Nyan Tun Zaw, CISSP, is serving dual roles as Chief Information Security Officer (CISO) as well as Senior Vice President at Athena Dynamics Pte Ltd, which is a subsidiary of BH Global Corporation Ltd, an SGX mainboard listed company. He is also currently serving in the executive committee of ISC2 Singapore Chapter as Honorary Secretary. With a wide range of background in cybersecurity, software development, web development, networking as well as business development, Zaw specializes in evaluating and analysing different cybersecurity technologies available in the industry and particularly experienced in areas like zero trust and file cleansing technologies like CDR. During the early days as technical lead and head of good hackers’ alliance (gha), he was also involved in various project implementations with Athena Dynamics in several highly confidential government and critical infrastructure projects in Singapore and the region.
Recently, in an exclusive interview with Digital First Magazine, Zaw shared his professional trajectory, insights on some of the key challenges facing the tech industry right now, significant career milestones, future plans, words of wisdom, and much more. The following excerpts are taken from the interview.
Hi Zaw. Please tell us about your background and areas of expertise.
My name is Zaw, and I am currently the Chief Information Security Officer and Senior Vice President at Athena Dynamics. My main area of specialties is in disruptive advanced cyber technologies and solution architecture. I started out my career as a web and C# programmer when I joined and IT team of BH Global (parent company of Athena Dynamics). During that time, BH Global was undergoing digital transformation and as part of the initiative, the whole IT department was spun off as a cybersecurity company called Athena Dynamics. This was an award-winning initiative that also brought me to the cybersecurity industry. From then on, I have assumed various roles in solution architecting, cyber consulting, system implementation, solution support as well as business development.
What do you love the most about your current dual roles as CISO & Senior Vice President, Athena Dynamics Pte Ltd?
The main advantage of my current dual roles is that I get to understand and run the operations as an end user as well as able to talk to external prospects, customers and industry friends to help them with various cybersecurity issues that they are trying to tackle based on my experience. This also allows me to contribute better to the growing community of cybersecurity professionals in Singapore since I am able to see from various perspectives (technical, operations and business) on important cybersecurity issues.
What are some of the technology challenges facing the industry right now?
It’s mainly on the fact that we have technology advancements in almost every industry, which in itself is highly beneficial to the society as a whole but at the same time, opened up a lot of attack surfaces for malicious cyber criminals, especially in the Critical Infrastructure sector where traditionally availability is of upmost importance so security might not always necessarily be the highest priority. With that, finding the balance between these two things is a subtle art and we need more professionals in the industry to be able to tackle all these challenges that we are facing better.
In your opinion, what should CISOs, and businesses do to take advantage of recent technology evolutions?
With the rise of technologies like Gen-AI, it’s a “lifesaver” for CISOs and businesses in many ways. For example, cyber teams used to need weeks and months to work on cybersecurity policies but now with Gen-AI, it could be as fast as a couple of minutes to come up with a baseline policy document, which of course needs further fine-tuning and customizing to fit the organization’s needs but all the tedious ground works can now be automated. Same goes for areas like incident response where it used to take security team weeks and months to investigate an incident but with the advanced technologies these days, the efforts can be reduced to as little as a couple of hours. So CISOs and businesses should take advantage all these advancements to do more while also being mindful about the potential risks the new technologies might bring and the necessary due diligence to understand how these can be mitigated without compromising the progress in innovation.
As a leader, what approaches do you use to create a culture of experimentation and innovation within your team?
Basically, keeping an open mind to all the latest advancements and experimenting with them in a controlled environment was key. At Athena Dynamics, we explore all sorts of most advanced technologies from around the world and we have a lab in our office where all these innovations can be tried out in a safe environment. Our motto is not to judge a book by its cover because sometimes seemingly uninteresting technologies turned out to be a great lifesaver while seemingly hot technologies turned out to be not practical to implement at all. Hence the best way always is hands-on experimentation.
What has been the most fulfilling part of your career?
Mainly, I get to learn about some of the most advanced cyber technologies and is privileged to get to know some of the smartest people, so I am learning every single day. As someone who has a great appetite for learning, this has been a very fulfilling part of my career. In fact, not just on the technical front, due to the various roles that I have worked in over the past decade, I got to learn about various technical and business functions that gives me a really good horizontal view about the whole organization, which enables me to operate from both technical and business perspectives.
What are your valuable learnings and un-learnings during your journey to a visionary leader?
My most valued learnings are on the fact that we should never stop learning. There are always new things to learn and once we get complacent with what we know, that’s when we start to lag behind everyone and our value in the community, and career becomes obsolete pretty quickly.
In your words, tell us the leadership skills that everyone should learn?
In my journey, I have had the privilege to learn from some really good leaders on good approaches to leadership style. One key thing that I resonate the most is to always listen and encourage everyone in the team to have an open culture. Basically, to be able to talk about anything and a team member should not be afraid to talk to his/her manager about even the most trivial matter if it is something that can hinder the team’s dynamics or his/her own progress.
What is that one thing which motivates you to become better and better every day?
I have been privileged to be able to work on something that I am passionate about, and I believe that is a really important thing that motivates me to become better every day so that I can do more.
Where do you see yourself in the next 5 years?
Probably be more active in the cybersecurity community to help bring the next generation of cyber talents and leaders to the much-needed levels in the cyber security industry.
What is a piece of career advice you have been given that you would pass on to others?
No matter what we do, we should invest in integrity as a way of life. Once a person loses integrity, his/her expertise or achievements become irrelevant as at the end of the day, trust is most important, and it should never be broken.