Sofia Wong, Cyber Security Consultant, Maritime and Port Authority of Singapore (MPA)

1. How do you use technology/policy to improve citizens’ lives? Tell us about your role or organisation. 

During my time as an incident responder in the Singapore Cyber Emergency Response Team (SingCERT), under the Cyber Security Agency of Singapore (CSA), I responded to incidents by analysing reports by stakeholders and conducted technical analysis on artefacts such as phishing emails to assess the possible impact.

After the detailed analysis, technical advice was provided to guide the stakeholders on the remediation and preventive measures to be taken. 

I worked closely together with my colleagues to produce alerts and advisories to forewarn the stakeholders on possible cyber threats and vulnerabilities.

The alerts and advisories describe the various attacks, vulnerabilities, best practices and remediation measures to mitigate these risks. It enables stakeholders to take necessary precautions to protect themselves and strengthen their cybersecurity posture.

Stakeholders can subscribe to SingCERT’s mailing list to stay updated on evolving cyber landscape. 

In addition, I had the opportunity to engage with members of the public at schools and community spaces to help raise cyber awareness and encourage adoption of cyber hygiene habits. 

To improve cyber readiness, I had participated in national cyber incident response exercises and responded to different injects that were released at different stages. These experiences enhanced my preparedness to respond effectively to different cyber scenarios. 

To subscribe to the GovInsider bulletin click here.

2. What was the most impactful project you worked on this year? 

My most impactful project this year focused on improving the department’s efficiency and technical capabilities.

I evaluated various tools to facilitate implementation of new work processes and developed Python scripts to automate some of the manual work processes. 

3. What was one unexpected learning from 2024? 

I chanced upon an episode from Season 14 of a show titled Shark Tank where a father and son teamed up to pitch their reading glasses business to a group of potential business investors. 

The father in the show shared an insightful advice: “You can always make more money, but you can’t make more time”.

It is a timely reminder of how precious time should be utilised wisely, and we should make time for our loved ones and pursue our dreams and goals boldly amidst our busy work schedules.

I have gradually learnt to be comfortable with stepping out of my comfort zone and keep an open mind to learn, unlearn and relearn. We need not be fully prepared to work on new assignments as we can learn along the way.  

Therefore, let no fear hold us back and let’s open our wings and fly to achieve greater heights in our life. 

4. What’s a tool or technique you’re excited to explore in 2025? 

I am excited to continue my exploration with tools related to Governance, Risk and Compliance that can improve productivity, and I would like to delve deeper into the principles of threat hunting which is instrumental in proactive cyber defence. 

To subscribe to the GovInsider bulletin click here.

5. Everybody’s talking about AI today – give us your hot take on AI and what it means for the public sector.

In my opinion, AI is a double-edged sword, which brings both benefits and drawbacks. 

AI is not meant to replace a certain task completely, but rather to complement efforts by humans in some areas such as automation of workflow.

The use of AI in certain projects must be evaluated thoroughly from different perspectives, considering the value it can add, and how it should be used appropriately. 

AI may also be misused by threat actors. For example, it can generate realistic videos and pictures that may be deceptive to some who are not vigilant or incapable of differentiating – i.e. deepfakes.

As such, it is important to stay alert and practise due diligence to discern information available online. 

6. What are your priorities for 2025? 

I would like to keep abreast of developments in the evolving cyber landscape. I believe it is imperative to harbour a curious mindset and never stop to upskill myself.

In addition, I would like to apply the valuable skills gained from the CSA’s Cybersecurity Development Programme during my posting as a cybersecurity consultant in the Maritime and Port Authority of Singapore.

This would include technical expertise such as incident response and soft skills – e.g. stakeholder management – that will help in my contributions to enhance cyber resilience in the maritime industry.

The phrase “Health is wealth” never gets old, and maintaining my exercise regime remains one of my top priorities. 

7. Who inspires you today? 

My parents’ unwavering tenacity and wit never fails to inspire me. I am grateful to my parents for their unconditional love and support in imparting valuable life lessons and advice that were not taught in school. I greatly appreciate their teachings which I always kept close to my heart. 

Wong was previously the Systems Engineer, National Cyber Incident Response Centre, Cyber Security Agency of Singapore (CSA), and is currently seconded to Maritime and Port Authority of Singapore (MPA) as a Consultant.