Careers in Infocomm

From a technical background in infocomm security, Mr Aloysius Cheang’s career took on a more business and people-oriented turn when he moved on to do consulting work and later headed up the security operations of a global telco before assuming his current role as Managing Director of the Cloud Security Alliance Asia Pacific.

What sparked off your interest in infocomm?
It started when I was young – one of my hobbies was hacking games. As a student, you’re always short of money and you want to reap maximum benefits from every game that you buy. If you put a cheat code into it, your character in the game will never die, so you get more mileage from it. You also get some satisfaction – you feel like you’ve overcome a difficulty posed by the game!

Describe some of the highlights of your infocomm career to date.
When I was in National Service, I was picked to become a security specialist. After graduation, I started as a security researcher at the DSO National Laboratories before joining the private sector. I joined consulting firms and became a practice leader in security and digital forensics. I was also with a global telco as its Chief Security Officer.
Besides my day job, I am also very involved with the community. I started the first security association in Singapore in 2001 – the Special Interest Group in Security and Information Integrity (SIG^2) – which later morphed into the Association of Information Security Professionals. I also contributed to the ISO (International Standards Organisation), for example as co-editor for ISO/IEC 27032 Guidelines for Cybersecurity.

Describe w hat you do in your current role.
I am currently with the Cloud Security Alliance (CSA), where I play multiple roles. I joined the Board of CSA in 2010, and took on a full-time role last year, looking after CSA’s interests in the Asia Pacific (APAC) as its Managing Director (MD) for the region. I also serve as the Standards Secretariat, which manages the International Standardisation Council – the only official channel for engaging standard developing organisations such as ITU-T (International Telecommunications Union) and ISO.

One of CSA’s key mission statements is to build a trusted global cloud ecosystem. The key strategic trust for CSA this year is to look at standardisation of cloud security standards in order to reduce the barrier of entry and increase the pace of adoption of cloud computing. We hope to do it by aligning all standards to do with cloud security globally and to bring all stakeholders – cloud service providers and consumers alike – together in a trusted cloud ecosystem.

As MD for APAC, my role is to make CSA a truly global organisation. When it started in 2008, CSA tended to be United States-centric. Late last year, it started expansion into Europe, Middle East and Africa (EMEA) and APAC. APAC represents an important part of the future of cloud computing. Among the CSA’s first chapters worldwide were those in Japan and China. China is the second largest source of corporate members for CSA behind the US, larger than all of Europe combined.  APAC as a region is making several long term investments into cloud computing. As such, we believe that it is about time that CSA has an APAC strategy, with the region playing an important role in shaping our global strategy.

What are some of the important skillsets that have helped you in your career?
I think these would be more of the soft skills rather than the hard, technical skills, because I need to deal with talent management as well as business and strategy issues.
I started in a technical role but a degree like computer science did not equip me with the skillsets to understand things from a business perspective. This motivated me to take up a doctorate in Business Administration, which I am currently pursuing.

Besides technical and business skills, people management skills are also essential. You need to empathise with what your employees want in their life and in their career. You also need to listen. By listening more to your staff, you will make fewer mistakes in key decisions, especially when it comes to actual service delivery issues.

In my current role, I am also engaging stakeholders such as senior executives from our 200-odd corporate members and senior government officials, and I have to ensure that they are happy. I also manage working groups with members that are located worldwide and chapters from 12 or 13 countries in APAC. I need to understand the dynamics and work behind the scenes to get things done. A lot of factors are not within my control, especially the fact that the bulk of the people that we are working with in the chapters and working groups are volunteers, so I will need relationship-building skills to help me along the way. Standards development, in particular, is a tedious, long-drawn process, so commitment, dedication and passion are other critical soft skills to have.

What are the important skillsets needed for an infocomm professional to work in the cloud security space?
It is important to have skillsets that marry cloud computing and security. From the security perspective, knowledge of GRC (IT governance, information risk management and compliance) as well as operational issues such as identity management and incident response are critical.  On the other hand, for cloud computing, knowledge of networking, virtualisation, web services and cloud operating systems is crucial.

How can these skillsets be developed?
Experience is important, whether you are seeking to work as a cloud security professional, involved in setting standards or doing business development in this area.
As cloud security is a unique mix, the person aspiring to enter the cloud security field has to accumulate experience from either the security space or cloud computing space. Normally this will involve building up work experience in managed security, security consulting, network infrastructure, data centre or the network operating centre.

To contribute to standards, in this case cloud security standards, you will also need to build up experience in the relevant area of work. You will also need to have up-to-date knowledge of emerging technologies and developments.

Attitude and passion for security are key. You need to have the urge to succeed, and to be proactive in seizing opportunities. Sometimes, you also need to take a step back and go for relevant training.

What is it about cloud computing that excites you?
Cloud computing is still in its infancy. We could be moving into another “dotcom era” with new start-ups emerging to support the cloud. This is where I think cloud computing will lead to a renaissance in the IT industry. In CSA, we believe that Cloud 2.0 is coming and that is why we launched our “Innovation Initiative” to bring together the best brains in start-ups and venture capitalists to chart the direction for the future of cloud computing. And the storyline will be even more compelling when we add in mobility; mobility and the cloud will be a winner!

Singapore can be a global hub for cloud services. Organisations can sign their cloud services contracts here and manage them out of Singapore. CSA itself has over 200 corporate members. At least half of them have not been to APAC yet. Singapore can be their gateway to APAC – there is political stability, the business environment is friendly, and we have the workforce to provide project managers, cloud architects and those with specialised skillsets. The lower-level jobs of IT support and engineering jobs can be outsourced, but the critical role of managing all these people can be done here. We can design, manage and control the systems from here.