Meet GI's Cybersecurity Champion: Lim Ee Lin, Deputy Director, CISO & Governance, Agency Chief Information Security Officer, Home Team Science & Technology Agency (HTX), Singapore

This interview is part of GovInsider's inaugural Cybersecurity Champions report featuring public sector cybersecurity officials around the world.

Please give a brief description of your job function as a cybersecurity professional, as well as what your organisation does. 

I serve as the Deputy Director (CISO & Governance) and concurrently as the Agency Chief Information Security Officer (ACISO) for the Home Team Science and Technology Agency (HTX).

HTX’s core mission is to empower the Home Team with cutting-edge science and technology solutions to enhance Singapore’s homeland security. We support frontline operations across law enforcement, emergency services, border control, and civil defence. 

As the ACISO, I am responsible for overseeing HTX’s overall cybersecurity strategy, governance, and operational resilience. This includes leading the development of security policies, driving secure-by-design practices across critical projects, managing cyber risks, and ensuring incident readiness.

I work closely with senior leadership and operational stakeholders to ensure our systems remain robust against evolving cyber threats, while enabling innovation and transformation in support of national security outcomes. 

What kind of cyber threats does your organisation face on a regular basis? 

As an agency supporting national homeland security, we operate in a high-threat environment.

We are routinely targeted by phishing campaigns, malware, credential theft, and attacks on exposed services.

Beyond these, we face advanced persistent threats (APTs), including those potentially linked to state-sponsored actors. Given the critical nature of our work, even a small compromise can have cascading effects on public safety operations—making continuous vigilance and layered defences imperative. 

In your view, what are the biggest threats and challenges (be it in the network layer, and/or in areas such as scams, phishing and identity theft) in the public sector cybersecurity scene globally? 

The public sector globally is under growing pressure from both cybercriminals and geopolitical threat actors.

Key challenges include widespread phishing and impersonation campaigns, ransomware targeting public services, and identity theft. Legacy IT infrastructure, fragmented system ownership, and the increasing digitalisation of citizen services all introduce vulnerabilities.

In the context of homeland security, the stakes are particularly high—where operational downtime or data breaches can directly affect national safety and public trust. 

To subscribe to the GovInsider bulletin, click here. 

Many say that we are entering an age of AI-driven cyberwarfare where both hackers and cybersecurity professionals use AI tools for attack and defence. What is your view? 

AI is undoubtedly reshaping the cyber battlefield. Threat actors are exploiting AI for automated reconnaissance, deepfake-driven social engineering, and advanced malware that can adapt to environments.

Conversely, defenders are leveraging AI for faster detection, behavioural analysis, and predictive defence.

However, AI must be deployed responsibly—augmented with human oversight, robust governance, and clear ethical frameworks—especially when it pertains to mission-critical homeland security systems. 

Cybersecurity is often described as a team sport whereby a network's vulnerability is often defined by its weakest link. In this context, how important is having a whole-of-government or whole-of-country cybersecurity posture?

It is absolutely essential.

Homeland security relies on a tightly interwoven ecosystem of agencies, systems, and operations. An aligned and coordinated homeland security cybersecurity posture ensures coherence in policies, incident response strategies, capability development, and threat intelligence sharing across government.

Extending this to a whole-of-country approach—by engaging critical infrastructure operators, academia, industry partners, and the wider community—further reinforces our collective resilience.

Cyber defence must be a shared national responsibility, much like homeland defence itself, with every stakeholder playing an active and accountable role. 

An often-repeated point in the cybersecurity sector is what your Plan B is after your network is breached. Can you share your point of view on this aspect?

A breach is not just a possibility—we have to be ready for it. Our Plan B centres around resilience and containment.

This includes predefined response playbooks, clearly assigned roles, secure backup environments, and communications protocols.

In a homeland security context, response speed and operational continuity are paramount. Post-incident reviews and simulations help institutionalise learning, making the organisation stronger with every challenge. 

If your organisation gave you an unlimited budget for cyber defence, what would you spend it on?

I would prioritise three areas: (1) Enhancing detection and response capabilities, particularly those powered by real-time intelligence and AI; (2) Investing in cyber talent—through structured career pathways, upskilling programmes, and domain-specific training in homeland security technologies; and (3) Advancing secure-by-design practices through R&D in emerging technologies such as quantum-safe encryption, zero trust architecture, and cyber-physical systems resilience. 

What brought you to this profession and what do you love the most in your job and what would you like to improve?

I was drawn to cybersecurity by the opportunity to serve the public interest while engaging in intellectually challenging work.

What I value most is the clarity of mission—contributing to Singapore’s safety through the invisible shield of cyber defence.

Every threat countered, every system hardened, has a real-world impact. I would like to further enhance how cybersecurity is integrated into upstream technology development—embedding security early, not as an afterthought. 

The lack of qualified cybersecurity professionals is a global problem, how do you think this can be overcome?

Addressing this shortage requires both structural and mindset change. We need to spark interest in cybersecurity from an early age—through engaging education, gamified learning experiences, and meaningful exposure to real-world applications.

Stronger partnerships with Institutes of Higher Learning (IHLs), such as universities and polytechnics, are vital to ensure that curricula remain aligned with evolving national and industry needs. 

Support for mid-career transitions is also key, with mentorship, upskilling programmes, and diverse role pathways that welcome professionals from adjacent fields.

Just as importantly, we must challenge outdated perceptions—cybersecurity is not a male-dominated field by nature, and we must intentionally create space for diverse talent to thrive.

In the context of homeland security, where systems are increasingly technology-driven and complex, cultivating domain-specialised cyber professionals will be critical to building sustainable capabilities. 

If you had a chance to restart your career from scratch, would you still want to be cybersecurity professional and why?

Absolutely.

My journey in cybersecurity has always been fuelled by passion—a genuine fascination with how systems work, how threats evolve, and how we can outpace them to protect what matters.

It’s a field that challenges me intellectually while allowing me to contribute meaningfully to something larger than myself: the safety and resilience of our nation.

The dynamic nature of this work, coupled with its real-world impact, keeps me energised and inspired every day. If I had to start all over again, I’d still choose this path—without hesitation.