Cybersecurity Engineer
Digital Defenders: Fortifying RAiD's Cyber Frontlines
Hi Ben, nice to meet you! Could you introduce yourself?
Hi, I am Benjamin, a Cyber Defence Staff Officer at RAiD. Prior to this, I was an Officer Commanding (OC) in Tengah Air Base, managing two teams under my flight. I am the first Digital & Supply Chain Engineering (DSE) mid-careerist, a new track under the Air Force Engineer vocation!
What motivated you to join RAiD's cybersecurity team, and how has your journey here expanded your skills and knowledge?
I specialised in cybersecurity during my degree course and wanted to pursue a career relevant to my studies.
We believe in investing in our team and make time to take up training and attending courses. We also participate in conferences and engage with other industry partners to keep up with the recent changes in technology.
Can you describe a particularly challenging cybersecurity threat you helped mitigate, and what it taught you?
Part of my work involves assessing the cyber risk for projects, advising the project team accordingly and working with them to achieve compliance. This is challenging because sometimes security measures can compromise usability. With RAiD's mission of “Bringing Smarts and Smiles to the Air Force” Cyber Defence Branch also aims to be "enabling" so that we could push the operational envelope safely and securely.
How does RAiD's company culture support your work in cybersecurity, and what aspect of this culture do you value the most?
RAiD is an interesting place to work. RAiD challenges the traditional preconception of a stiff and rigid military outfit, by being forward-thinking and progressive, challenging dogma and the status quo. This is important to me as an individual as I have always been quite different, and in an ever-changing environment, we cannot afford to be slow and rigid.
How do you collaborate with other teams in RAiD to foster a security-first mindset?
In cybersecurity, we often talk about the “shift left” mindset. To put across a simple analogy, attempting to retrofit a window into a wall after the wall had been created will inherently cause the overall structure of the wall to be weakened. “Shifting left” or moving cybersecurity awareness and compliance to earlier stages of development, incurring less cost at implementation and reduces frustration. The result is a better-performing product that does not compromise military secrets. While our RAiD colleagues often joke about Cyber Defence Branch being the humourless policeman, they understand the importance of building secure applications which has an impact on RAiD's reputation as a competent and credible outfit.
What advice would you give to new cybersecurity engineers joining our team, based on your experiences?
I think it is important for cybersecurity engineers to be resilient and to be vocal. We have to be resilient because RAiD is a start-up in RSAF and have to break down existing obstacles to drive change. This can be challenging at times but it is a necessary endeavour. After all, pioneering work is challenging but it is what makes pioneering work impactful. There is also good support within the RAiD community which one can rely on when we face challenges.
I would also advise one to be vocal because without speaking up, no one knows what one is thinking. RAiD values the exchange of ideas and there is a culture of open collaboration. Despite being a military organisation, RAiD understands that the top-down approach is not always the best way and often seeks inputs from the ground.
If you could choose any superhero power to help you in your cybersecurity work, what would it be and how would you use it?
Photographic memory! In the military, some tools are out of bounds for our daily work. For instance, we may not be able to take photographs or record meetings for later use.
More importantly, I can remember directives without having to search through them, or write down meeting minutes. Then again, if I had that ability, I may be restricted from entering some areas since we are not allowed to bring in cameras!
Responsibilities
Responsible for ensuring that features and solutions developed are imbued with security by design and in code implementation.
Ensure that the developed product is easy to continuously develop and maintain upon deployment.
Work closely with the cloud team to ensure that product code structure complements the RAiD cloud or other hosting environments.
Modify code and fix bugs to minimise unnecessary stack complexity and eliminate security vulnerabilities, ensuring compliance with IM8.