Conversations with Keith Tay
A fresh graduate from the Nanyang Technological University, Keith realised his interest in this field in his last year of studying Computer Science, and is currently a malware specialist in cybersecurity specialist at GovTech. In his free time, he enjoys going on outings with his friends and travelling.
So, as a Cybersecurity Specialist, how would you describe your typical workday?
I am currently working in the Cybersecurity Incident Response team in GovTech, and specialising in malware analysis. My typical workday for the incidence response side includes coordinating with agencies to conduct investigations and provide recommendations on how we can prevent or mitigate security incidents from happening in the future. When we do investigations, normally we perform root cause analysis for the incident, risk and impact assessment which are presented to the government. So, that is basically what we do for incident response.
For my specialisation as a malware analyst, part of my day-to-day job involves us experimenting with different with malware samples – so, when we receive a malware sample, we can actually detonate it in a closed environment. By analysing malwares, we attempt to look for ‘indicators of compromise’ to determine if our systems are affected. For example, if there is a malware running on your computer, if it is trying to receive a command from the internet, there will always be a trace. We can actually make use of this information we harvest to search our networks to determine if there are any other affected systems. That is roughly what we do for incidence response and as malware analysts.
Could you tell us more about what your work is like and what you do at GovTech?
The typical work day varies. When there is a security incident, we will be performing the actions mentioned previously. For times when we are not on a case, we may be performing capability development to improve our current processes and workflow. We could also be looking into new tools or developing in-house tools to assist with our future investigations. A portion of our time also involves attending training to keep up with the current trends and keeping ourselves abreast of the current cyber threat landscape. All in all, as part of the team, I am thankful for the opportunities to learn and build technical capabilities in areas such as malware analysis, data / log analysis and building up our own tools here in GovTech.
How has your experience in this line of work been? Could you share with us your story so far?
For me, I am a fresh graduate and was previously studying Computer Science, which is not totally relevant to my job. So, when I came in, I had to pick up a lot of things on the job. The interesting part of this job is that the cybersecurity landscape is always changing. There are new threats and vulnerabilities daily, and as cybersecurity investigators, we have to keep abreast of the latest threats. A threat you encountered just last year could evolve into something totally new today. For me, I was really exposed to many different things and I am really happy that we have a wonderful team of colleagues who are willing to help.
You mentioned that you studied Computer Science previously but it was not very relevant – the conventional wisdom is that GovTech is related to Computer Science, but if it is not a relevant major then what is, and why is it not relevant?
What I meant was cybersecurity involves looking at various domains which may not be covered by just studying computer science. For example, it involves things like networking at both packet and topology, operating system, malicious connectivity, malicious software and many more. However, Computer Science can help us in building up a good foundation for related skills like programming. For our day-to-day job, we have to make use of scripts to automate and improve our processes. As malware analysts, whenever we perform reverse engineering, we attempt to reconstruct the assembly code back to the initial source code. All these concepts were built from my knowledge in Computer Science, but a majority of the skills picked up were from the job cases and training. I am still glad that I took up Computer Science in the past as it helped me greatly in appreciating certain concepts during our investigation.
Do you enjoy working in this environment?
The culture here is really nurturing and our team emphasises knowledge sharing. Even though it is a challenging environment, our bosses assure us that we can voice out whenever we need help. In order to grow as a team and tackle challenging situations, we work together to solve challenging problems together – at the same time learning from each other. I personally feel that this culture of mutual sharing and learning is something I cherish and love about my job.
What would you consider the highlights, the best parts, of doing what you do/your job? What motivates you every morning to wake up and come to work for another day?
For me as a fresh graduate, because I really enjoy what I do, what really motivates me is the opportunity to learn and gain new knowledge every day. To me, passion is important because you do not want to be in a position where you do not like your first job, and if you are in such a situation, you will find it a chore to wake up daily. In my case, I feel energised to come to work knowing there will be something new to learn each day.
What gives you satisfaction in your work? What would you consider a really ‘good day at work’?
Personally, it is when we manage to solve security cases. It gives us a sense of satisfaction knowing that we have a safer environment to work in.
Looking back, did you always know you wanted to be in cybersecurity?
For me, the answer is no – when I first started out in polytechnic, I was doing a lot of programming, and I participated in hackathons and such competitions until my tertiary studies. So, I was really exposed to a lot of application creation. In my final year of university, I took an elective related to cybersecurity, and I think that is where it first kicked off, because once I started, I was really hooked on to the details. I then picked up external courses outside my school curriculum to learn more about cybersecurity. That actually sparked my interest and from then on, I knew that I wanted to be a part of this industry.
Initially, I was bonded to a bank and was supposed to be doing development and support work upon graduation, but because of my passion for work in a cybersecurity role, I ventured out and landed myself here in GovTech.
Is there any advice you wish you had been given, or anything you would have liked to have known before you came into the job?
For me as a fresh graduate, I actually don’t know what advice I wish I could have received. As cybersecurity has many domains, I had no idea where I wanted to be. All I knew was that I wanted to be in a technical role for a start. I think some good advice is to embrace wherever you will be going to.
Where do you see yourself in the next 5 years?
For me, as this is my first job, I would like to further challenge myself by taking up different kinds of technical roles within cybersecurity, such as Cyber Threat Intelligence, Red Teaming etc., and eventually, after gaining the technical capabilities, I hope to impart my knowledge to others as a consultant.
Harvard University has compiled this list of 42 professional competencies. In your opinion, which of these would you consider most relevant/applicable/useful/important to/for your work on a daily basis?
For cybersecurity, I think what I would say is important would be continuous learning, because we really need to learn all the new kinds of threats that we are facing on a day-to-day basis. Subsequently, technical professional knowledge and skills are also important because cybersecurity is really a niche field and there is a need to really understand how a system actually works. We need to have the knowledge for the domain in which we are working. Last but not least, I think developing others is also vital because, as cybersecurity experts, we should be able to give professional advice to others as well, and it is important because not many people are educated in cybersecurity. Thus, I think it is really part of our job to help other as a whole.
When you mentioned about the importance of these technical skills, are these baseline requirements to enter the industry? Are there additional requisites or qualifications necessary for the role?
If it is a fresh graduate role, the employers will be looking for people with the passion for cybersecurity. It is also reported in articles that there is a lack of cybersecurity specialists, so I think one avenue to bring up these numbers is actually to take in more fresh graduates who are willing to learn on the job. Some additional considerations to value-add your portfolio would be participating in ethical hacking events or taking up external courses to boost your knowledge in cybersecurity.
Would you like to give any advice to youths who may be interested in cybersecurity?
Firstly, they need to have the passion for cybersecurity; secondly, they need to adapt to the constant changes; and last but not least, they need to have the willingness to learn and gain new knowledge on a daily basis. I don’t think companies will expect a fresh graduate to have the technical skills to tackle threats straight away, but they would look for someone who is willing to learn and who displays these characteristics.