gradmalaysia's Industry Insights delivers quick expert perspectives on current industry trends, hiring insights and useful tips for fresh graduates gearing up to kickstart their careers with confidence and success.

About the Interviewee

Dato’ Ts. Dr. Haji Amirudin Bin Abdul Wahab is the Chief Executive Officer of CyberSecurity Malaysia, a cybersecurity specialist and technical agency that monitors the e-sovereignty of the country.

He has more than 30 years of ICT working experience in the telecom and IT sectors, in both the public and private sectors. He holds a PhD from the University of Queensland, Australia, a Master’s in Business Administration (MBA) from the University of Dubuque, Iowa, USA, a Master’s in Information Technology from the National University of Malaysia (UKM), and a Bachelor of Science in Electrical Engineering from the University of Michigan, Ann Arbor, USA.

Under his leadership at CyberSecurity Malaysia, Dato’ Dr. Amirudin has contributed to various achievements for Malaysia and has been appointed as Chairperson for various local and international platforms.
Dato’ Ts. Dr. Amirudin is an adjunct professor at various institutions of higher learning in Malaysia. He has received numerous awards and recognitions, the most recent being an Honorary Doctorate in Information Technology (Cybersecurity) from Universiti Teknikal Malaysia Melaka (UTeM).

Q: Can you tell us about your journey to becoming the CEO of CyberSecurity Malaysia and what motivated you to pursue a career in this field? 

My journey began as an engineer at an MNC manufacturing company in Malaysia. Later, I transitioned to the telco sector, becoming one of the pioneer staff at Maxis, before pursuing my PhD. 

However, it was the launch of the MSC (Multimedia Super Corridor) initiative in 1995/1996 that ignited my passion for the ICT field. This catalytic moment propelled me towards roles at MDeC (Malaysia Digital Economy Corporation), MIMOS (Malaysia's national applied research and development centre under the purview of the Malaysian Ministry of International Trade and Industry, MITI), and the Ministry of Science, Technology, and Innovation (MOSTI), where I served as Under Secretary in the ICT Policy Division. And now, here I am at CyberSecurity Malaysia, deeply invested in safeguarding our digital society.

My decision to pursue a career in cybersecurity is deeply personal and motivated. I'm driven by a profound understanding of the pivotal role this field plays in protecting our digital assets and infrastructure. As our reliance on technology intensifies, so do the risks and vulnerabilities threatening our information and systems.

With my diverse experience across sectors, I'm uniquely positioned to contribute meaningfully to the cybersecurity domain. I see it as both a professional calling and a personal passion. To stay ahead of evolving cyber threats, I advocate for proactive and comprehensive measures. This involves not only implementing cutting-edge technologies but also fostering a culture of cybersecurity awareness.

I believe in empowering individuals at all levels to recognize and mitigate cyber threats. By promoting collective responsibility towards cybersecurity, I aim to strengthen overall defense mechanisms and create safer digital environments.

Q: How do you stay informed about the latest trends and developments in cybersecurity?

As digital technology evolves at an unprecedented pace, it is crucial for us to stay informed about the latest trends, threats, and developments in cybersecurity in order to safeguard our digital To get the latest information, we must actively engage with a variety of resources. 

Regularly visit trusted cybersecurity news websites and blogs. In addition, I actively participate in local, regional, and international cybersecurity workshops, forums, webinars, and conferences to network and engage in insightful discussions with other participants. 

I also utilise threat intelligence platforms and read comprehensive research reports to stay ahead of emerging threats. Furthermore, I am committed to continuously expanding my knowledge through certifications and online courses, while also monitoring alerts from government and industry organizations. By integrating these practices, we can ensure we remain vigilant and well-prepared to tackle the ever-evolving cybersecurity landscape.

Q: What are the major cybersecurity threats facing Malaysia today, and how is CyberSecurity Malaysia addressing these challenges?

In recent years, the landscape of cyber-attacks has evolved, with attackers continually refining their techniques and strategies to infiltrate security systems, pilfer sensitive data, or disrupt vital services.

Digital threats have expanded to encompass numerous attack vectors, such as malware, ransomware, DDoS attacks, etc. These vectors have evolved in versatility, as attackers adeptly merge multiple methods to accomplish their objectives. For instance, a ransomware assault might commence with a phishing email and escalate to the deployment of encrypting malware. Furthermore, digital threats are no longer limited to traditional targets like large corporations and government agencies. Smaller businesses, healthcare organizations, educational institutions, and even individuals have emerged as prime targets. This broadening scope of targets stems from the pursuit of creating disruption or pilfering valuable personal information.

The utilization of artificial intelligence (AI) and machine learning (ML) by attackers is on the rise, amplifying their capabilities. These technologies streamline attacks, craft more persuasive phishing emails, and can pinpoint vulnerabilities within targeted systems. With the ongoing advancement of AI and ML, their significance in digital threats is poised to expand further. Such threats include APTs, Critical Infrastructure Protection and Cyber Espionage.

There are also challenges to develop cybersecurity talents as well as raise awareness among Malaysians to reduce the incidence and impact of digital threats, cybercrime and online scams.

CyberSecurity Malaysia is tackling cybersecurity challenges through a multifaceted approach that includes incident response, public awareness, international collaboration, capacity building, policy development, and fostering innovation. One of the services provided for Malaysian citizens and organisations by CyberSecurity Malaysia is the Cyber999 incident response service.

Q: What skills and knowledge do you consider most critical for the next generation of cybersecurity professionals?

As AI continues to reshape the cybersecurity landscape, professionals must equip themselves with a blend of technical expertise, interdisciplinary knowledge, and soft skills. By doing so, they will be better prepared to anticipate and counteract emerging threats, ensuring the security and integrity of AI-driven systems and safeguarding society against potential risks.

