Industry Insights: Kickstarting a Career in Cybersecurity
Curious on what makes Red Alpha tick? We had our COO at Red Alpha, Emil Tan, share his motivations behind managing Red Alpha. Tune in to catch an insider of Emil and his perspectives on the cybersecurity industry!
How did your career begin and how did you get into cybersecurity?
I have to go all the way back to my teenage years. I've never been an academically inclined student, so when I was growing up, the only thing I ever liked back then was maths. And so after my O Levels, which is kind of like the GCSE in the UK, rather than moving on to college, I decided to pursue a diploma in Engineering or IT in a local polytechnic. It was also a happy coincidence back then that Singapore was beginning to offer cybersecurity as a formal degree. Among all the Engineering and IT disciplines, cybersecurity really caught my eye – it sounded cool, I watched quite a number of hacking movies growing up, and I thought to myself that that’s a career that I would like to pursue. So I just went for it. And ever since then, I’ve been enjoying every single moment in the cybersecurity industry. There are just so many exciting and interesting roles in the field – I started my career doing cybersecurity R&D to running cybersecurity operations, digital forensics, incident response to governance, risk, policy, and regulations, and even standard developments as well. I’ve pretty much covered the whole breadth of what the industry has to offer.
What does your role as COO of Red Alpha involve?
Red Alpha is a cybersecurity talent development company. You can see us as a hybrid of a training company and a recruitment company, though we do much more than that. We don’t actually sell training courses, that is, we don’t advertise our training as “the best” and make empty promises that our trainees would get a job after they pay us to train them. In fact, our training is free – any aspiring cybersecurity professional who gets past the selection process even gets paid during the training period. We then place our trainees into cybersecurity jobs after they have completed their training. Hiring companies then pay us for the training that we have invested in these talents whom we have identified and developed. We see this as the only way to solve the global cybersecurity talent crunch – aspiring cybersecurity professionals no longer have to be troubled by their own training investment, wondering what the right path to get into the cybersecurity industry is. On top of that, we are constantly developing new talented cybersecurity professionals and introducing them into the industry, not just placing existing professionals in the industry. Red Alpha is a relatively young company, but helmed by people with many years of experience. The co-founders, management and trainers are all renowned cybersecurity professionals with many years of cyber defence and operations experience ourselves.
As the COO of Red Alpha, I co-lead and co-manage the company with the co-founders and directors, doing things from recruitment to talent selections, training and programme development, and partnership, amongst many others.
What motivated you to found Division Zero (Div0) and what does the community do?
Division Zero is a cybersecurity community group in Singapore. The idea is to provide a platform where cybersecurity professionals and enthusiasts can meet like-minded people, explore and learn with peers and also contribute to the community. We do so by organising events such as monthly meetups, workshops, hackathons, CTFs, as well as the posting and organisation of conferences. We encourage collaborations and contributions through our various special interest groups, which do all kinds of things such as tinkering and developing POCs, among many other things. I founded Div0 more than a decade ago. Back then, we didn’t have a genuine non-commercial knowledge-sharing platform and I really envied the vibrancy of the cyber communities in the U.S. and across Europe. Through encouragement from my peers, my co-founders and I decided to build a similar community here in Singapore as well.
How do you see cybersecurity evolving over the next few years?
As we all know, cybersecurity is going to be increasingly important with time, especially with the rapid digitalisations of our lives – the way we live, work and play. I don’t usually like to be grim, but cyber attacks and crimes enabled by digital means are breaking record after record every other month. As cybersecurity professionals, we have to continuously keep up with this relentless battle against new and persistent threats. At this juncture, I believe it is crucial to help people understand the essence of cybersecurity – not from the angle of simply changing passwords, enabling multi-factor authentications or updating their applications – but really comprehending what cybersecurity is and how it impacts them. We need to influence a genuine demand for cybersecurity from digital providers and move past security theatrics. Only then, can we move towards an upward trajectory to combat evolving cyber threats.
How did you first get involved with CREST and what does your role as Regional Advocate, Asia involve?
Before my appointment, I wasn’t really involved in CREST at all. Singapore’s focus for CREST was primarily on pentesting, and since I’m not a pentester, I wasn’t deeply involved in their activities. Having said that, I knew the CREST leadership in Singapore very well due to their involvement in the overall cybersecurity ecosystem – there were always many exchanges with my Div0 community through activities such as CRESTCon. I’m also an alumnus of Royal Holloway, University of London, which was where I first encountered CREST. I went to the UK very often pre-COVID, and I had most of my interactions with CREST there, where I realised that there was a lot more to CREST than just pentesting.
I was told of the Regional Advocate role by James Chappell, CTO of Digital Shadows and a major contributor to CREST UK. I was deeply interested in the role as a Regional Advocate, as it aligned with what I did in the cybersecurity ecosystem – to develop a vibrant and supportive cybersecurity community, and enhance the region’s cybersecurity policy and capacity through CREST’s expertise
Can you speak about CREST’s plans in Asia?
CREST is currently going through a re-org globally – regional councils are being elected and set up to ensure that CREST is relevant in each region. In the first few months of the year, there is going to be a lot of strategising on what members and stakeholders such as governments, consumers and corporate customers in the region expect of CREST in Southeast Asia. there will be instruments introduced to demonstrate to end users the quality of CREST accredited organisations, as well as certified individuals.
Later this year, there will be more features of CREST members, allowing people to learn from their expertise. I’m really looking forward to CRESTCons, and I hope that we can travel and visit each other safely soon.
What advice would you give someone who is thinking of working in cybersecurity?
I have a lot of advice, depending on the situation or context, but my general advice is to just go for it. Start somewhere, learn what you don’t know, and go on from there. It’s impossible to be an expert in everything, so it’s important to plug yourself into the cybersecurity community and learn from each other. Also, it’s never too early to contribute. Like I said earlier, not everyone can be an expert in everything – you might know something more than someone who has many more years of experience than you. So don’t be afraid to put yourself out there, and just learn from others and share your own insights.
Which resources would you recommend for learning more about cybersecurity?
My usual go-to is always books! Nowadays, there are just so many resources available, such as on Youtube and other digital platforms. But, nothing beats attending conferences, meeting people and just having conversations with them. That’s where I really get most of my exposure to all the ins and outs of cybersecurity.
Thank you to the team behind CREST for hosting the interview!
Catch the full podcast – available on YouTube.