Steven Sim drove information security initiatives, developed security standards, risk managed security threats, performed vulnerability research, promoted security awareness for Singapore and also led PSA Group’s IT Security Centre of Expertise to franchise best practices to other PSA terminals around the globe. He holds a Masters in Computing and is a certified CCISO, CGEIT, CRISC, CISM, CISA and CISSP. He also held certifications in industrial control security, malware analysis, incident handling, perimeter protection and audit. During his career, he developed a strategy for inexpensive automated containment of infected/vulnerable systems presented at FIRST conference aiding an NIQC gold win. Steven has also undertaken roles with various security associations including ISACA and SCS. At one point, he directed the setup of the largest honeynet project outside US. He is a Singapore SkillsFuture fellow and was a finalist for the Leaders category in the Inaugural The Cybersecurity Awards 2018 held in Singapore.
1) What do you feel are the biggest challenges IT leaders are currently faced with within their business?
Some IT leaders felt that IT security investments never appear enough and is eating into their bottom line. The challenge is often answering the question of how much security would be considered enough and how to future-proof their business in a more proactive rather than reactive approach.
2) As an IT leader, what do you feel businesses continue to get wrong when it comes to their IT strategy?
Some businesses continue to get misaligned with enterprise risk appetite. It is also a common issue with the adoption of technology without first having a clearly-defined problem statement as well as the lack of adequately trained people with the right mindset and sufficiently stream-lined processes supporting it.
3) What are the latest trends and behaviors you predict will be surfacing on the market over the coming 12 months?
The rise in threat sophistication and business impact bolstered by the embrace of industrialisation 4.0 would demand every organisation to look into adopting a robust cyber resiliency maturity program that is well aligned to enterprise risk and architected with layered defences cutting across protection, detection, response and recovery and supported by trained right-mindset people, quality processes and cost-effective technologies.
4) What is the best piece of advice you have received within your job over the years?
My dentist has this principle that “As human beings tend to be over-confident, therefore it is important to over-compensate” and I quote Andy Grove who said that “only the paranoid survive”. These are especially true in cyber security. Having said that, it has always been about the business, therefore it is really about the continual pursuit of that sweet spot where security can truly and fully be an enabler of the business.
5) What is one key takeaway you hope our IT audience leaves with after hearing your presentation on site?
I hope that the audience can walk away with a pragmatic approach to manage current and future emerging threats while continuing to grow their businesses.