1. Introducing CISO with a deep interest in cybersecurity

As a CISO based in Singapore, my passion for cybersecurity is driven by both a professional responsibility and a deep appreciation of how critical security is to national digital trust. With Singapore’s Smart Nation vision and our increasing reliance on cloud and AI technologies, I see cybersecurity not just as a safeguard, but as a strategic enabler of our digital future.

2. What brought you to the Cybersecurity industry?

I started my career as a desktop engineer, focused on endpoint support and troubleshooting. One turning point came early on — I was asked to triage the infamous ‘ILOVEYOU’ worm incident. That hands-on experience with malware, even in its primitive form, opened my eyes to the reality of cyber threats and the cascading impact they could have across an organisation.

That moment sparked a deep curiosity in me. I began to explore how threats worked, how systems could be hardened, and how security had to evolve alongside technology. From there, I deliberately charted my path into cybersecurity — and never looked back. What began as a technical problem became a lifelong mission to protect and enable secure digital transformation.

3. What were your defining moments in this industry, and factors or guidance that helped you achieve them?

A few defining moments come to mind:

 • Leading a security architecture overhaul and implementing a secure-by-design framework on critical systems without disrupting operational readiness
 • Driving security governance transformations aligned with both business agility and regulatory accountability
 • Being entrusted to represent cybersecurity concerns at executive boards and roundtables — translating technical risks into business impact.
 • Bridging operational commanders, engineers, and security teams to establish risk-informed decision frameworks.

What helped most were mentors who understood the discipline of mission assurance, and peers who emphasised collaboration over control particularly in uniformed and high-tempo environments.

4. What is it that you love most about your role?

What I love most is enabling. I take pride in being a bridge between technology, business leadership, and operational reality. As a CISO, I’m in a position to influence not just policies and controls, but also mindsets and culture. Seeing teams become more security-conscious, seeing executives make informed risk decisions — that’s deeply fulfilling.

5. What are some of the trends you have seen in the market lately, and what do you think will emerge in the future?

Key trends I am seeing:

 • Increased focus on AI governance — especially in light of emerging AI tool adoption in public services
 • Increased focus on AI supply chain risk management, especially as agencies adopt third-party or open-source models
 • The need for automated threat detection against AI-driven systems, particularly in autonomous or high-tempo operational environments
 • Cybersecurity embedded into procurement and project governance, especially under compliance requirements
 • Managed security partnerships becoming more strategic, not just tactical
 • Growing interest in OT/ICS security as Singapore strengthens its Critical Information Infrastructure (CII) protections

I believe MLSecOps, explainable AI security controls, and regional threat intelligence collaboration (especially in ASEAN) will play a bigger role.

6. What do you think is the role of CISO?

The role of a CISO has evolved from a gatekeeper to an enabler, strategist, and communicator. Today’s CISO wear multiple hats — from technologist and risk advisor to educator. My view is that the CISO’s true role is to align security with business resilience, making sure that protection is not just strong, but also sustainable, adaptive, and trusted across all layers of the organization.

7. How can we encourage more people to join the cybersecurity sector?

We need to demystify cybersecurity. Too often, it’s portrayed as either overwhelmingly technical or purely reactive. The reality is that cybersecurity has a place for every kind of thinker — strategists, analysts, engineers, communicators.

We should:

 • Start earlier, bringing cybersecurity into school-level education
 • Showcase diverse career paths — from policy governance to threat hunting
 • Provide more mentorship opportunities
 • Promote the purpose-driven nature of the field — people want meaningful work, and cybersecurity offers exactly that!

8. What do you want to achieve or contribute to the Cybersecurity Ecosystem?

I want to contribute to building an ecosystem where security is seen as a business enabler — not a checkbox or an obstacle. I also aim to mentor the next generation of cybersecurity leaders, especially those navigating complex environments where governance and innovation must coexist. Long-term, I’d like to help shape policies and frameworks that bring together national security interests, and operational pragmatism.

9. Any advice for the Cybersecurity Professionals?

Stay curious, stay grounded. Cybersecurity is a field where yesterday’s knowledge can quickly become outdated, so continuous learning is vital. Focus not just on tools, but on impact. And finally, build bridges and be the trusted allies: with business units, regulators, developers, and end users.

Lastly, be passionate on what you doing as my favourite saying goes “some fire cannot be put out. Like the one in our hearts”

Author Bio

Ray Lau

Ray Lau is the Chief Information Security Officer at SCDF, where he oversees the development and execution of cybersecurity strategies, governance frameworks, and risk management practices to safeguard its systems and operations. With more than 15 years of experience across both the public and private sectors, Ray is highly regarded for his strategic leadership in cybersecurity, risk governance, and enterprise-wide cyber resilience. He is also committed to nurturing future cybersecurity leaders and driving a culture of security across all levels of the organization.