Meet GI's Cybersecurity Champion: Michaela Chua, Development Programme Manager, Cybersecurity Programme Centre, Defence Science and Technology Agency (DSTA), Singapore

This interview is part of GovInsider's inaugural Cybersecurity Champions report featuring public sector cybersecurity officials around the world.

Please give a brief description of your job function as a cybersecurity professional, as well as what your organisation does. 

I am currently a Development Programme Manager in Defence Science and Technology Agency’s (DSTA) Cybersecurity Programme Centre, where I leverage deep kernel technologies to develop highly specialised cyber solutions to enhance digital defence for Singapore’s MINDEF and the SAF.

I lead software development teams to develop custom in-house solutions focused on protecting defence systems and networks through encryption.  

What kind of cyber threats does your organisation face on a regular basis? 

In today’s highly contested and fast-evolving cyber landscape, threats are not only wide-ranging and constant but also deliberate and increasingly sophisticated. 

Thus, our cyber defence strategy involves leveraging best-of breed commercially-off-the-shelf (COTS) cybersecurity products to safeguard our networks. Increasingly, we notice that adversaries are also targeting some of the well-known COTS products.

It became clear to us that we need to develop bespoke, in-house solutions purpose-built to address the growing threat in the cyberspace. That’s why DSTA invests in developing our own capabilities.

It’s part of how we stay agile, adaptable and ready for new emerging threats.  

In your view, what are the biggest threats and challenges (be it in the network layer, and/or in areas such as scams, phishing and identity theft) in the public sector cybersecurity scene globally? 

The rapid advancement of emerging technologies like Artificial Intelligence (AI) and quantum computing introduces new and complex risks to the cyber landscape.

We may be approaching a point where quantum computing could challenge the systems we currently rely on to keep our data secure.

Encryption standards protecting the most sensitive systems today may, in time, be compromised, continually challenging us to rethink and redesign how we defend our digital infrastructure for the future. 

Public sector organisations globally may face similar risks as custodians of massive troves of personal, financial, and mission-critical data.

A quantum-capable adversary could, in theory, access this information on an unprecedented scale, threatening national security, eroding public trust, and disrupting essential services.

Many of these organisations could still be relying on legacy systems that are not originally designed to withstand quantum threats, making the transition to quantum-safe standards not only essential, but also urgent and highly complex.

In DSTA, we develop solutions with these challenges in mind, guided by strong systems thinking, close collaboration across teams and a drive to build future-ready capabilities. 

To subscribe to the GovInsider bulletin, click here. 

Many say that we are entering an age of AI-driven cyberwarfare where both hackers and cybersecurity professionals use AI tools for attack and defence. What is your view? 

AI has rapidly become a double-edged sword in cyber warfare. On one hand, it powers advanced defence mechanisms that can detect anomalies, predict attack patterns, and automate threat mitigation at machine speed.

On the other, adversaries are using AI to develop sophisticated malware, automate phishing campaigns, and identify system vulnerabilities faster than ever before.

This AI-versus-AI battlefield will become the norm, where both hackers and defenders deploy adaptive algorithms in a continuous cycle of attack and response.

It will no longer just be about keeping up. In DSTA, we are moving towards setting a clear operational framework that ensures AI tools are used wisely, transparently, and effectively within our defence infrastructure. 

Cybersecurity is often described as a team sport whereby a network's vulnerability is often defined by its weakest link. In this context, how important is having a whole-of-government or whole-of-country cybersecurity posture?

Within the public sector, this means engaging with partners across government, industry, and academia, not just locally but internationally, to share threat intelligence and strengthen collective defences.

Equally important is the mutual sharing of cybersecurity solutions and capabilities within the broader government ecosystem.  

By sharing our in-house cyber capabilities within WOG, we also streamlined our efforts and accelerate the capability growth across agencies. And more importantly, we reap the benefits of raising the collective cyber maturity of the public sector.

Given our limited talent pool, I believe that there is immense value in ensuring our locally-developed innovations are not siloed and only through active collaboration can we close the gaps that adversaries seek to exploit. 

At DSTA, we believe that a unified approach is key to building resilient systems that can withstand increasingly complex cyber threats.  

An often-repeated point in the cybersecurity sector is what your Plan B is after your network is breached. Can you share your point of view on this aspect?

For a defence organisation like DSTA, we take every near-miss incident as an opportunity to coordinate and improve our operational response between various teams.

Teams such as Incident Response, Threat Hunting, Red and Infrastructure teams also work together to frequently test and refine our incident response playbooks and ensure everyone understands their role when systems go down.

These exercises are extremely crucial in sharpening the effectiveness of our response and recovery measures. Ultimately, the real test of our cyber maturity is not whether we can avoid every attack, but how effectively we respond, recover, and restore trust. 

If your organisation gave you an unlimited budget for cyber defence, what would you spend it on?

If I’m given an unlimited budget for cyber defence, I would adopt a transformative approach that considers both today's threats and tomorrow's possibilities – a mindset we embrace in DSTA.

With additional resources, we can scale up our efforts in investing in people by focusing on developing strong cyber teams through continuous education, real-world simulations, and nation-wide collaboration.

While technology plays a critical role, skilled and adaptive professionals remain an essential line of defence. 

There is also the need to spend on modernising one’s infrastructure, where necessary, to better prepare for future threats.

This might involve deploying quantum-resistant encryption, implementing advanced zero-trust architectures, and designing systems with resilience in mind – building on the foundation that DSTA has already laid.  

What brought you to this profession and what do you love the most in your job and what would you like to improve?

What brought me to join DSTA in championing cybersecurity for the nation was a passion for problem-solving in high-stakes environments and the opportunity to develop deep technical skillsets.

Cybersecurity is one of the few professions where one can continuously be learning – whether its mastering encryption standards, understanding network architecture, or staying ahead of the latest attack vectors.

DSTA has a strong learning culture where we regularly share knowledge through lectures and courses, exchange perspectives and support one another’s growth. Everyone is always so ready to share their knowledge and experiences.

This field requires a blend of theoretical knowledge and hands-on technical expertise, so we constantly spar ideas and help each other, making it an attractive and ideal environment for those who thrive on complexity and innovation.  

Personally, I strive to develop not just technical proficiency, but also greater strategic thinking, leadership skills, and the ability to communicate complex risks in accessible terms. And my organisation places strong emphasis in nurturing such skills among the staff too.   

The lack of qualified cybersecurity professionals is a global problem, how do you think this can be overcome?

In my view, we should aim to change the perception of cybersecurity, where it is not just a technical field for specialists but a domain critical to every aspect of modern society.

Recognising the need for diversity can certainly help us to attract a wider, more dynamic pool of professionals to meet the growing demand. 

If you had a chance to restart your career from scratch, would you still want to be cybersecurity professional and why?

If I had the chance to restart my career from scratch, I would still choose to be a defence cyber warrior without hesitation.

Few careers offer the unique concoction of intellectual stimulation, societal impact, and continuous discovery that cybersecurity provides. Every day, there is something new to learn and new ways to collaborate with brilliant minds across disciplines.

More importantly, the opportunity to make a tangible difference in protecting our national interests while operating on the frontlines of technological innovation is incredibly fulfilling.

It’s something I’ve found deeply meaningful in my journey with DSTA.