AiSP

CISO SIG

Article from CISO SIG

Ee Lin is the Deputy Director of CISO & Governance at HTX, where she leads cybersecurity strategies and governance for Singapore’s Home Team Departments. With over 15 years of experience across both public and private sectors, Ee Lin is recognised for her expertise in strategic cybersecurity and risk management, and is dedicated to fostering the next generation of cybersecurity professionals.

Introducing CISO with a deep interest in cybersecurity

As a CISO, my passion for cybersecurity goes beyond just a profession—it’s a mission to protect the infrastructure and public assets vital to Singapore’s safety and economy. With a natural curiosity about how things work and a desire to solve complex problems, cybersecurity became an ideal path for me to apply that passion in a meaningful and impactful way.

I didn’t enter the field of cybersecurity with the specific goal of becoming a CISO. My journey began with a focus on understanding the challenges within the digital landscape and using that knowledge to protect vital systems. As I became more deeply involved in solving complex cybersecurity challenges, I realised the potential to make a real-world impact in safeguarding both systems and people. Over time, the opportunities I encountered, along with my growing understanding of the industry, led me naturally into this leadership role. Today, I align cybersecurity efforts with business strategy, ensuring that security is not just an operational function but a strategic enabler for organisational resilience.

What brought you to the Cybersecurity industry?

I began my career in the defence sector, where I developed a strong sense of mission to protect vital systems that impact our nation. Defence work instilled in me a mindset focused on protection and security. As the digital landscape evolved, it became clear that these challenges were no longer confined to defence but had expanded into the business, public, and private sectors. Cybersecurity became a natural and necessary pivot for me.

Cybersecurity provides the satisfaction of tackling complex and ever-evolving challenges. Each day brings new and unpredictable problems, from advanced persistent threats to zero-day vulnerabilities, ensuring that no two days are ever the same. This constant stream of challenges has kept me engaged and provided opportunities to innovate and continuously improve security practices. This continuous evolution is what ultimately drew me deeper into the field.

What were your defining moments in this industry, and factors or guidance that helped you achieve them?

Several defining moments have shaped my journey, but mentorship—both being mentored and mentoring others—has been at the heart of my growth. Early in my career, having the right mentors made a significant impact on how I approached cybersecurity. They helped me see that it wasn’t just about technical challenges but about thinking strategically and aligning cybersecurity with broader business objectives. These mentors encouraged me to embrace difficult challenges and broaden my perspective beyond technical expertise.

As I progressed, I became equally passionate about mentoring others. Passing on the guidance I received and helping others navigate the complexities of the industry is one of the most rewarding aspects of my role. I am deeply committed to developing the next wave of cybersecurity leaders.

Another defining moment was my involvement in the global cybersecurity community. Contributing to discussions at international forums, writing thought leadership pieces, and learning from others in the field has kept me at the cutting edge of industry developments. These connections have broadened my understanding and reinforced the importance of collaboration and diversity of thought in solving today’s security challenges.

What is it that you love most about your role?

What I love most about being a CISO is the dynamic and unpredictable nature of the role. Cybersecurity is constantly evolving, and each day brings new challenges that require innovative solutions. This constant learning curve keeps me on my toes, and while it can be stressful, the satisfaction of overcoming difficult challenges with a trusted team is incredibly fulfilling.

Seeing the tangible impact of my work is another aspect I greatly value. The security of vital infrastructure directly affects millions of people, and knowing that my efforts help protect essential services and make a real difference in the lives of Singaporeans gives me a deep sense of purpose. Securing systems that so many people rely on every day makes the hard work worthwhile.

Additionally, the opportunity to influence organisational strategy and guide security efforts at both operational and strategic levels allows me to contribute to business success while safeguarding against risks. Helping teams and organisations become more resilient in the face of cyber threats is one of the most rewarding aspects of the role.

What are some of the trends you have seen in the market lately, and what do you think will emerge in the future?

One of the most significant trends today is the integration of AI with existing infrastructure to bolster security. AI and machine learning (ML) have become essential for automating threat detection, streamlining responses, and identifying vulnerabilities. This not only improves security posture but also enables organisations to scale their defences more effectively against sophisticated threats. AI’s role in cybersecurity will continue to grow, particularly as AI-driven solutions integrate more into cloud environments.

AI-driven solutions are also transforming proactive threat detection by analysing vast datasets to identify anomalies that human analysts might miss. In the near future, we can expect AI-automated incident response systems to become more common, enabling teams to focus on high-priority issues while AI handles repetitive tasks. However, adversaries are also leveraging AI for attacks, making it essential for security teams to continue innovating.

