By Ryan Arcadio
In today’s digital world where data is said to be the new oil, passwords serve an invaluable function: protecting our information online—from confidential company emails to personal photos and messages. Accordingly, whenever we sign up for a new social media platform, we are often encouraged to use “strong” passwords with unexpected character combinations.
Despite this, ‘123456’ remains the most common password even in 2020—with over 2.5 million people worldwide using the numerical string. Weak passwords like this take less than a second to crack, making it easy for hackers to collect sensitive information.
However, passwords are but the tip of the iceberg when it comes to effective cybersecurity practices. From the moment we log onto our computers, an intricate—yet unseen network—of cybersecurity measures ranging from firewalls to antivirus systems to intrusion detectors help keep our digital data safe from prying eyes.
To promote better password habits and encourage people to take cybersecurity more seriously, Intel Security created World Password Day in 2013. This year, we highlight the inspiring story of chemist-turned-cybersecurity consultant Mr Tan Wenliang—a proud alumnus of the Cyber Security Associates and Technologists (CSAT) Programme under the TechSkills Accelerator initiative. The programme is supported by the Infocomm Media Development Associate (IMDA) and Cyber Security Agency of Singapore.
Now working as a Senior Associate at professional services PwC Singapore, learn about how Mr Tan improves companies’ digital defences on the daily—and pick up some good cyber hygiene habits along the way!
Making the big switch
Mr Tan entered the high-stakes world of cybersecurity after years of experiencing the effects of digitalisation first-hand. However, his passion for the field only became apparent shortly after earning his chemistry degree at the Nanyang Technology University, Singapore.
“While in university, I explored potential career options within the same field such as in research and quality control, but I wasn't certain if these were career paths that I would like to pursue. I was keen to explore the tech sector and chanced upon the CSAT programme,” the 29-year-old recalled.
With two tracks under the programme, CSAT collaborates with training partners to train and upskill fresh ICT professionals or even mid-career professionals for cybersecurity job roles. The Associates track, specifically, caters to fresh ICT and engineering professionals with three years or less of work experience. Through the CSAT programme, Mr Tan was able to successfully apply for PwC Singapore and join the firm’s cybersecurity team as an associate in 2017.
“PwC Singapore has a strong coaching culture where each individual has a coach guiding you in your career trajectory as well as throughout the various client engagements that make up the core of our work,” he shared.
“I’m thankful for the learning opportunities given by PwC through the CSAT programme, and the many mentors along the way that have guided and still continue to guide me in this journey.”
Following three years of dedicated work, Mr Tan has since risen to the rank of senior associate. In his current role, he reviews their client’s IT environment and controls against industry standards and best practices—identifying gaps in their frameworks in the process. After assessing their client’s overall systems, he and his team then give recommendations to resolve these cybersecurity gaps.
Boosting digital defences
In line with today’s celebration, one of the most common cybersecurity mistakes he has observed in his line of work revolves around—you guessed it, weak passwords. From individual Internet users to big conglomerates, the passwords they use are typically too short and easy to guess using known personal information, which predictably makes them bait for hackers.
“According to the Centre of Internet Security, a non-profit organisation that develops industry best practices, the recommended password length for operating systems should be 14 or more characters. A way to do this is to use five different words containing uppercase and lowercase letters along with numbers and symbols that relates an experience unique to you, e.g., learnTOrideabikeat4.”
With COVID-19 accelerating digitalisation, more and more cyber criminals are exploiting the increase in digital activities to steal data and disrupt critical infrastructure. As more activities shift online, individuals and companies alike need to be more vigilant than ever. On top of best practices like multi-factor authentication, where two or more unique pieces of evidence are required prior to login, organisations can also leverage single sign-on (SSO) solutions to reduce password use. After all, the more passwords to be remembered, the more likely password hygiene suffers.
Proving that there is indeed beauty in simplicity, SSO solutions allow the use of a single set of login credentials to access multiple applications. Though at first glance SSO may seem riskier, it reduces the number of entry points that can be breached by hackers. Implementing privileged access management (PAM) systems could also help secure high-value data by allowing users to only receive the necessary level of access required by their job function.
All in all, safeguarding digital data has proven to be a very fulfilling career for Mr Tan. “I’ve had the opportunity to work with organisations within the public sector and it’s very meaningful to see my projects being utilised by people every day. It gives me a sense of satisfaction to know that the work I have done has contributed to the security of our systems and personal data,” he concluded.
Interested in following Mr Tan’s steps and securing our shared digital future? Visit CSAT’s official website to learn how to apply for the programme and kickstart a career in cybersecurity!