Jane Teh has over 17 years of experience in Cybersecurity arena, Advisory Board Member and C-Suite advisor, seasoned public speaker, educator, author and hackathon judge; she is also known for her unconventional thinking, pioneering and determination. Jane is also awarded Top 100 Cybersecurity women globally in 2024. Jane was at Big 4 for 3 years, expanding Indonesia cybersecurity services to market sectors from banking and telecommunications to heavy industries, manufacturing, automotive to mining. Prior joining the Big 4, Jane ran her own cybersecurity consulting firm for 10 years, served multinationals, NGOs & consulting firms.
Recently, in an exclusive interview with Digital First Magazine, Jane shared her professional trajectory, insights on diversity and inclusion in the cybersecurity landscape, the best piece of advice she has ever received, the secret mantra behind her success, future plans, pearls of wisdom, and much more. The following excerpts are taken from the interview.
Hi Jane. Can you share a little bit about yourself and how you got into cybersecurity?
I have been in cybersecurity arena for over 17 years, an Advisory Board Member, seasoned BoD and C-Suite advisor, previously bank Chief Information Security Officer, Chief of Staff and Senior Director of Security Consulting Services.
A retired army friend was sharing some security aspects of his work experiences, which inspired me to venture into security side of Information Technologies, which propels me to pursue my Masters of Science in Computer Forensics and Systems Security in one of UK London’s university over 2.5 years while I was working full time as a computing lecturer. Thereafter, I was fortunate enough to be given opportunities to perform several security consulting contracts across the world, which droved me to start my own security consulting firm in Malaysia for 10 years, before joining Deloitte in Indonesia for 3 years, to expand their cybersecurity services in Indonesia market.
What do you love the most about your current role?
Given years of experience setting up, building, operationalizing and scaling cyber services into different markets, i.e. introducing first Red team (in-house threat hunters within the bank’s 2nd line of defense under CRO’s purview), the proactive and radical approach in year 2018, was unconventional, where the Risk Governor of Central Bank called me in to review my strategy plan, thereafter, endorsed by central bank and slowly adopted as industry practice, to better protect and raise the security maturity of the banks.
Even though at times, my ‘before-time’ innovation or unconventional solutions came with its fair share of resistance, in the end, the sense of fulfilment and knowing the fact that I was able to alleviate or assist to make the organization, a better protected place and my legacy has been further improved based on changing business environment, makes it worth while.
Although it can be rather exhausting, but the immense satisfaction to see my ideation to fruition, keeps me alive with sense of purpose. Now that I am in a position to share and nurture the next cyber frontiers of champions, gives me immense enjoyment.
Based on your extensive experience, what are the most difficult upcoming cybersecurity issues to watch out for, especially in today’s AI era?
With progressive developments in technologies such as Quantum computing, 5G connectivity, Internet of Things, Artificial Intelligence in the Data economy era; these technologies brought us immense benefits and conveniences, which everyone is aware of.
The sophistication and complexities of technology stacks in enterprises, advancement of analytical processing power, Advanced Persistent Threats (APT); sophisticated Tactics, Techniques & Procedures (TTPs) of cyber attacks calls for us to be more vigilant and ethical with more stringent governance when it comes to leveraging these powerful technologies, for instance, what, why and how we use these technologies and to set certain boundaries where we do not end up, trading our freedom and privacies without bound.
In the Internet space, anyone is able to use AI to generate new variant of malware within seconds, not requiring any knowledge of programming to start with, therefore, we are entering into an AI vs. AI cyber warfare, this caveat is dependent on the advancement of trained LLMs’ data feeds, refinement and programming to outpace the other.
In the cybersecurity world, the conundrum of ‘AI for Cybersecurity’ vs. ‘Cybersecurity for AI’ is in question, both has its challenges and maturity, however, they are very much interlinked, where one domain matures, the other have to pick up the pace, as it has knock-on effects on the other, this will be a never ending catcher and runner loop.
What does working in cybersecurity mean on a practical level, and what kinds of skills/personality traits are an asset in the field?
Working as a cybersecurity professional, one is to be comfortable with dynamic, fast paced and challenging environment, where the primary goal is to protect an organization’s information, assets and systems from cyber attacks.
To be a successful cybersecurity professional, a combination of technical skills, analytical abilities, soft skills and specific personality traits are required. To ascend to the management level, one needs to be able to identify the root cause, map and translate technical jargons to business context and financial impact.