The next generation of cybersecurity professionals must cultivate a robust and dynamic skill set. Here are the most critical areas of knowledge and skills they should focus on:

• AI and Machine Learning Awareness: A basic understanding of AI and ML concepts and tools to grasp their applications and implications in cybersecurity.
• Ethical Hacking and Penetration Testing: Advanced skills in ethical hacking and penetration testing, especially targeting AI-driven systems.
• Cyber Threat Intelligence and Analysis: Proficiency in using AI for threat intelligence gathering and behavioural analysis to detect anomalies.
• Data Security and Privacy: Expertise in data encryption, protection, and privacy-preserving techniques like differential privacy.
• Cybersecurity Frameworks and Compliance: Knowledge of cybersecurity standards, regulations, and risk management practices.
• Interdisciplinary Knowledge: Understanding of interdisciplinary fields like computer science, psychology, and ethics to address AI's broader impact.
• Soft Skills and Adaptability: Strong critical thinking, communication, and collaboration skills to effectively tackle emerging threats.
• Continuous Learning and Innovation: Commitment to continuous learning and embracing innovation to stay ahead in the cybersecurity landscape. CyberSecurity Malaysia, through its platform cyberguru.my, provides an array of competency-based and professional training programmes in cybersecurity.

Q: How important is interdisciplinary knowledge in cybersecurity?

Interdisciplinary knowledge is critically important in cybersecurity for several reasons:

• Holistic Understanding of Threats: Interdisciplinary knowledge allows professionals to understand and address complex cybersecurity threats that span across technology, human behaviour, and organisational processes.
• Innovative Solutions: Drawing insights from various fields such as computer science, psychology, and law fosters creativity, leading to more effective and resilient cybersecurity solutions.
• Enhanced Communication: Having a broad knowledge base improves the ability to communicate complex cybersecurity issues to non-technical stakeholders, facilitating better decision-making and policy formulation.
• Ethical and Legal Compliance: Understanding ethical principles and legal regulations ensures that cybersecurity practices are compliant with laws and respect user privacy and rights.
• Human Factor Consideration: Insights from psychology and sociology help in designing systems and protocols that consider human behaviour, thus reducing the risk of human-related vulnerabilities.
• Adaptability to Emerging Threats: Interdisciplinary knowledge equips professionals to anticipate and effectively respond to new and evolving threats in the cybersecurity landscape.

Q: What advice would you give to young professionals aspiring to enter cybersecurity?

Here’s the advice I would give to young professionals aspiring to enter the cybersecurity industry:

• Continuous Learning and Adaptability: Always stay curious and commit to ongoing education to keep up with the rapidly evolving cybersecurity landscape.
• Master the Fundamentals: Ensure you have a strong understanding of networking, operating systems, and encryption to build a solid foundation.
• Adopt a Hacker Mindset: Learn to think like an attacker, understanding common attack vectors and techniques to improve your defensive strategies.
• Stay Informed on Threats: Keep updated on the latest threats, vulnerabilities, and cyber incidents by subscribing to threat intelligence feeds and participating in industry events.
• Interdisciplinary Knowledge: Expand your knowledge beyond cybersecurity into areas like computer science, psychology, law, and business to develop well-rounded security strategies.
• Develop Soft Skills: Work on your communication, problem-solving, and teamwork skills to effectively collaborate and explain complex issues to non-technical stakeholders.
• Uphold Ethics and Integrity: Maintain high ethical standards and integrity, especially when handling sensitive information and systems.
• Gain hands-on experience: Participate in practical labs, internships, and real-world projects to apply your theoretical knowledge and develop practical skills.
• Pursue Certifications and Education: Earn relevant certifications like CISSP, CEH, and CISM, and pursue advanced education to validate and enhance your expertise.
• Network and Engage with the Community: Build a professional network by joining cybersecurity organisations, attending industry events, and engaging with peers to share knowledge and opportunities.
• Seek and Provide Mentorship: Look for mentors who can guide you through your career and be open to mentoring others as you gain experience.
• Embrace Challenges and Learn from Failures: Approach challenges and failures as learning opportunities, and develop resilience and a positive attitude to overcome obstacles.

Entering the cybersecurity field is a rewarding yet demanding journey. By committing to continuous learning, cultivating a diverse skill set, and maintaining high ethical standards, you can build a successful and impactful career in cybersecurity.

Q: Can you share your vision for CyberSecurity Malaysia and the key strategic initiatives currently being implemented?

CyberSecurity Malaysia is aiming to be a world-class cyber security specialist agency. In March 2021, the government announced the Cybersecurity Empowerment Programme (SiberKASA) to improve cybersecurity threats and attacks. This initiative aims to assure network security readiness by creating, enabling, sustaining, and improving the country’s cybersecurity infrastructure and ecosystem. CyberSecurity Malaysia has established more than 40 products and services across the cybersecurity domains, covering assessment and rectification, information security management, security assurance, monitoring, control and response, capability, and capacity development.

CyberSecurity Malaysia, a technical specialist agency under the Ministry of Digital, has also launched several initiatives, such as CyberGuru and the Global Ace Scheme, to train, retrain, and certify cybersecurity personnel as a world-class competent workforce in cybersecurity and promote the development of cybersecurity professional programmes within the region.

In addition, CyberSecurity Malaysia has also organised several courses under the Malaysian Technical Cooperation Programme (MTCP). The programme focuses on participants from ASEAN and the Organisation of Islamic Cooperation—Computer Emergency Response Team (OIC-CERT) member countries.