Muhammad Amirul Afiq Jaffar, Senior Cybersecurity Consultant at the National Cyber Incident Response Centre, Cyber Security Agency of Singapore

Meet the young public sector officials in the inaugural Young & Official Report 2026.

Muhammad Amirul Afiq Jaffar, Senior Cybersecurity Consultant at the National Cyber Incident Response Centre, Cyber Security Agency of Singapore. Image: CSA

1) What does public service mean to you? Can you share more about your role in the public sector?


Public service, to me, is about doing work that matters even when no one sees it.


My role as a Senior Cybersecurity Consultant in the Cyber Security Agency of Singapore's (CSA) National Cyber Incident Response Centre involves performing threat hunting within Singapore's critical information infrastructure, identifying threats that remain dormant within organisations before they can cause damage.


More often than not, we don't find malicious activity, but we do surface misconfigurations, policy breaches, and other issues that quietly create risk.


Each of these findings, however small, helps to improve the overall cybersecurity posture of the organisation. When something does slip through undetected, it's ordinary Singaporeans who feel it.


Ultimately, public service is about knowing that the work you do, however invisible, matters to someone out there.

2) Tell us about a project you championed. What impact did it have on the community?


One of the projects I championed was to align public sector agencies towards proper and consistent threat hunting practices.


The project establishes a common standard across agencies, covering the essentials of what good threat hunting practice looks like, from the data that should be collected to how findings should be reported and documented.


With artificial intelligence (AI) now accelerating vulnerability discovery at a pace that outstrips traditional patching cycles, the urgency to get this right has never been greater.


By building a more proactive and coordinated approach, we're strengthening Singapore's collective ability to detect, respond to, and maintain a clearer picture of the threat landscape across Singapore's infrastructure, so that when something surfaces, we're ready to act.


Early signs through consultation with practitioners across the government have been encouraging, with them recognising this approach as a meaningful step forward in uplifting the practice of threat hunting.

3) As a young professional, how has your unique background or perspective allowed you to identify a solution that others in your organisations might have overlooked?


My university experience shaped a curiosity for exploring and adopting new technologies. That curiosity carried over into how I approached work.


Some practices aren't broken, but they've run out of runway to stay relevant, and that hunger pushed us to adopt a build fast, test fast, scale or drop mindset.


In an environment more accustomed to established and proven approaches, reaching for emerging tools wasn't always the default instinct.  


A good example in the past was migrating our work to the cloud, where we explored emerging options like AWS Glue for ETL workloads and Kubernetes for containerisation, giving us the scalability we needed and something that might not have been on the table without that willingness to look beyond what was familiar.

4) What is your personal strategy for maintaining your creative energy when faced with bureaucracy?


My strategy is to just try it first.


Start small at a personal or team level, build something tangible, then bring it back to your bosses with proof. Bureaucracy is easier to navigate when you're showing results rather than asking for a leap of faith. Nobody is going to champion your idea for you, so you have to do that legwork yourself.

5) If you had just one area to invest in to accelerate transformation in the public sector (regulation, technology, talent, etc.), which one would you choose and why?


Talent.


Technology can be bought, and skills can be trained, but judgment and experience take years to build. That's what walks out the door when we lose good people. In cybersecurity, retention has always been a struggle.


The private sector tends to be a more attractive option for many, and when someone leaves, we're not just losing a headcount; we're losing years of hard-earned context and experience.


Transformation can't gain momentum if we're constantly rebuilding from the ground up every time we lose someone. Get the people piece right, and we'll have a foundation that everything else can be built on.

6) What is your greatest ambition as you grow in your public service career?


My greatest ambition is to be able to leave a lasting impact on the culture and standards of cybersecurity in the public sector.


Not just through the work itself, but by encouraging good practices, proper cyber hygiene, and most importantly, an inquisitive mindset. Technical skills can be taught, but if I can play a part in building a generation of practitioners who ask the right questions, do things the right way, and are always looking for better and faster ways to do them.


That’s the kind of impact that outlasts any single project or initiative.

7) What is a “universal value” that connects everyone in your department – from interns to directors – and how do you use that to drive collaboration?


Mutual trust.


We try to encourage a culture of being comfortable in asking questions, regardless of how simple or complex they are.


Nobody has all the answers, and the moment people start holding back because they're worried about how they'll come across, that's when things get missed.


When there's enough trust and safety in the room for anyone to speak up, that openness is what drives real collaboration, not just working alongside each other, but actually thinking together.

8) What is the best piece of advice you’ve got for the next generation of public servants?


Stay true to the reason you joined the public service. It sounds simple, but it's easy to lose sight of that when you're deep in bureaucracy, hitting walls, or feeling like your work isn't moving the needle.


There will be roadblocks, and there will be moments where you question whether it's worth it. But if you can keep coming back to your original intent, that's what carries you through. The work is hard, and the progress can be slow, but the reason you started is usually bigger than any single obstacle you'll face.

9) What is a myth you wish to debunk about young public servants?


A common myth is that young public servants are too idealistic and don't understand how the real world works.


But I'd push back on that.


The moment we start accepting that frame, we become resigned to the status quo and complicit in keeping things the way they are.


Yes, the system has its constraints, but idealism isn't naivety. It's what drives change. Some of the best improvements came from those who refused to accept that things had to stay the way they were. Young public servants aren't disconnected from reality; they're just less willing to resign themselves to it.

10) Write a letter to your future self in 2035. Please keep it within 200 words.


Hey Afiq,


Hope you're doing well, and I hope you haven't become one of those people you used to roll your eyes at. Still doing the tough work?


Still asking the tough questions? I hope you still are. Once you get too comfortable, that’s likely the moment things start going downhill.


I hope the stuff we built actually held up.


The infrastructure, the practices, and the culture we were trying to shape. And I hope the people around you are better for it.


The bureaucracy was real, the frustrations were real, but so was the reason you joined.


I hope you never let one drown out the other. And honestly, I just hope Singapore is a little safer and a little better because you showed up and did the work. That was and will always be the point.