Name: Mr. Toh Tai Ann
Title: Principal Trainer and Consultant
Employer: Solution of Solutions LLP
Degree: Bachelor of Electrical Engineering (Hons) University of Western Australia
Years in IT: 31 years
Years in cybersecurity: 10 years
Cybersecurity certifications: Certified Information System Security Professional (CISSP)
Certified Cloud Security Professional (CCSP)
The Open Group Architecture Framework (TOGAF)
How did you decide upon a career in cybersecurity?
I have been an Information Technology professional for more than 25 years and in the Information Technology sector for 30+ years. In these 30+ years I have seen the transformation of IT from a mainframe/minicomputer centric data centre setup to a very disparate, distributed and complex environment. The centralised mainframe/minicomputer setup had many advantages from the security perspective. Physical security was extremely tight and access to the main frame was controlled. Security was well-defined with set boundaries which could be easily defended.
With the distributed IT environment of today, systems are interconnected with each other in the intranet, extranet as well as the internet. The security foot-print has increased exponentially. Further with the rise of the mobile devices connected to the internet, the security perimeter has move out of the data centre to the end-devices. Having been in varied industry sectors like manufacturing, shipping & logistics, healthcare, hospitality, education and aerospace, I am aware of the great security challenges faced by organisations. Senior management has to be more informed of the security threats, their risk exposure and risk responses, as well as keep up with the trends in security technology, threats and vulnerabilities.
This is the reason I embarked into cybersecurity as I see a need to educate senior management, IT staff and employees on IT Security. This is a must to ensure that any organisation is kept secure and continues to be secure.
Why did you get your CCSP®?
When I started my profession in the healthcare industry in 2000 until 2011, I realised that there is a move towards cloud services in the form of IaaS, PaaS or SaaS. This move is because IT expenditure has ballooned and scalability as well as business continuity is becoming more costly and complex. Management has to use this opportunity to move toward cloud services, but unfortunately there is little understanding of the impact to the business when moving in this direction. This is why I had decided to take up a professional certification as a cloud security professional and advise management on the correct approach to move towards the cloud.
What is a typical day like for you?
As I have moved on to be an IT security trainer and consultant, my typical day involves keeping up to date with IT security, preparing and fine-tuning courseware as well as networking with professionals in the IT security field.
When I was in the IT industry as an IT professional, we had to deal with many security issues. Most were mundane but others more unique and challenging. The greatest issue encountered is password resets, user account sprawl with many zombie accounts or accounts with elevated privileges. We also encounter COTS applications which only allow end-users to operate at an elevated privilege level for all end users. My other more unique experience is with physical security breach from an internal staff, computer theft and system hacks via the Internet.
Can you tell us about a personal career highlight?
I have a few personal career highlights. My first is with designing, planning, implementing and operating a regional data centre for a shipping company in 1990. I was the lead in setting up the IT infrastructure for the whole Far East.
My second highlight was designing, planning, implementing and operating a brand-new data centre and network centre for a major manufacturing company in 1997. My third highlight was designing, planning and implementing a nationwide Electronic Medical Record (EMR) application infrastructure for the largest healthcare group in Singapore. My fourth highlight was designing and planning the entire IT Infrastructure for a hospital and hotel complex in Singapore.
How has the CCSP certification helped you in your career?
As I am now a trainer and consultant, I will use my CCSP certification to train IT personnel and senior management staff on cloud security and its impact on the organisational landscape. This is enforced by my 30 years in the IT industry with my own experience with cloud services.
CCSP has also helped me understand the regulatory and jurisdiction aspects that have to be taken care of. We also have to have a strong understanding of the business requirements and translate this to a Service Level Agreement that reflects all the business needs.
What is the most useful advice you have for other cloud security professionals?
Understand the current IT landscape of your business before even considering moving towards the cloud. Study whether a fork-lift is required or brand new services need to be built. In either case study the impact as both were to affect the user experience. More importantly, as a professional your job is to recommend to management on the feasibility or non-feasibility of using cloud services and how to plan an incremental move with proper SLAs
Interested in CCSP certification? Download the Ultimate Guide to the CCSP.