Article from CISO SIG

Introducing CISO with a deep interest in cybersecurity

Nyan Tun Zaw, CISSP, is serving dual roles as Chief Information Security Officer (CISO) as well as Senior Vice President at Athena Dynamics Pte Ltd, which is a subsidiary of BH Global Corporation Ltd, an SGX mainboard listed company. He is also currently serving as in the executive committee of ISC2 Singapore Chapter as Membership Director. With a wide range of background in cyber security operations, software development, web development, networking as well as business development, Zaw specializes in evaluating and analysing radically differentiated advanced cybersecurity technologies and has played critical roles in bringing technologies like high-speed DFIR or military grade file sanitisation technologies like content disarm & reconstruction to Singapore. During the early days as technical lead and head of good hackers alliance (gha), he was also involved in various project implementations with Athena Dynamics in several highly confidential government and critical infrastructure projects in Singapore and the region.

Nyan Tun Zaw holds a Master of Business Administration from Quantic School of Business and Technology as well as Bachelor of Business Management, with double majors in Finance and Information Systems, from Singapore Management University. He is also a holder of CEH, ECSA and CISSP.

What brought you to the Cybersecurity industry?

It was an unexpected journey. I started as a web and C++ developer – creating and maintaining corporate websites and internal accounting system for BH Global (the parent company of Athena Dynamics) under the IT team. They were doing a large scale digital transformation at that time to sort out the IT and security of the group, brought in a Group CIO, and while doing do, they have stumbled upon really great cyber protection technologies that they feel will benefit Singapore’s cybersecurity industry so ultimately decided to spin off the IT department as a cybersecurity company, serving both internal and external.

Naturally as part of the transformation, our Group CIO took on a dual role as CEO of this new spin-off that would become Athena Dynamics and I took up the role as a solution support / implementation engineer role. This was the start of my cybersecurity journey. The learning curve at the start was incredibly steep because I didn’t have any background in cyber but now looking back, I’m glad I went through that because that provided me with accelerated hands-on learning opportunity for various aspects of cyber, having to work on a large number of highly sophisticated projects.

What were your defining moments in this industry, and factors or guidance that helped you achieve them?

I would say winning the awards from NTUC MayDay Awards, Tech Talent Assembly and being nominated as a finalist in the “professional” category for The Cybersecurity Award by AiSP have given me the confidence and encouragement needed to keep pushing myself to contribute more to this profession and industry and I am very grateful to have been able to receive guidance from various veterans in the industry as well as the strong support and mentorship from my company’s CEO.

What is it that you love most about your role?

I am blessed to be in a unique situation where I get the opportunity to deal with both internal and external cybersecurity challenges so everyday I am learning new things and constantly have to challenge myself to improve, which is something I love the most because I am a firm believer of lifelong learning. Especially in industries like cyber, there are new threats and attack methods coming out everyday so the moment we stop learning, our knowledge could become obsolete very quickly.

What are some of the trends you have seen in the market lately, and what do you think will emerge in the future?

There are two distinct trends that I have seen in the market so far: Cyber for AI and protection against Quantum based threats

On cyber for AI, with the massive popularity of GenAI / LLM these days, everyone is using for almost every purpose that we could possibly think of and there are growing trends of attacks and techniques in this such as prompt injection, attack on the APIs, and poisoning the LLM itself. All these have huge impact on our day-to-day life and more people need to be aware of because LLM providers might not be fully equipped to have strong protections against these with the technology still being in rapidly evolving stage.

As for quantum based threats, its becoming more of a reality than theory that can fundamentally change a lot of encryption based security measures that we have in place today and we have seen technologies like quantum key distribution to counter against these attacks so its interesting to see how the industry will evolve going forward.

Alongside, I have also been seeing many innovations such as automated GRC tools enhanced by GenAI, high speed digital forensics technologies as well as even technologies that can make an organization undiscoverable (or in other words – invisible from the internet) and all these make our jobs as cybersecurity professionals much more interesting.

What do you think is the role of CISO?

People say that an organization is often the reflection of its leader. Similarly, I believe that CISO, as the head of the security team, is an important senior management figure that plays a key part in how mature or protected an organization is against cyber threats. CISOs need to make sure that they are constantly updated with information about the latest threats, attack methods as well as how to protect against them so that they can set the right policies, start the right initiatives and lead the team effectively to ensure that the organization is well-prepared to defend against rising cyber threats because today cyber threats are not just a computer or technical problem. They have real business impact that can effect an organization in a critical way or in some cases, even in terms of people’s safety (especially in OT sector).

What can we do to encourage more people to join the cybersecurity sector?

Its encouraging to see that more people are taking cybersecurity seriously and we have been seeing more fresh graduates entering the workforce as well as mid-career changers coming into cyber. Based on my experience, having more industry initiatives to share more about what does a cyber security professional do day-to-day and even fun initiatives like mass training and CTF events has inspired more people to join the cybersecurity sector because it helps people to understand what its like to be in cyber and what is needed. On the other hand, I am also seeing various tertiary institutions are starting to offer more cybersecurity focused diplomas or degrees so hopefully this could become more mainstream and help to attract more people to take up this career path.

Another thing is that cybersecurity certifications or trainings can typically be quite costly so if there are more programs or initiatives that can help to alleviate some of these concerns either via subsidies or even low-cost high-quality training sessions from the industry itself, this could potentially encourage more people to enter cybersecurity sector.

What do you want to achieve or contribute to the Cybersecurity Ecosystem?

One thing that I love about this industry is that most people are willing to do knowledge sharing with each other. Everyone faced different situations and I believe that there are many things we can learn from each other’s experiences so I’m glad to have been a part of such communities and would love to contribute more to facilitate these information flow. Also, through various industry thought leadership sharing be it at conferences / events or even like what we are doing now in this article, I hope to be able to inspire more people to join in the profession.

Any advice for the Cybersecurity Professionals?

As cybersecurity professionals, it is not an easy task to keep up with all the latest trends and technologies so its my belief that being active in communities like AiSP would be a great way to stay up to date and I would encourage everyone to share more, talk to each other more and learn more together because cyber is never an individual game but more of a collective team effort.

Author Bio

Nyan Tun Zaw

Chief Information Security Officer, Senior Vice President

Athena Dynamics Pte Ltd

Nyan Tun Zaw, CISSP, is serving dual roles as Chief Information Security Officer (CISO) as well as Senior Vice President at Athena Dynamics Pte Ltd, which is a subsidiary of BH Global Corporation Ltd, an SGX mainboard listed company. He is also currently serving as in the executive committee of ISC2 Singapore Chapter as Membership Director. With a wide range of background in cyber security operations, software development, web development, networking as well as business development, Zaw specializes in evaluating and analysing radically differentiated advanced cybersecurity technologies and has played critical roles in bringing technologies like high-speed DFIR or military grade file sanitisation technologies like content disarm & reconstruction to Singapore. During the early days as technical lead and head of good hackers alliance (gha), he was also involved in various project implementations with Athena Dynamics in several highly confidential government and critical infrastructure projects in Singapore and the region.

Nyan Tun Zaw holds a Master of Business Administration from Quantic School of Business and Technology as well as Bachelor of Business Management, with double majors in Finance and Information Systems, from Singapore Management University. He is also a holder of CEH, ECSA and CISSP.