78168dec39d9489e943820a01c980a60.jpg?sfvrsn=61cfc512_0 "Eden Seah Image (002)")
AT A GLANCE:
Whenever the Ministry of Education (MOE) project teams have cybersecurity-related queries, they can count on the MOE Information and Communications Technology (ICT) Security and Governance team’s support. The Security team establishes security and governance policies, manages cybersecurity challenges and empowers project teams to keep their systems secured and their data protected. Keep reading to learn how Eden Seah from the MOE Security team transitioned into his role with the help of GovTech Digital Academy (DA).
BACKGROUND:
The Security team is always ready to unravel the project teams’ cybersecurity challenges and propose solutions. Part of this capable team is Eden, a forward-deployed Cybersecurity Engineer from GovTech to MOE. His daily tasks involve performing risk assessments with the various project teams, creating security awareness through brownbag sessions, analysing audit outcomes, establishing governance policies and proposing measures to improve policy compliance.
As the second line of defence, Eden carries the heavy responsibility of ensuring that MOE’s security posture remains uncompromised. He feels invigorated whenever his involvement results in outcomes such as shortened system rollouts and accelerated implementation. Going forward, he plans to propose a Cybersecurity Week with sharing sessions on best practices to help project teams stay vigilant and take ownership of defending MOE’s cybersecurity.
NEED FOR UPSKILLING:
Eden navigates his role so skilfully that one may be surprised to find out that he made a significant career leap–from IT Auditor to Cybersecurity Engineer! Not only did he have to adapt to the systems at MOE in this new role, he also needed to understand the requirements for a Cybersecurity Engineer. On top of that, he had to pick up knowledge on various Cloud models and architectures to advise the project teams on their queries. Through discussions with his team about his concerns, he came to appreciate the value of DA’s programmes and decided to enrol.
LEARNING JOURNEY:
Situation
As part of MOE’s digital transformation efforts, project teams are embracing Cloud solutions such as Software-as-a-Service (SaaS) to scale with flexibility. However, this endeavour was not free of challenges. The extent of their roles and responsibilities in governing these Cloud solutions was unclear as they did not have sight of the SaaS service provider’s controls and processes. This resulted in teams implementing different levels of governance and using varying matrices for reporting security performance.
Task
Eden and his team needed to address this situation urgently as standardised governance policies are important for them to assess, manage and control risk on these SaaS platforms. First, they set out to provide the project teams with guidance on governing Cloud solutions appropriately and effectively. It was also imperative that the project teams become more vigilant in implementing effective cybersecurity measures. To develop his capabilities to address this situation, Eden embarked on his upskilling journey.
Action
From the array of programmes offered by DA, Eden chose two–(ISC)² Certified Cloud Security Professional Common Body of Knowledge (CCSP CBK) Training Seminar and (ISC)² Certified Information Systems Security Professional Common Body of Knowledge (CISSP CBK) Training Seminar. He was pleased to find that the topics covered were very relevant to his work! For example, the CCSP CBK programme explored risk areas for assessment and considerations. The facilitator even shared his experience in evaluating SaaS solutions! Overall, the programmes provided clarity for questions that he had about his role and the requirements of a security expert. He left the programmes enriched with new knowledge and understanding of how his role fits with organisations on Cloud architectures.
Results
With his new skills, Eden worked with the Security team to establish guidelines for assessing risks on SaaS solutions. They also implemented a green lane process to expedite risk assessment for non-consequential use of SaaS solutions, thereby expediting SaaS adoption on the ground. Beyond that, they established guiding principles for project teams to evaluate SaaS System and Organisation Controls (SOC) audit reports. This combined effort has culminated in MOE’s management gaining more visibility on the security landscape. Not to mention, their regular reports and recommendations to address critical security lapses were well-received by MOE’s management!
“GovTech Digital Academy is a one-stop shop for the knowledge you need to perform your job effectively and with greater efficiency – to work smarter instead of harder. Under the guidance of experienced facilitators, you will be prepared to deal with the latest solutions and technologies. These programmes will equip you with an understanding of the principles to handle various situations that you may face in cybersecurity.”
Eden Seah
Cybersecurity Engineer, Ministry of Education ICT Security and Governance
GovTech
NEXT STEPS:
Eden is interested in exploring programmes in robotics, artificial intelligence and machine learning to supplement his skills in analysing risk and automating security performance and reporting to further value add to GovTech and Singapore Public Service.
EMBARK ON YOUR LEARNING JOURNEY:
By keeping up to date with the relevant knowledge needed to perform for his role and taking his supervisor’s advice, Eden was empowered to support the cybersecurity needs of his MOE colleagues.
Keen to embark on your own learning journey?
Find out more about GovTech Digital Academy and our role in building a digital public service workforce. Browse our programmes or connect with us and take the first step to become the future-ready you :)
Be a future-ready digital practitioner and leader with GovTech Digital Academy.
