Tham Mei Leng, Ministry’s Chief Information Security Officer, Forward Deployed to the Ministry of Sustainability and the Environment (MSE), GovTech Singapore

1. In 30 words or less, please share what you do in GovTech.

My role involves providing cybersecurity leadership to the Agency CISOs in MSE headquarters (HQ), the Public Utility Board (PUB), the National Environment Agency (NEA) and the Singapore Food Agency (SFA), charting the development of cyber and data security goals, strategies and action plans.

To subscribe to the GovInsider bulletin click here.

2. Walk us down your career. What were your significant highlights and milestones? 

My career in cybersecurity has been centred around public service, which has provided me with unique opportunities to tackle challenges that have direct impacts on our society. One of the key highlights was leading efforts to strengthen the cybersecurity posture of critical infrastructure systems, protecting vital systems to ensure our nation remains resilient against emerging threats.

A significant milestone for me was when I took on the responsibility of developing and implementing a cybersecurity framework that safeguards essential services for water management and environmental monitoring.

3. How would your friends and family describe you?

My friends and family would likely describe me as someone who is thoughtful, analytical, and deeply committed to what I do. They know I’m always striving to improve my understanding of the challenges we face. They’d say I’m always open to new ideas and perspectives.

4. What sparked your interest in joining the public sector?

My interest in joining the public sector was driven by a strong desire to serve and make a difference in the lives of others. The public sector offers a unique opportunity to work on issues that directly affect the well-being of its citizens. For me, cybersecurity goes beyond just protecting data—it’s about safeguarding the systems that people rely on every day.

At MSE, my key role is to ensure cyber resilience against threats to Singapore’s environment, water and food systems. While I’m not directly involved in sustainability efforts, my role helps to protect the systems that support essential services, such as water management and environmental monitoring. This is what truly motivates me—knowing that the work we do has a tangible impact on the lives of Singaporeans.

5. How do you use technology/policy to improve citizens’ lives or for Singapore?

As a CISO, my main responsibility is to ensure that our critical infrastructure remains robust and secure from potential cyber threats. While much of the work I do may not directly touch the lives of citizens in obvious ways, it is vital in preventing disruptions to essential services that Singaporeans depend on daily. By protecting the integrity of our digital infrastructure, I play a role in creating a safe foundation for new technologies to be applied in areas like sustainability and environmental management. This ultimately benefits all citizens by supporting Singapore’s long-term goals for resilience and environmental sustainability.

To subscribe to the GovInsider bulletin click here.

6. What was the most impactful project you worked on this year or in your time with GovTech?

One of my major achievements has been leading the creation of cybersecurity strategies for MSE HQ, PUB, NEA, and SFA. Each of these agencies operates in different domains – water, environment, and food security – but I got to harmonise their strategies to align with national cybersecurity goals while addressing their unique operational needs. This effort has helped to strengthen the overall cyber resilience of the critical services in Singapore’s public sector.

7. Everybody’s talking about AI today – give us your hot take on AI and what it means for the public sector.

AI has enormous potential to transform the public sector, but it’s important to approach it thoughtfully. AI can enhance efficiency by automating routine processes and help us make better data-driven decisions. In cybersecurity, AI is already proving value in detecting anomalies and identifying threats more quickly than traditional methods.

However, we need to be mindful of the risks, especially around privacy and ethical concerns. For the public sector, it means implementing effective governance to ensure that AI is used responsibly. AI can also be exploited by hackers to more efficiently compromise our system vulnerabilities at scale or by scammers to social engineer more believable scams. Hence, we will also need to up the game to stay ahead and help our citizen to be more aware of such threats.

8. What advice do you have for public sector innovators? Or people looking to join the public sector?

For public sector innovators, keep the broader mission in mind. Innovation isn’t just about creating new technology; it’s about finding solutions that improve lives and strengthen national resilience; always aim to serve public good and thinking about long-term impact and sustainability.

The public sector offers a chance to work on issues that have real, tangible outcomes for the society, but it also requires patience and collaboration. You’ll be part of a larger system where decisions must balance innovation with governance, policy, and the public interest.

9. What was one unexpected learning from 2024 for you?   

This year, we saw an increase in sophisticated cyberattacks targeting critical infrastructure, which highlighted the importance of not just responding to threats but anticipating them.

What stood out to me was how much collaboration across sectors is needed to address these challenges effectively. Cybersecurity can no longer be seen in isolation; it requires a coordinated effort. This learning reinforced my belief that the future of cybersecurity lies in partnerships and shared responsibility across the government, industry and society.

10. What’s a tool or technique you’re excited to explore in 2025?

In 2025, I’m particularly excited to explore the potential of user-centric security design tools that integrate product management principles with service design. With the increasing complexity of cyber threats, a purely technical approach is no longer sufficient. We need solutions that prioritise the user experience while maintaining strong security.

In essence, I’m excited to explore approaches that make cybersecurity not just a protective layer but a strategic business enabler, ensuring that security enhances, rather than hinders, both user experience and business agility.

11. What are your priorities for 2025?

My 2025 priorities will be to continue strengthening the cybersecurity posture of our critical infrastructure, especially when threats are becoming more complex. This includes advancing our use of AI and automation to detect and respond to cyber threats more efficiently, as well as fostering greater cybersecurity awareness across all levels of the organisation.

As the nature of threats evolves, it’s essential that every individual understands their role in maintaining security. Lastly, I look forward to enhancing collaboration with both local and international partners, recognising that cybersecurity is a global issue that requires collective effort.