It took a casual conversation with some ex-colleagues from a financial institution for Thomas Wong, Cyber Defence Risk and Compliance Assistant Director at IHiS, to discover HealthTech.
“My ex-colleagues asked if I would be interested to join them in IHiS. I learned about what they were doing in IHiS and went on to do my own research into the company,” added Thomas, who brought with him around 12 years of experience in the finance industry.
Upon reading about the work and numerous projects delivered by IHiS to the Public Healthcare Institutions (PHIs), Thomas was sold, and decided to pursue a career in HealthTech.
“I really liked what I saw! I reckon there’s no better place than IHiS to be, an agency that can enhance the nation’s health through tech, and to develop a deeper understanding of HealthTech and appreciation of our healthcare system. Healthcare is also one of the biggest targets for cyberattacks amongst all the industries. So it is where a lot of the action is - we help protect our systems from more than a million threats daily,” he added.
Meaningful to improve the cybersecurity posture and resilience of Singapore’s public healthcare systems
When asked why he found his job meaningful, Thomas smiled, and said, “It’s because I know my team is constantly making positive impact to the cybersecurity posture and resilience of our public healthcare systems.”
Thomas’ Cyber Defence Risk and Compliance team performs thematic reviews of systems and projects, ensuring that technical controls and processes comply with public healthcare’s security policies. They focus on reviewing both existing and emerging threats that the Public Healthcare Institutions (PHIs) are and may be exposed to.
“My typical work week includes engaging our partners to understand how their systems and applications are managed, reviewing their submitted artefacts and discussing if there are areas that we could improve on,” explained Thomas.
Striking a balance between mitigating risks and applying cyber defence controls
For Thomas, the single and most challenging aspect of his work would be articulating the risk and proposing a feasible solution to the issue.
“It is really a fine balance between addressing the risks without being overbearing on the additional controls that may be introduced to the engineers on the ground. This may be a tough task to accomplish but with constant engagement, close collaboration and the support from our partners, we would usually come to a common consensus and solution that has the best interest of both the efficiency of our healthcare colleagues and security of patient data in mind,” he assured.