Can you please tell us a little bit about yourself and your position as ‘Chief Information Security Officer' at RakkaR Digital?
Absolutely! My name is Thomas Kung. I was born in Hong Kong and recently moved to Singapore to explore this vibrant market. With my hybrid academic background in technology and law, I have a massive interest in understanding and tackling real world security and compliance problems in the digital assets industry.
I am currently the Chief Information Security Officer (CISO) at RakkaR Digital. In my role, I am responsible for overseeing the security of all our digital assets and ensuring that our company and our clients’ data are protected from any potential threats. Being a CISO is an extremely challenging job, and being a CISO in a crypto custodian business is on another level. The trust and transparency required to gain clients’ confidence in our products and services are the sources of challenges and, eventually, enjoyment.
What led to your interest in information security?
I have always been fascinated by the world of technology, and I have been involved in various aspects of IT throughout my career, including infrastructure, networking, consulting, etc. However, it was during my time working in IT that I became increasingly aware of the importance of information security. With the hacks and incidents reported by clients almost daily, I realized that there is so much sensitive information being stored online and they were all unprotected! It was crucial to have the right measures in place to protect it. Therefore, I wanted to use my skills and knowledge to help protect against these risks, which led me to pursue a career in information security.
What do you consider to be the biggest threat to digital asset security, and how does Rakkar address this threat?
There are a lot of potential threats to digital asset security, but I think the biggest one right now is the increasing sophistication of cyber-attacks. Hackers and other bad actors are becoming increasingly skilled at finding vulnerabilities in our systems, and it is becoming more difficult to keep up with them. At RakkaR, we address this threat through a variety of measures, including regular in-house and external security assessments and penetration testing, strong password policies including multifactor and passwordless authentications, and employee training on how to identify and report potential security threats.
Because of this ever-emerging cyber threat, it is of utmost importance that companies are well prepared for cyberattacks. We have put a lot of effort into business continuity planning. Insurance coverage, detailed incident response procedure, segregation of clients’ fund are keys measures to guarantee that our clients are protected.
What are some of the most important skills and qualities for a successful Chief Information Security Officer?
As a Chief Information Security Officer, it is important to have a deep understanding of technology and security principles, as well as strong analytical and problem-solving skills. You also need to be able to communicate effectively with people at all levels of the organization, from technical staff to senior executives. Other important qualities include a willingness to continuously learn and adapt to new threats and the ability to work collaboratively with other departments to implement effective security strategies.
There are different archetypes of CISO. You could be a strong storyteller who raises security awareness in the board, a GRC guru who loves to implement controls and conduct risk assessments or a hands-on engineer to build solutions to solve complex security problems, but ultimately a CISO needs all the above skills. The success lays on how much weaknesses you have overcome, just like how many security gaps you have filled up for your company!
What advice would you give to someone interested in pursuing a career in information security?
My advice would be to get as much hands-on experience as possible. While you can learn a lot from books and courses, but nothing beats working on real-world security problems. Look for opportunities to work on security projects or internships, and don't be afraid to take on new challenges. We have seen many successful stories of people transitioning into information security from various fields such as, financial auditor to security compliance officer, software engineer to penetration tester, system admin to cloud security guru. It's also important to stay up to date with the latest trends and threats in the industry, so make sure you're always reading and learning. Finally, don't forget the importance of communication skills. As a security professional, you'll need to be able to explain complex concepts to non-technical people, so it’s crucial to work on developing your communication skills as well as your technical skills. It can be exciting to use jargons in conversations, but it may not be understandable to a layman!
Connect with Thomas Kung.