Women in Cyber: Behind Singapore healthtech's cyber walls

By Shirley Tay

Interview with Christine Koh, Lead Engineer, Infrastructure Services-Security Implementation & Management Services, IHiS.

What sparked your interest in cybersecurity?

I like to watch the America drama series “Crime Scene Investigation (CSI)” a lot. Cybersecurity, in a way, is similar to what the detectives do in CSI when it comes to investigating the crime, in cyberspace. Information security is a very important consideration nowadays with emerging technologies and the threats that come with it. I am intrigued by the evolving landscape and wishes to involve myself to learn and understand more about the field.

What has been the most interesting project of your career?

Being in HealthTech interests me. Working in IHiS, the tech agency for Singapore’s public healthcare sector, I have gotten to know and understand the importance of HealthTech and how it contributes to the public healthcare institutions who look after the health of Singapore.

I am currently the project manager of the Central Firewall Management System, a project to setup
the solution to achieve a centralised visibility for all firewalls across the public healthcare networks. With this solution, we need to apply network security policies to efficiently manage firewall devices
from multiple vendors.

I am proud to contribute my time and knowledge to this project which helps to keep the cyber systems in public healthcare secure.

What has been the biggest challenge of the past year? How did you tackle this?

Implementing the Central Firewall Management System (CFMS) has been the biggest challenge for me in the past year. As working in IHiS was my first experience in the HealthTech sector, having to see through the project from the start, which include the entire procurement process from evaluation of vendors, price and legal negotiations has been a learning experience.

After the vendor was appointed, we engaged with more than 20 public healthcare institutions to prepare for project implementation, which involves the on-boarding process of over 100 units of
firewall devices of different brands. One of the key challenges was that the institutions’ devices and
their change process and execution window requirements are different. Hence engaging the
different stakeholders to understand their requirements and specifications and doing careful
detailed planning was critical before each roll-out, as there are firewalls with more than a thousand firewall rules.

Throughout this process, my team and I tackled the challenges that come our way by making plans in advance – like crime scene investigators who plan ahead and problem-solve together by ploughing through available information and thinking out of the box – and not being afraid to reach out to other teams and colleagues for support and helping hands to ensure that the project goes on smoothly as planned. At the end of the day, I take pride in deploying a solution that improves the effectiveness and efficiency of the firewalls through centralised management.

What do you look forward to most in your work?

With the various opportunities I am given in this organisation, I look forward to expanding my domain knowledge in cybersecurity and being part of the strong team which builds and maintains cybersecure systems for public healthcare.

What/who inspires you most?

My mum inspires me the most. She always teach me how to show respect and speak with humility to everyone. She motivates me to grow myself professionally and supports me in whatever I do. She also thought me how to handle the ups and downs in my life with strength and resilience.

What are the three areas of cybersecurity you’re most interested in?

I am currently interested in the following areas of cybersecurity as they are closely applicable to the major project I am currently handling:

Access Control – As it is always important to control access to information so we can maintain the confidentiality, integrity and availability of that information, learning more about access control allows me to understand the importance of preventing unauthorised users from retrieving, using or altering information. While working on CFMS, the concept of Access Control is absolutely important as we need to grant the appropriate level of access for firewall administrators who are able to perform routines and activities to maintain the firewall operations. This is akin to operating like a crime scene investigator before they proceed to investigate a crime scene – establish a perimeter and deploy security to guard the scene and only allow authorised persons into the restricted area.

Security Architecture and Design – Each type of information systems platform (i.e.: workstation, servers, switches, firewall, virtualisation or cloud) that makes up the information technology infrastructure has its own unique vulnerabilities. Understanding more about the security architecture and design allows me to have a better appreciation on how to secure and protect entire systems and the critical role a sound firewall system plays within the entire network.

Operations Security – This refer to the actual process for implementing, maintaining and monitoring safeguards and controls on a daily basis to prevent security incidents. Having a good CFMS would mean having an efficient preventive control which decreases the threat of unauthorised users accessing the system and modifying information. Hence, ensuring that these firewalls work efficiently will allow the operations security teams to reduce security incidents and when the need arises, to react quickly to potential threats.

What advice would you give to women looking to start a career in cybersecurity?

Security – be it physical or virtual – starts with protecting yourself, your family and your loved ones. This applies to cybersecurity. If you are interested in this field, go ahead and start exploring with a curious mind but take steps to mitigate the risks. Take small steps forward one at a time to explore broadly. Who knows, you may find a specialisation within cybersecurity that will become your calling in the future.