Article from CISO SIG

Shao Fei is the Group Chief Information Security Officer at SMRT Corporation, Singapore’s leading multi-modal public transport operator. Over the last 24 years, he also served in various roles at Amazon Web Services and the Singapore Public Service.

As a Fellow of Singapore Computer Society (SCS), Shao Fei serves as President of SCS’s Cyber Security (CS) Chapter. He is also a member of the Cybersecurity Committee at the International Association of Public Transport (UITP)

Shao Fei was inducted as Professional of the Year at the prestigious Singapore Computer Society IT Leader Awards 2020, and as winner of The Cybersecurity Awards 2021 (Leader Category). He was also nominated to The Cybersecurity Observatory's Hall of Fame in January 2020, and inducted as a AISP Validated Information Security Professional (AVIP) in March 2021. In 2022, Shao Fei was recognised as one of the top 30 senior cybersecurity leaders in Southeast Asia and Hong Kong at the CSO30 ASEAN 2022 Awards.

Introducing CISO with a deep interest in cybersecurity

I am presently the Group Chief Information Security Officer at SMRT Corporation. My cybersecurity career has spanned over 25 years, and I have worked in both public and private sectors.

What brought you to the Cybersecurity industry?

I have been coding since I was in my early teens, mostly trying to beat computer games. Later on, I started dabbling in PC hardware and software modifications to improve performance on a shoe-string budget (mostly out of my pocket money). Little did I know then that these hobbies would kindle the passion that brought me to the cybersecurity industry.

What were your defining moments in this industry, and factors or guidance that helped you achieve them?

There are two defining moments in my career. One was when DSO National Laboratories recruited me as a research engineer, which could not be closer to a dream job at that stage of my life. I was literally getting paid to do my hobby. The second was when I was conferred the Leader award at The Cybersecurity Awards 2021, organised by AiSP and supported by CSA and the Singapore Cyber Security Inter Association. I would not have been able to achieve either of these milestones by myself alone. There were many people and role models, who trusted in me and who provided me with guidance and encouragement at every stage in my career.

What is it that you love most about your role?

Bringing about positive change and making a difference.

What are some of the trends you have seen in the market lately, and what do you think will emerge in the future?

Everybody is talking about AI these days. So yes, AI is certainly a trend in cybersecurity. What might emerge in the future is anyone's guess. That said, I think that cybersecurity threat detection and response capabilities could become a feature of embedded systems-on-chip (SoC) architectures, when chip-makers start to look into new markets for growth. They make develop custom-developed application-specific integrated circuits (ASICs) for accelerating new workloads, particularly in cybersecurity.

What do you think is the role of CISO?

My view of a CISO's role is that he or she is accountable for the digital trust of the company. Correspondingly, a CISO is responsible for cybersecurity and critical risk management strategies that align with business initiatives, to ensure digital trust. The aspect of digital trust is more important that ever today because businesses must foster trust to ensure secure AI adoption.

What can we do to encourage more people to join the cybersecurity sector?

Today, there are numerous initiatives across various stakeholders in the cybersecurity eco system aiming to do this. We may want to pause and ask ourselves, what is working and what is not. At the end of the day, building more awareness of the industry does not mean that more people will eventually join the cybersecurity sector. And we need to be more self-critical to get there.

What do you want to achieve or contribute to the Cybersecurity Ecosystem?

I hope to contribute to the longer-term direction of the Singapore cybersecurity ecosystem. As such, I am honoured to have been invited to join CSA's Professionalisation Advisory Group, which was formed in 2023 to study how Singapore can raise standards of the cybersecurity ecosystem without discouraging the growth of the profession.

Any advice for the Cybersecurity Professionals?

• Never, ever compromise integrity and ethics.
• Be courageous even in the face of failure.
• Do not stop learning.

Author Bio

Shao Fei

Nominated Committee Member Representing SCS

AiSP

Shao Fei is the Group Chief Information Security Officer at SMRT Corporation, Singapore’s leading multi-modal public transport operator. Over the last 24 years, he also served in various roles at Amazon Web Services and the Singapore Public Service.

As a Fellow of Singapore Computer Society (SCS), Shao Fei serves as President of SCS’s Cyber Security (CS) Chapter. He is also a member of the Cybersecurity Committee at the International Association of Public Transport (UITP)

Shao Fei was inducted as Professional of the Year at the prestigious Singapore Computer Society IT Leader Awards 2020, and as winner of The Cybersecurity Awards 2021 (Leader Category). He was also nominated to The Cybersecurity Observatory's Hall of Fame in January 2020, and inducted as a AISP Validated Information Security Professional (AVIP) in March 2021. In 2022, Shao Fei was recognised as one of the top 30 senior cybersecurity leaders in Southeast Asia and Hong Kong at the CSO30 ASEAN 2022 Awards.