? 783 00:40:56,400 --> 00:40:59,100 There are so many security things that you need to be aware 784 00:40:59,100 --> 00:41:00,800 of. There's so many communities that 785 00:41:00,800 --> 00:41:03,600 you can get started with so many trainings as well. 786 00:41:03,600 --> 00:41:06,200 If you want to know more about security or self and 787 00:41:06,200 --> 00:41:09,100 specifically for women, I think just like what Neha mentioned. 788 00:41:09,100 --> 00:41:12,100 There are so many Avenues where you can participate in the 789 00:41:12,100 --> 00:41:15,400 industry and in this cyber security as well, so Lastly 790 00:41:15,400 --> 00:41:17,600 Neha, is there? A place where people can find 791 00:41:17,600 --> 00:41:19,100 you online? Oh, yes. 792 00:41:19,100 --> 00:41:22,300 I'm very much on LinkedIn. So, please feel free to connect 793 00:41:22,300 --> 00:41:24,800 with me. I'm happy to Mentor as well, 794 00:41:24,800 --> 00:41:27,400 share anything that you need from my end in terms of 795 00:41:27,400 --> 00:41:29,900 information. Yeah, I'd be pleased to 796 00:41:30,000 --> 00:41:32,300 connecting. All right, that's very kind of 797 00:41:32,300 --> 00:41:33,700 you. Thanks for your time, Neha. 798 00:41:34,100 --> 00:41:36,700 Thank you so much for having me Henry, and it was a great 799 00:41:36,700 --> 00:41:38,800 pleasure speaking with you. Thank you. 800 00:41:39,900 --> 00:41:42,900 Thank you for listening to my conversation with Neha. 801 00:41:43,100 --> 00:41:46,200 I hope you all learned a lot about cyber security and why it 802 00:41:46,200 --> 00:41:48,200 is very important to be aware of it. 803 00:41:48,300 --> 00:41:51,300 Especially at this time when digital adoption has been 804 00:41:51,300 --> 00:41:54,100 accelerating rapidly. For those of you, women 805 00:41:54,100 --> 00:41:57,700 listeners, especially intact. I hope you also get inspired by 806 00:41:57,700 --> 00:42:01,300 neha's message and be more active and participative in the 807 00:42:01,300 --> 00:42:04,500 tech industry and communities. There are a number of women 808 00:42:04,500 --> 00:42:07,600 communities that Neha mentioned, which you can also find in the 809 00:42:07,600 --> 00:42:09,400 show notes by visiting the tackle. 810 00:42:09,600 --> 00:42:12,100 You know, that death website. Lastly. 811 00:42:12,200 --> 00:42:15,300 I want to remind you again to subscribe, your email address on 812 00:42:15,300 --> 00:42:18,700 the tekhelet journal website, and if you like this podcast so 813 00:42:18,700 --> 00:42:21,900 much and would like to pledge your support for it, consider 814 00:42:21,900 --> 00:42:25,500 becoming a patron at package, you know, the deaf / Patron. 815 00:42:25,700 --> 00:42:27,400 I will deeply appreciate your support. 816 00:42:27,400 --> 00:42:30,000 In order to make the production of this podcast, more 817 00:42:30,000 --> 00:42:32,700 sustainable. Thanks again, and I'll see you 818 00:42:32,700 --> 00:42:34,000 in the next episode.