Women in Cyber: Securing Singapore's healthtech agency

By Shirley Tay

Ishita Mittal, Senior Systems Engineer, Cyber Defence Group, IHiS, discusses her efforts to build a threat hunting platform from scratch.

In healthcare, cyber security is a matter of life and death. Patients, especially those in emergency care, depend on support from medical devices and IT systems. Healthcare also remains a lucrative target for malicious actors, as it involves sensitive patient data.

Ishita Mittal, Senior Systems Engineer, Cyber Defence Group, IHiS, is tasked with the crucial job of securing Singapore's public healthcare systems. She shares her efforts to build a threat hunting platform from scratch, and her cybersecurity journey thus far.

What sparked your interest in cybersecurity?

I had interviewed at IHiS for the position of a Systems Analyst in 2015 right after my Bachelors in Computer Engineering. During the interview, the Talent Acquisition team felt I was suited for a more technical role and they arranged a second interview with the Head of Technology Management at the time. The Head asked me two questions: “Have you ever been exposed to any domain of cybersecurity?” and “Would you like to learn?”. I answered that my exposure was limited to a module about Cryptography I had done at school, but I was all for exploring and learning more about Cyber Security. I eventually was hired into H-Cloud Security Services – my first step into Cybersecurity.

I must confess that I did not know much when I started, but thankfully, I had good colleagues who spent time teaching me and making sure that I did things right; reviewed planned changes to security infra, implemented change requests and troubleshot issues. The more I learnt, the more questions I had, the more I explored; my learning curve was steep and within a few weeks I was sure that I could handle things independently. Less than 2 years later, I moved into another team and handled a different portion of the security operations; that meant new products, new colleagues and more to learn. This role involved more liaison work with the end users like doctors, nurses and vendors, which helped hone my communication skills. During this journey, the one thing I really focused on was building rapport with my colleagues within the organisation and earning their trust. This helped me in broadly 2 ways: I built relationships that I could count on and because of my interaction with different teams, I could better appreciate a given situation, which helped me in my work.

I am currently in the Cyber Defence Group in IHiS, which was created in 2019. While Security Operations was a good start to my career, I was lured to the Incident Response team for the opportunities it offered. It was a new set-up within the Cyber Defence Group and since the team was completely new, it provided ample room for me to explore, experiment and to start things from scratch.

So what sparked my interest? I think it was the first step into Technology Management and the team I got to work with.

What has been the most interesting project of your career?

I love challenges and learning new stuff. I feel that the project that I’m currently working on, which I have been wanting to do for a while, is the most interesting so far – I am building a platform for threat- hunting from scratch. It is still a work-in-progress and I am not sure how the end product will look like, but small victories I get nowadays make me happy. It gets even better when my manager is satisfied with my progress and encourages me with ideas and advice.

What has been the biggest challenge of the past year? How did you tackle this?

Ishita: When I started working at IHiS, I fixed a target date for myself to decide my specialization within cybersecurity. I reached that milestone in July this year and making that decision was the biggest challenge for me in the past year. In my years here, I had tried SecOps, a part of Incident Response and a bit of Project Management. I had also completed my Masters in Technology Management and attended a few other courses. I knew I wanted to be a Subject Matter Expert at something; I wanted people to trust my opinions on one particular subject, but I just was not sure which.

I did a lot of research, and one day, it came to me, almost like an epiphany –I wanted to do Threat Hunting. I have a knack for finding issues, like gaps in the current infrastructure or monitoring, and I wanted to channel that strength. Working in this field now, I feel I have a lot to learn, but this is something that excites me and I know that this is a skill which I would be developing for a long time to come.

What do you look forward to most in your work?

The two things I look forward to most in my work are meeting my colleagues and solving problems.

The importance of a social network is often undermined at workplaces. The focus is usually on results, KPIs, shareholder interests and getting the job done. While those are significant in determining the future of an organisation, it’s important to note the drivers of productivity. Human beings are social beings after all; they need interactions to fuel growth. Because of the ongoing pandemic, most of IHiS has been working from home. I look forward to the time when things will go back to like they were before COVID-19; meeting people in the office, saying “Hi” and waving to acquaintances and building connections.

The other thing I look forward to is getting one step closer to my next goal. Resolving an error or making something work gives me a good closure to each working day. It motivates me to continue the next day on a positive note.

Working in a team and solving problems together gives me great satisfaction. The cybersecurity landscape changes frequently, so it helps to put our heads together. With different perspectives, we can map out issues on a whiteboard and through discussions, we could come up with well-considered solutions as compared to working in silos.

What/who inspires you most?

A bunch of people! My mother, who handles the curveballs in all aspects of life with utmost calmness and dexterity. Her calmness is a virtue I truly admire and wish to emulate.

My best friend, who doesn’t shy away from foraying into unknown, unexplored territories. When I speak with her, I siphon the determination to keep going.

My colleagues, Benjamin, Neriza and Teck Wen. Ben, because of his appetite for knowledge. He always has ideas; trustable, workable ideas. When we take time off from work, we rest. He takes courses,learns new things and implements them at work. Neriza, because she is so calm and positive. I have never seen her get exasperated even with the most difficult people. She is good with her work and patient with people; her social skills are a talent. I admire the humility Teck Wen possesses. He is extremely talented and hard-working, but he remains down-to-earth and approachable to those around him.

My sources of inspiration keep me going during tough times. When I am not sure what to do or when I see loose ends all around me, all I have to do is have a conversation with one of them and it gets me back on track.

What are the three areas of cybersecurity you’re most interested in?

Threat Hunting, because I have found my passion and have decided to specialise in this field of cybersecurity in the years to come.

What advice would you give to women looking to start a career in cybersecurity?

Give it a try! You can always explore other fields if it doesn’t suit your interests eventually; knowledge in cybersecurity will always benefit you. There are so many domains in this field, each with its own charm and challenges; explore them.

Cybersecurity, like much of the tech space, is still male-dominated. Nevertheless, we do see more and more ladies joining the fray as technology has evolved to be omnipresent. I’d be happy to see even more women joining this industry and together, we will make a difference for a better tomorrow.