Beyond AI and cloud, we’re seeing a growing focus on securing operational technology (OT) and supply chains. As more critical infrastructure becomes digitised, OT security becomes vital in ensuring that essential services aren’t disrupted by cyber incidents. Additionally, ensuring the security of supply chains—especially those involving third-party vendors—is becoming a key concern for organisations worldwide.

Looking ahead, cyber resilience will take centre stage. It’s not just about preventing attacks but ensuring rapid recovery and continued operation when they occur. AI-driven automation and self-healing systems will be key components in achieving this. As threats evolve, organisations must focus on both prevention and recovery, maintaining business continuity in an increasingly complex threat landscape.

What do you think is the role of CISO?

The CISO role is fundamentally about risk management. It’s not just about the technical aspects of cybersecurity but about communicating risk in business terms that resonate with stakeholders at every level—from the boardroom to operational teams. Managing relationships and aligning the concerns of diverse groups within the organisation is essential to ensuring cybersecurity is understood as a strategic enabler of business success rather than a barrier to progress.

Being a CISO also involves deep engagement in strategic discussions. We’re not simply approving or “rubber-stamping” decisions but challenging them when necessary to ensure cybersecurity risks are thoroughly evaluated and mitigated. While regulatory compliance is crucial, the focus needs to go beyond compliance to build a proactive and resilient security posture that anticipates future risks.

Fostering a culture of security is also key. A CISO must ensure that cybersecurity is not seen as an isolated function but as a shared responsibility across the organisation. Strong leadership and the ability to influence teams to prioritise security in their daily activities are crucial for long-term success.

What can we do to encourage more people to join the cybersecurity sector?

To bring more talent into the sector, we must start by demystifying cybersecurity. It’s often seen as highly technical, which can deter those without a technical background. We need to show that cybersecurity involves much more—it’s about strategy, communication, and risk management, alongside technical skills. Highlighting the variety of roles available will help attract a broader range of talent.

We also need to emphasise the societal impact of cybersecurity. Many people are motivated by the opportunity to make a difference, and cybersecurity offers the chance to protect vital infrastructure and secure individuals and businesses from threats. By positioning it as a career with purpose, we can inspire more people to join. Fostering diversity and inclusion is also essential. Cybersecurity benefits from diverse perspectives, and creating a supportive and inclusive environment will help break down barriers. Mentorship programmes, scholarships, and outreach initiatives will be critical in bringing more talent into the industry.

Finally, raising awareness early is crucial. By introducing cybersecurity concepts in schools and universities and providing hands-on opportunities like hackathons and internships, we can spark interest from a young age, showing students that it’s a dynamic and rewarding career path.

What do you want to achieve or contribute to the Cybersecurity Ecosystem?

I believe that making an impact starts within my organisation. My goal is to foster a culture where cybersecurity is integrated into every operation. This builds trust, collaboration, and innovation, creating an environment where security is a core part of everything we do.

Once this culture is well-established, I aim to expand that influence outward to the broader cybersecurity ecosystem. I want to contribute to building a resilient and inclusive ecosystem by mentoring the next generation of cybersecurity professionals. By providing leadership and guidance, I hope to help develop future leaders who will drive the industry forward.

Promoting diversity and inclusion is central to my vision. Diverse teams are better equipped to solve complex problems, and I want to create an environment where everyone feels safe, valued, and empowered to contribute. Cybersecurity is a collective responsibility, and together we can achieve far more.

Any advice for the Cybersecurity Professionals?

My advice for cybersecurity professionals is to remain curious and adaptable. The field is constantly evolving, and staying ahead requires a commitment to continuous learning— whether through formal training or by staying up to date with the latest trends. Cybersecurity is not static, and neither should your skills be.

It’s also important to remember that cybersecurity is a team effort. Build strong relationships and collaborate with your peers—trust and communication are key. Don’t hesitate to ask for help, share insights, or mentor others. Collaboration is essential in solving complex cybersecurity challenges.

Resilience is another crucial aspect. There will be breaches and setbacks, but how you respond is what truly matters. Learn from challenges and turn them into opportunities for growth. Resilience will help you navigate tough situations and keep moving forward. Lastly, always prioritise time for family and friends. They provide invaluable emotional support, especially during overwhelming moments. Balancing your professional life with personal relationships is key to maintaining your emotional health. Know your limits, and engage in activities that help you unwind—whether it’s a hobby or travelling. Taking time for yourself is essential to staying grounded and resilient in this demanding field.

Author Bio