Talking from his office in Kuala Lumpur, Malaysia’s cybersecurity chief Amirudin bin Abdul Wahab is upbeat about the state of his country’s cybersecurity preparedness. He has a lot to be proud of – a report from the International Telecommunication Union, which was adopted by the Economist Intelligence Unit, ranked Malaysia fourth worldwide in terms of cybersecurity preparedness in 2017.
“It is important to view cybersecurity from a holistic perspective,” Amirudin, who has been chief executive officer of CyberSecurity Malaysia since January 2013, says. “You need to look at it from the angle of technology, of course, but also from the angle of policy and people.”
Malaysia is generally regarded as an early bird in the field of cybersecurity. In 2005, when not too many people or nations were talking about information security, much less crafting a strategy for it, Malaysia’s Ministry of Science, Technology and Innovation conducted a study for a national cybersecurity policy.
As CEO, Amirudin’s mandate is to lead the agency to achieve its vision of becoming a globally recognized cybersecurity reference by year 2020. “This includes looking internally, and also engagement outside,” he says. He spent his first three years to make it a center of excellence, and now they are looking into building the ecosystem, and bringing the advances of the center of excellence to the market through trading, consultancy, certifications and other technical services.
A very real deficit
CyberSecurity Malaysia acknowledges there is always a deficit of talent, in the same way that the global market has a deficit of professionals in the field to the tune of 1.5 million to 2 million by the year 2020.
The agency is doing its bit. It remains in touch with previous staff members who have moved on to other sectors or set up their own companies. “They indirectly contribute by building bridges and networking for us in their respective places,” Amirudin says.
CyberSecurity Malaysia also engages with the young, building their awareness on safe behavior online, but also fanning interest in the field for those who wish to pursue cybersecurity as a career. Amirudin oversees linkages with the education ministry and with universities for learning programs and competitions so that the private sector can recruit talent among future cybersecurity professionals.
Real data and real tools are used in these collaborative steps, providing the students with both theoretical knowledge and practical applications.
Trends in the field
Data of whatever form will always be the crown jewel of organizations. Because of this, Amirudin sees a future with greater, more sophisticated leakages and breaches. There will be ransomware like Wannacry, and there will be fraud and hoax messages. “This is not only for Malaysia, but the region.”
The convergence of the cyber and physical world will also present new threats and challenges. Connected devices are bringing another cyber-revolution.
Whether one is in the public or the private sector, the protection of the security of data will remain paramount in this connected world. “We need to be ready, and that is why security must be embedded in the initial stage of every ICT system design.
Amirudin has two masters degrees – an MBA, and in IT. He did his PhD in Australia. This captures his belief that a good CISO should have both technical and management knowledge to do the job well. The combination is important because “if you only look at the technical aspect you might lose the people side.”
With an initial interest in IT reinforced by various assignments in the government, Amirudin was able to identify the field he wanted to specialize in. In fact he used to oversee CyberSecurity Malaysia as head of the national IT council secretariat, such that even before he came in to lead the agency, he was able to situate it among Malaysia’s tech structure and policies.
Passion and ethics are two things that drive Amirudin. “I am passionate about the role I am doing. I am committed to deliver what I am supposed to deliver.” Ethics and integrity is important because in this job, “the knowledge can be used for the good, but also for the bad.”
Always something to learn
Amirudin revels in the simple things he could do with his family when his busy schedule allows it. For example, he likes driving when he and his wife visit her hometown. “It’s a three-hour journey and in that time we are able to talk, share our experiences, build a bond.”
He has a 13-year-old son and as a father he tries to deal with the fact that as kids grow, they will have their own preferences and opinions. As for the rest of his professional life, “there is a possibility that I might have to extend to other fields in technology. Tech is huge, and sometimes you can’t stay in one specific area all your life, and you have to grow,” Amirudin says.
For him, every interaction is a precious one. This philosophy has guided and served him well throughout his career, and has kept him open to possibilities of new learning and novel experiences.
“Nobody knows everything. You can always learn something from whomever you interact with. You always have something they don’t have and they always have something you don’t have.”