Assoc Prof Wei Jeng, Deputy Director-General of Administration for Cyber Security, Ministry of Digital Affairs (MODA), Taiwan

Wei Jeng holds dual roles as the Deputy Director-General of Administration for Cyber Security, Ministry of Digital Affairs (MODA), Taiwan; as well as the Associate Professor at the Department of Library and Information Science, National Taiwan University.

1) How do you use your role to ensure that technology and policy are truly inclusive?

I work at the intersection of academia and government, which shapes how I think about inclusion. I am a university professor in Library & Information Science, and currently serve as the Deputy Director-General of Taiwan’s Administration for Cyber Security.

My academic work focuses on open science and the public’s cybersecurity awareness. I am fascinated by the dynamics and tensions between "openness" and "anonymity" of information. 

As a university professor, I think of myself as a travel adapter, someone who connects the languages of academia and the public sector, of technical experts and policy makers, of younger and more senior colleagues, making communication possible where it previously wasn’t.

In addition to being an adapter, I aspire to act like a fuse. When a policy design starts showing signs that it might exclude certain groups, I want to be the one to step in and stop it in its tracks, much like a fuse that blows to break a circuit before damage is done. 

The Administration for Cyber Security is an agency that uses very precise terminology.

For example, the legal distinction between the “responsible” and “dedicated” cybersecurity personnel is one of a single word, yet we spent a tremendous amount of effort clarifying and defining these terms during our legislative drafting process.

This sensitivity to language reminds me that even changing a single word or metaphor can subtly change whom a system includes or excludes. 

2) What’s a moment in your career when you saw firsthand how technology or a new policy changed a citizen’s life for the better?

For years, “cybersecurity talent” in Taiwan had been treated as a single, monolithic profession, which is unintentionally excluded non-technical backgrounds.

Around 2020, Taiwan began adopting international competency frameworks to rethink how cybersecurity talent is defined: frameworks such as ENISA’s ECSF and the U.S. NICE Framework revealed a diverse landscape of specialised workroles in cybersecurity.

With these more granular classifications, government teams gained a clearer view of the competencies needed across strategic, managerial, and technical domains, where the gaps lay, and how talent should be developed.  

I once met a young graduate from a social science background who said she never imagined cybersecurity had room for someone like her.

After reviewing the competency framework, she realised her strengths in auditing, compliance, and governance fit naturally within the field. Seeing her move from feeling like an outsider to recognising her own place reminded me why this shift matters. Her experience echoes my own path.

I was trained in information science and initially assumed that knowledge such as data management and information organisation had little connection to cybersecurity.

Over time, I came to understand that cybersecurity depends on the ability to name, classify, and organise complex systems. Workforce roles, threat taxonomies, and maturity models all rely on this type of conceptual work, which is a core strength of information science. 

Role-based classifications are only one step toward addressing Taiwan’s broader workforce needs, but they have lowered barriers for people from different disciplines to enter the field and start contributing.

Even small moves toward more inclusive governance can help cultivate a stronger and more resilient ecosystem. 

3) What was the most impactful project you worked on this year, and how did you measure its success in building trust and serving the needs of the public?

Although Taiwan produces nearly 20,000 IT graduates each year, only about 10 percent enter cybersecurity.

Many choose other IT sectors, and some of their training does not align with industry needs. As a result, even with many vacancies, companies struggle to find suitable talent. 

 The project that impressed me most this year was building the “National Cybersecurity Talent Demand Zone,” Taiwan’s version of the U.S. CyberSeek.

Instead of simply replicating the U.S. model, the team I led held multiple focus group studies with recent graduates, frontline engineers, and cybersecurity managers to understand their challenges in finding career information and opportunities for professional growth.

Their feedback became the core of our design. I hope this new platform will become a practical career navigation tool for cybersecurity professionals and better support job seekers and practitioners at different stages of their careers. 

4) What was one unexpected lesson you learned this year about designing for real people? This can be about a specific project or a broader lesson about your work.

This year, I led the small and medium-sized enterprise (SMEs) Cybersecurity Guidance Program at the Administration for Cyber Security.

The team was planed to begin with a few pilot sites, assuming that mentoring a small number of representative SMEs and sharing our materials online would help elevate the broader ecosystem.

But once we calculated the scale (Taiwan has about 1.7 million SMEs), we realised that even serving 1,000 companies would reach only a fraction of the whole.  

This simple calculation forced a shift in our approach. Instead of trying to help every business directly, we indeed needed a model that was reproducible, scalable, and easy to disseminate.

To strengthen scalability and resilience, we started designing a national emergency-response directory for SMEs. The ACS invited cybersecurity firms across Taiwan and co-design a program that specifies service commitments, roles, and responsibilities.

In particular, participating vendors are listed in a transparent registry so SMEs know exactly whom to contact when an incident occurs. This focus on proximity matters.

In Taiwan, there is a saying that even if people don’t yet know each other, they trust those who share the same place (人不親，土親).

We want SMEs to have local, reliable partners—not just for one-time fixes, but for building long-term relationships that strengthen community-level cybersecurity.

The goal is not centralisation but empowerment, enabling communities to protect themselves and one another. 

5) We hear a lot about AI. What's a practical example of how AI can be used to make government services more inclusive and trustworthy?

I remain cautiously optimistic about AI technology, believing it has the potential to make government services more inclusive.

For example, I envision a future where small businesses have access to 24/7 multilingual intelligent customer service, so that non-native speakers and disadvantaged groups can get cybersecurity assistance whenever they need it.

That kind of always-available support powered by AI could help level the playing field. 

However, I also recognise that my views on AI might be somewhat idealistic.