The organization security posture and ability to defend when cyberattacks materialised, relies on one’s ability to articulate, socialize and convince the management for cybersecurity investment, these are crucial skills to achieve desired goals and outcomes. Failure to do so, could undermine the severity of ground security challenges and lack of investment to defend and protect the organization from breaches, which has snowball effects on company’s reputation, customer trust and bottom lines.
What are your thoughts on diversity and inclusion in your field? How important is it to have authentic conversations with leaders, professionals, and changemakers to create more acceptance across the globe?
I am all for meritocracy promotion, therefore, it starts with recruitment ratio, I am proud to say that the working level has achieved 60% male – 40% female, however, to date, am still struggling at the management level, to achieve the ratio that I am determined to see happens, under my leadership.
I believe in a healthy mix working environment, so will continue to strive for more balanced working team members with mixed personalities, genders, capabilities, races and cultures. The rationale is to establish and tap into diverse mindsets, problem solving skills, perspectives, exposures and opinions, so we can be more creative in our solutioning, opportunities to collaborate cohesively and make room for innovations, without prejudices or discriminations.
Additionally, no matter which country, organization or environment am in, I would run my own nurturing programme, where I would put aside time to coach, mentor and provide suggestions and advices. This includes empowerment and creating opportunities for anyone to shine, by giving them the platform or opportunities to perform.
This can be achieved by understanding each team member’s characteristics including their strengths and weaknesses. Under my leadership, I have also developed what I named as ‘Succession Buddies’ – where each personnel is buddied up with 1-2 more potential successors/ mentees, like a pyramid triangle at each level, this promotes knowledge sharing, no one works in silos, new joiners felt welcomed and guided, reduce attrition rate, because the support systems are in place.
To be a role model or inspirational leader, I keep my promise, execute and lead by example. Creating an open environment where the teams can speak up, trial and error with my full support and backup, these initiatives has made a significant difference in the teams’ confidence and abilities to articulate their points regardless of their level.
In your academic or work career, were there any mentors who have helped you grow along the way? What’s the best piece of advice you have ever received?
Throughout my career, I had few inspirational individuals that motivates me to venture into the unknown, no matter how tough the journey would be. Best advice I ever had was to stay true to myself, do not take things too personally and stand firm on my vision and beliefs.
Over the course of your career, you have been a recipient of several awards and recognitions including one of the Top 100 Women in Cybersecurity. Our readers would love to know the secret mantra behind your success.
‘You are your own limit, what is it going to be – is all in the mind, stop pondering and start executing’.
What is your secret to striking a work-life balance?
In Cyber world, security tools implementation, managed security services and vigilant monitoring is a 24x7x365 efforts to continually protect and defend organization from being attack. Therefore, there is no work life balance per se, there is integrated work life, which means work is integrated into your daily life, as a way of life.
To maintain some sanity and strike some level of balance, communicate with family the nature of our work; that at times, requires emergency attention, so they understand the gravity of impact the type of work we do. Having said that, we need to be efficient with our time management and be fully present when we are spending bonding time with family and chill time with friends and have our me time for hobbies, is paramount.
Where would you like to be in the next 5 years?
I would like to continue as independent advisory board member to raise the awareness in cybersecurity at the top management, guide them through an era of AI and data economy with the wealth of knowledge and experiences gained from working with diverse industries.
Managing risk is paramount when we are leveraging technology innovations, to propel and provide competitive edge for the enterprise, so I would like to be continuously be part of this journey, moving forward.
My mission is to continuously share my insights, knowledge and experiences public or privately, so to contribute back to the cyber and wider communities.
Which technology are you investing in now to prepare for the future?
Artificial intelligence for automated detection and response, data security protection tools, central data lake, platforms or tools that provide higher visibility of organization assets, such as, health check status of my assets, vulnerability management, patching progress and level of data that could provide details and visibility of indicator of compromise, source of attacker and more accurate forecasting of attacks.
What advice would you offer others looking to build their career in cybersecurity?
Hone one’s analytical and articulation skills, the ability to stay calm and compose when crisis hits, will make or hamper your career reputation and progression. Therefore, equipping oneself with operational know-how, collaborating and/or building strong capable team members, shall allow you to focus on strategic direction or execution, that will elevate your position.
When you are ascending to the management level, be adaptive, stay humble and open to suggestions from peers and working levels. Ability to think on your feet and make intuitive decision, with lack of data to go by, especially during incidents or unforeseen events, (happens more often than we think), so learning to listen to our gut or intuition is key.