Name: Patrick Wai Keun Liu
Title: Deputy Chief Information Security Officer
Employer: DBS Bank (Hong Kong) Limited
Degree: Computer Engineering
Years in IT: 20
Years in cybersecurity: 15+
Cybersecurity certifications: CISSP-ISSAP, CRISC, CGEIT, CIA, CISA, ABCP
How did you decide upon a career in cybersecurity?
I started my cybersecurity career as a customized professional service for a high-end customer. I was working in an ISP and the company provided network connectivity services. My team focused on new initiatives and we believed security had potential. I have dedicated myself to this area ever since.
Why did you get your CISSP-ISSAP?
As is common with most cybersecurity practitioners, we never stop learning new things. Cybersecurity is not just on one dimension, and we need to understand how things interact with each other, what is the implication when we connect different building blocks together, etc. CISSP-ISSAP is a good starting point for me to understand the best practices to build systems.
What is a typical day like for you?
Risk management is the key aspect of my job. First of all, I identify cybersecurity risks that might impact the organization. When we identify any cybersecurity risk, we work with different internal teams to analyze the control effectiveness and plan any mitigation plan as necessary. The most challenging part is pointing out the risk for different interested parties.
Can you tell us about a personal career highlight?
It is truly my honor to be recognized by (ISC)2 in their ISLA Asia-Pacific program. This is one of the greatest highlights in my career. It also gives me a driving force to improve and contribute more to the community.
How has the CISSP certification, and the ISSAP concentration, helped you in your career?
The CISSP-ISSAP defines a very good baseline for cybersecurity practitioners. It is a benchmark for me to assess cybersecurity practitioners’ knowledge. I believe these credentials have become a standard for the industry and are highly recognized by the cybersecurity circle.
What is the most useful advice you have for other security professionals?
I think the most powerful skill for security professionals to achieve is the ability to transform cyber risk to understandable business content. For example, a DDoS attack means loss of business productivity and we can quantify this message in dollar value. My advice is to try to develop this skill in your organization.