AiSP

CISO SIG

Article from CISO SIG

Christopher Lek is a seasoned cybersecurity professional with over 20 years of experience in telecommunications, financial institutions, and global conglomerates. He has held various roles, including governance, risk management, security architecture, and cyber defence. Currently, he leads the cybersecurity team at Nanyang Technological University and has been a three-time winner of the Top 30 Cybersecurity Executives award for his contributions to business value, leadership, and his ability to drive change in the CSO30 ASEAN awards

Introducing CISO with a deep interest in cybersecurity

Chris currently leads the Cyber Security Team at Nanyang Technological University overseeing the cyber security function for the university across administration, teaching learning and research. He served as the founding Director of Cybersecurity for NTU, overseeing the expansion of the team with specializations in governance, engineering, and cyber defence. He has led various security initiative effort over the last few to improve the security posture for the university. He had also led the team to attain ISO 27001 and Cyber Trust Mark (Advocate) certifications for the university’s critical IT services.

What brought you to the Cybersecurity industry?

During my earlier career in the internet service provider, I encountered various security incidents (e.g., hacking, DDoS) which inspired me to pursue a career in cyber security. My first stint in cyber security started as a team lead in the national critical payment system where I was responsible for overseeing network and security operations to secure billions of dollars of interbank transactions. At the same time, I was introduced to the SIG^2 GTEC Labs, where I was exposed to capture the flag competitions and honeypots, which further ignited my interest in this domain. Further experience with global conglomerates like Sony and General Electric put me through the trenches of advanced persistent threats and dealing with nation-state actors. This has been a humbling experience and solidified my belief that attacks are real, and we need to be resilient.

What were your defining moments in this industry, and factors or guidance that helped you achieve them?

One of the most defining moments was the experience with the Sony Pictures breach during Thanksgiving Day in 2014. The attack, believed to be carried out by North Korean state-sponsored hackers, resulted in the theft of sensitive company data, including employee personal information and unreleased movies. Many of our assets were wiped out, and the organization was basically brought to a halt. As the saying goes, 'What doesn't kill you makes you stronger.' It was in the aftermath of this incident that cyber security received strong support from top management. Numerous initiatives and transformations occurred to strengthen cyber security resilience and capabilities. This also provided opportunities to work with great colleagues to enhance our defence against advanced persistent threats. I am grateful to have been mentored by my bosses and to have built strong camaraderie with fellow global team members during my working experience with Sony.

What is it that you love most about your role?

Making a positive impact to the organisation with persistency and the grit to get back from any setback

What are some of the trends you have seen in the market lately, and what do you think will emerge in the future?

The use of Deepfake technology is increasing, which will make social engineering attacks more complex and convincing. The adoption of quantum-resistant encryption is also gaining more attention as hackers are exploring ways to break traditional encryption algorithms.

What do you think is the role of CISO?

The role of a CISO is multifaceted. Not only are you required to be technically proficient, but you also need to have strong business acumen to navigate complex organizations. This requires a combination of hard skills (technical) and soft skills (communication, stakeholder management) to succeed in this role.

What can we do to encourage more people to join the cybersecurity sector?

I don't think there's a lack of interest among the younger generation in joining this sector. However, I believe we need to let them know that if they're keen to embark on a cyber security career, they need to develop critical thinking skills, a passion for learning, and the ability to be resilient against any adverse situation.

What do you want to achieve or contribute to the Cybersecurity Ecosystem?

I am humbled that over the past few years, the NTU cyber security team's efforts in cyber security awareness and transformation have been recognized through various awards. This is attributed to a dedicated team of members and my management's support. NTU is currently a member of the CSA cyber security awareness alliance, and we hope to continue to promote and enhance awareness and adoption of good cybersecurity practices among members of the public and organizations in Singapore. In 2024, NTU successfully established the newly minted student's cyber security club, and I am honored to be the advisor. I hope to continue inspiring the younger generation to pursue their passion and excel in their cyber security careers.

Any advice for the Cybersecurity Professionals?

It is important to understand your strength and shortcomings and to be self-aware. Build on your strength and make a concerted effort to strengthen your weakness. Continuous learning and curiosity are essential and always ask "why" to delve deeper into concepts and challenges.

Collaboration is another crucial aspect as cybersecurity is a team sports. Work effectively with colleagues from various departments and backgrounds. To achieve collaborative cyber defence, we must breakdown organizational silos and promote open communication. The world of cybersecurity is always changing, so we must continue to be flexible, accept new technology, and be ready to take on new problems.

Author Bio

CISO SIG

Article from CISO SIG

Christopher Lek

Cyber Security Leader and Instructor

NTU