Steven Sim is the Vice President of the ISACA Singapore Chapter. ISACA is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. With over 2,300 members in Singapore, part of its mission is to provide high-quality learning opportunities and organizes an annual GTACS conference.
He has worked for over 20 years in the cybersecurity field with large end-user enterprises and have driven security governance and management initiatives at local, regional and global levels. He holds a computing masters and is certified in multiple governance and cybersecurity domains. He developed a strategy for inexpensive automated containment of infected/vulnerable systems (NIQCC gold win) and directed the largest honeynet project setup outside US. He is a SkillsFuture Fellow and was a Professional (Leaders) Finalist in the inaugural Cybersecurity Awards 2018 held in Singapore.
1) What do you feel are the biggest challenges IT leaders are currently faced with within their business?
Some IT leaders felt that IT security investments never appear enough and is eating into their bottom line. The challenge is often answering the question of how much security would be considered enough and how to future-proof their business in a more proactive rather than reactive approach.
2) As an IT leader, what do you feel businesses continue to get wrong when it comes to their IT strategy?
Some businesses continue to get misaligned with enterprise risk appetite. It is also a common issue with the adoption of technology without first having a clearly-defined problem statement as well as the lack of adequately trained people with the right mindset and sufficiently stream-lined processes supporting it.
3) What are the latest trends and behaviors you predict will be surfacing on the market over the coming 12 months?
The rise in threat sophistication and business impact bolstered by the embrace of industrialisation 4.0 would demand every organisation to look into adopting a robust cyber resiliency maturity program that is well aligned to enterprise risk and architected with layered defences cutting across protection, detection, response and recovery and supported by trained right-mindset people, quality processes and cost-effective technologies.
4) What is the best piece of advice you have received within your job over the years?
My dentist has this principle that “As human beings tend to be over-confident, therefore it is important to over-compensate” and I quote Andy Grove who said that “only the paranoid survive”. These are especially true in cyber security. Having said that, it has always been about the business, therefore it is really about the continual pursuit of that sweet spot where security can truly and fully be an enabler of the business.
5) What is one key takeaway you hope our IT audience leaves with after hearing your presentation on site?
I hope that the audience can walk away with a pragmatic approach to manage current and future emerging threats while continuing to grow their businesses.