Ang Kar Min, Consultant, Cybersecurity Engineering Centre, Cyber Security Agency of Singapore (CSA)

1. How do you use technology/policy to improve citizens’ lives? Tell us about your role or organisation. 

As a member of the Attack Simulation Group (ASG) within the Cyber Security Agency of Singapore (CSA), we play a crucial role in safeguarding critical systems.

Our mission is to identify vulnerabilities in systems and networks belonging to owners of Critical Information Infrastructure (CII), simulate cyber-attacks, and provide actionable insights to enhance the security posture of organisations that rely on these systems. 

Recently, we performed a purple team assessment emulating attacks from threat actors such as Blackcat and Volt Typhoon and provided recommendations to their security team to better prevent, detect, and respond to cybersecurity threats. 

Before joining ASG, I was an officer in the Critical Information Infrastructure Division (CIID) at CSA.

The division works to strengthen the cybersecurity resilience of CII against cyber threats, through governance, capability development, as well as public-private and international partnerships.

To proactively address supply chain attacks and vulnerabilities like SolarWinds and Log4j, we launched the CII Cyber Supply Chain programme. We worked with industry and government reps to create solutions for cyber supply chain risks.

This experience of fostering international cooperation and information sharing showed me that tackling cybersecurity challenges is truly a team effort. 

To subscribe to the GovInsider bulletin click here.

2. What was the most impactful project you worked on this year? 

This year, I was part of the Mobile Security Taskforce, an initiative which brought together various government agencies to combat malware-enabled scams.

The taskforce works to safeguard citizens from falling victim to these scams, a feat that fills me with immense pride.

Through this experience, I gained valuable insights into the prevalence and impact of these scams as well as a comprehensive understanding of the modus operandi of scammers, and the alarming extent of their activities.  

Digital scams represent one facet of the risks associated with technological advancement, but by working together, we can reduce these risks and build trust in digital systems.

This initiative resonates with me because, by taking steps to address the pervasive issue of these scams upstream, we can do our part to keep Singapore's cyberspace safe and secure for everyone, including my family and friends.  

3. What was one unexpected learning from 2024? 

One unexpected learning from 2024 came from participating in the inaugural Allied Power Exercise in South Korea. It was hosted by the Korea National Cyber Security Centre and organised with NATO Cooperative Cyber Defence Centre of Excellence.

It was my first time participating in a blue team exercise with cybersecurity specialists from other countries, allowing me to gain invaluable insights into network defence and attack mitigation techniques and understand how other countries identify threats, implement security measures, and respond to simulated cyber-attacks from a different perspective.

This experience helped me to gain knowledge and skills to better advise system owners on mitigating cybersecurity threats. 

This event also highlighted the importance of international collaboration in cybersecurity, showing that our collective efforts significantly strengthen our defences. 

4. What’s a tool or technique you’re excited to explore in 2025? 

I'm excited to delve deeper into integrating AI with cyber threat intelligence to understand the latest tactics used by threat actors.

This will help me and my team to create more realistic scenarios for our purple teaming exercises, improving our ability to anticipate and mitigate potential threats. 

To subscribe to the GovInsider bulletin click here.

5. Everybody’s talking about AI today – give us your hot take on AI and what it means for the public sector.

I'm thrilled to see AI being increasingly adopted in different areas, especially in the public sector. AI boosts our efficiency and lets us focus on more important tasks.

For example, an AI chatbot assistant for public servants that has significantly sped up tasks like writing emails, doing research, and generating new ideas.  

Beyond day-to-day productivity, AI has the potential to be a game-changer for cybersecurity, especially when integrated into our adversarial attack simulation exercises and ultimately improving the quality of our work.

AI helps us create more realistic and tailored exercise scenarios, enhancing the capabilities of both the red and blue teams.

For the red team, AI can accelerate and optimise efforts from reconnaissance to exploitation. For the blue team, AI speeds up security tasks and improves their ability to predict, detect, and respond to cybersecurity threats. 

By staying up to date with the latest advancements in tools and techniques, we ensure our readiness to tackle any emerging threats and challenges. It's exciting to see how AI can transform our work and make our cyber defences stronger. 

6. What are your priorities for 2025? 

My priority for 2025 is to find solutions to fix vulnerabilities in mobile apps. This would require me to improve my knowledge and skills in mobile app security through leveraging AI and staying updated on threats targeting mobile platforms.

With a goal to create a safer digital world for everyone, I'm excited about the opportunities ahead and can't wait to make a meaningful impact in this fast-changing field. 

7. What advice do you have for public sector innovators? 

Embrace continuous learning and stay updated with the latest technological trends. These help in identifying new opportunities and solutions that can enhance public services.

Additionally, I believe it's essential to thoroughly understand the problems at hand and empathise with the users.

By putting ourselves in the shoes of the people we are serving, we can better understand their needs, challenges, and perspectives, and create solutions that are truly beneficial and user-friendly. 

8. Who inspires you today? 

Angela Merkel, the former Chancellor of Germany inspires me. She led Germany through multiple successive crises such as the financial and refugee crisis in a calm and decisive manner. 

As a cybersecurity professional, I hope to be able to remain calm and decisive when facing cyber threats. I really connect with her scientific background and methodical problem-solving approach, and it inspires me to tackle cybersecurity issues in a clear and structured way.

Her resilience, commitment to her values and leadership style encourages me to similarly lead by example and strive for excellence in my field.