To make sure AI truly increases inclusivity and trust, governments need to put sound internal mechanisms in place before adopting any AI solutions.

In other words, we should build robust accountability systems and comprehensive risk management ahead of time, rather than scrambling to fix problems after they occur.

For instance, if a government plans to use AI for things like classifying policies, prioritising services, or predicting risks, it must first establish clear frameworks: models to evaluate the risk of errors or bias, strong accountability measures, and channels for citizens to appeal or report issues.  

To subscribe to the GovInsider bulletin, click here.

6) How are you preparing for the next wave of change in the public sector? What new skill, approach, or technology are you most excited to explore in the coming year?

While working on revisions to our cybersecurity laws this year at ACS, I discovered two gaps in my own expertise.

First, when dealing with cybersecurity terminology, I realised I’m not as attuned to frontline realities as some of my colleagues who work in the field.

Second, when reviewing the wording of legal provisions, my command of legal language is far weaker than that of colleagues with formal legal training.

Through this experience, I recognised that the public sector, especially amid rapid technological and governance changes, needs both a “sense of the scene” and a “sense of the system.”

The government needs people who understand the on-the-ground situation firsthand, and who can also translate those real-world insights into sustainable institutional systems.

My goal is to cultivate these capabilities to act as a more effective bridge between technology and policy, helping the public sector maintain trust and build resilience amidst continuous change. 

7) Many young innovators burn out early. What guidance would you offer to those entering public service with a strong desire to serve? 

Having spent time in both academia and government, I’ve observed that many innovators entering the public sector or higher educations already carry a very strong sense of mission, deep empathy, and plenty of enthusiasm.

They often approach their roles like a protagonist, always striving to do their very best and to take care of everyone around them in a story. These innovators pour in enormous amounts of time and emotional labor.

This work can be intellectually demanding and emotionally draining, and over time, it’s easy to burn out even the most passionate people. 

Therefore, my advice is: remember to take care of yourself, and also remember to take care of the system.

When promoting innovation, in addition to having good ideas, it's even more important to have institutional designs that can support these creative ideas, ensuring that the concepts and achievements do not disappear with the individual's departure.

At the same time, only by not exhausting oneself can one truly illuminate the future path for more people. 

8) Your work often sits at the intersection of trust and security. What inspires you to keep building a safer and more trusting public sector? 

I am inspired by the everyday goodwill of people. I often notice small acts of kindness in daily life and on social media.

For example, I once saw a traveler who couldn’t return a rented power bank ask for help on Threads and a kind stranger literally got off a subway train (i.e., MRT in Taipei) early to help return it on their behalf.

I’ve seen parents, stuck in school traffic, offer a ride to a neighbor’s child who was running late. I’ve seen honest passersby return lost wallets intact. These are truly ordinary scenarios but showing people’s willingness to help each other even when they’re strangers.

That genuine community spirit motivates me. However, I’m aware that if any link in these small acts of kindness is exploited by someone malicious, a heartwarming story could turn into a horror story: someone could pretend to help just to harm or steal.

On one hand, I champion public trust and goodwill; on the other hand, my job at ACS often requires me to warn people to “trust no one” in order to stay cyber safe.  

On reflection, I’ve learned that security and goodwill are not actually in conflict. Strong security protocols create a safe space for kindness to flourish without fear.

Realising this has helped me resolve my inner contradiction. My job at ACS is ultimately protecting the goodwill in our communities so that people can continue to help one and another.  

9) If resources were unlimited, how would you expand or reimagine cybersecurity education to better serve communities?

Over the past two years, I've collaborated with Google.org, UC Berkeley, and the National Institute for Cyber ​​Security (NICS) to transplant the US’ Cyber ​​Clinic program to Taiwan. 

In the United States, Cyber Clinics are university-based initiatives that combine classroom learning with real-world cybersecurity consulting for the community.

In Taiwan, we’ve initiated a similar model through government agencies like the NISC or ACS, providing grants for university faculty members to run semester-long courses where students get out of the classroom and into the field.

In this model, students complete cybersecurity checklists and risk assessment reports for real organizations. They work directly with local SMEs (small and medium-sized enterprises) and non-profits to identify security problems and suggest improvements.

The students get to experience firsthand the impact they can have in the real world, and the SMEs/non-profits receive cybersecurity help that is flexible, empathetic, and supportive.

These organisations often feel truly understood, and they know that by participating, they’re also helping the next generation gain practical experience. 

If I had an unlimited budget, I would expand this kind of program to as many universities as possible.

My dream project would be to see Cyber Clinic courses running in countless universities in the world (and I am sure that Consortium of Cybersecurity Clinics will be happy, too), giving many more students the opportunity to step off campus and assist local businesses and organisations.

The goal wouldn’t be to produce earth-shattering results. Small wins are valuable: found one security risk, or properly interpret one security report, or even just sit down and walk an SME through a privacy setting – that would already be a meaningful contribution for this program.  

10) Outside of cybersecurity, what brings you joy or energy in your everyday life? 

One of my greatest passions outside of technology is language and the humor that lives in our everyday words!

I’m particularly fascinated by the hidden message in ordinary language. Even the simplest sentence can carry so much beneath the surface: a subtle power dynamic, an act of kindness, a tiny provocation, or a quiet joke. I find a unique joy in noticing and decoding these layers of meaning.

I love capturing those little moments and appreciating their humor and insight. It’s a private little delight for me, and it keeps me curious about people and communication all the time. I also enjoy strength training.

I have been working on a personal goal: to deadlift 100 kg by the end of 2025! I am about 5 kg away from that target.

It is a challenge I have set for myself outside of my academic work and the job at ACS, and I am looking forward to hitting the target.