Steven SIM Kok Leong
Introduction
With a career spanning 23 years focusing on IT Security Governance, Risk Optimisation, Compliance, Security Assessment, Incident Management, Technology, Training, Awareness. Planned and oversee deployment of solutions enabling business for large IT enterprises and critical OT infrastructure with a focus on Internet of LogisticsTM, CP 4.0TM, Supply Chain 4.0 and Cyber-Physical Systems, Steven has worked in the cybersecurity field with large end-user enterprises and critical infrastructures, undertaken global CISO role, driven security governance and management initiatives and headed incident response, security architecture, technology and operations at local, regional and global levels. He is in the Peerlyst 29 Highly Influential CISOs list, a Singapore SkillsFuture Fellow and a Professional (Leaders) Category Finalist in the inaugural Cybersecurity Awards 2018 held in Singapore. He is also a member of both Microsoft APAC CISO Council and Fortinet Executive Cyber Exchange and adjunct lectures on a pro-bono basis at National University of Singapore Institute of System Sciences.
Appointment within BCM Institute
Speaker at BCM Institute's conference "World Continuity Congress" and Meet-the_Expert Webinar series.
Past Employment
● ISACA Singapore Chapter Various Positions (2014 – 2018)
● SCS (Singapore Computer Society) Various Positions (2016-2019)
● SPSTC ITSC (IT Standards Committee) Member (Jan 2004 – Dec 2009)
● Association of Information Security Professionals (AISP) Member, Protem Committee, AINSE0 (Jul 2006 – Dec 2007)
● Special Interest Group in Security and Information Integrity (SIG^2) Director & Honeynet Principal Investigator, G-TEC Labs, (Aug 2005 – Aug 2006)
● SANS Institute GCFW Advisory Board Member (Apr 2002 – Jun 2010)
● Information Systems Security Association (ISSA) Singapore Chapter Various Positions (Jan 2004 – Dec 2005)
Qualification
● Masters of Computing (National University of Singapore, Singapore)
Professional Certification
● Certified Data Privacy Solutions Engineer® (CDPSE)
● APMG Accredited Trainer for CRISC
● APMG Accredited Trainer for CGEIT
● APMG Accredited Trainer for CISM
● APMG Accredited Trainer for CISA
● EC-Council Certified Chief Information Security Officer (CCISO)
● GIAC Reverse Engineering Malware (GREM)
● TOGAF® 9 Certified Enterprise Architect
● Global Industrial Cyber Security Professional (GICSP)
● Certified in the Governance of Enterprise IT® (CGEIT)
● Certified in Risk and Information Systems Control™ (CRISC)
● PRINCE2 Registered Practitioner
● Project Management Professional (PMP)®
● Certified Information Security Manager® (CISM)
● Key Computer Service Basic Forensic Computer Examiner
● ISO27001 IRCA Certified ISMS Lead Auditor/Auditor (exam)
● GIAC Certified Incident Handler (GCIH)
● Certified Information Systems Auditor® (CISA)
● Cisco Certified Network Associate (CCNA)
● Bureau Veritas ISO 9001:2000 Certified QMS Internal Auditor
Notable Cybersecurity Contributions
Contribution to society in Singapore | Raised awareness through sharing of cybersecurity knowledge and experience via talks
Security Technologies • A Strategy for Inexpensive Automated Containment of Infected or Vulnerable Systems (18th FIRST Conference), Jun 2004 • GTEC and Honeypots (SIG^2 Seminar), Nov 2004 • Honeynets (Adjunct Lecture for Computer Engineering), Oct 2004 • Honeynets (ITSC Security Seminar 2004), Oct 2004 Security Career Advisory • Cyber Security Career (Fuhua Secondary Career Talk), Jan 2006 Security Governance and Architecture • Adjunct Lecture on Formulate Security Strategy Considerations for Cyber Physical Systems, Cloud and IoT, May 2020 • Architecting Cybersecurity to Future-proof Smart Cities against Emerging Cyber-Physical Threats, Temasek Polytechnic, May 2020 • Architecting Cybersecurity to Future-proof Smart Cities against Cyber-Physical Threats, Institute of Systems Science, National University of Singapore, Feb 2020 • Architecting Cybersecurity to Future-proof Smart Cities against Cyber-Physical Threats, Institute of Systems Science, National University of Singapore, Feb 2020 • Port Automation and Cybersecurity Risks: Are Ports Prepared?, IQPC Port Security and Modernization Asia Conference, Dec 2019 • Keynote: Future-proofing Supply Chian 4.0 against Emerging Cyber-Physical Threats, Konica Minolta Inc. Connect 2019, Nov 2019 • Future-proofing Cyber-physical Systems against Emerging Threats, Cloud and Cyber Security Expo Singapore 2019, Oct 2019 • Future-proofing Maritime Ports against emerging Threats, MPA Maritime Security Forum, Maritime and Port Authority of Singapore, Aug 2019 • Future-proofing Port Automation Systems against emerging Cyber-physical Threats, Port Automation Summit 2019, May 2019 • Future-proofing the Supply Chain against emerging Cyber-Physical Threats, 2nd Cyber Resilience & Risk Forum, May 2019 • Emerging Trends in the approach to BCM, World Continuity Congress 2019, Apr 2019 • Protecting Maritime Ports against Emerging Cyber-Physical Threats in Industrialization 4.0, Singapore Maritime Technology Conference 2019 Cybersecurity Seminar, Apr 2019 • Future-proofing Supply Chain against Emerging Cyber-Physical Threats, SCS ASCENT Series – SCM Chapter 2019, Mar 2019 • Future-proofing Supply Chain against emerging Cyber-physical Threats, Black Hat Executive Summit 2019, Mar 2019 • Future-proofing against Emerging Cyber-physical Threats, DiCyFor 2019, Feb 2019 • Future-proofing Maritime Ports against Emerging Cyber-physical Threats, port Planning & Development Asia Summit 2019, Feb 2019 • Future-proofing against emerging cyber-physical threats, 4th Annual CISO Leaders Summit, Nov 2018 • Future Proofing against Maritime Cyber Threats, The Maritime CIO Forum, Digital Ship, Oct 2018 • Future-proofing Maritime Ports against Emerging Cyber-physical Threats (Keynote Speaker, Digital Ship Maritime Cyber Resilience Forum, Asia Pacific Maritime), Mar 2018 • Future-proofing Maritime Ports against Emerging Cyber-physical Threats (CIFI Security Summit 2018), Mar 2018 • Future-proofing Maritime Ports against Emerging Cyber-physical Threats (Temasek Polytechnic ISACA Day 2017), Nov 2017 • Future-proofing Maritime Ports against Emerging Cyber-physical Threats (Cyber Security for Maritime Summit 2017), Oct 2017 • Governing Vulnerabilities in a Complex Digital Ecosystem (Singapore Cybersecurity Consortium - Tech Talk II), Jun 2017 Raised awareness through sharing of cybersecurity knowledge and experience at panels Security Risk Management • Managing Cybersecurity Risks and Challenges as a result of COVID-19, May 2020 • Is Security a People Problem or a Technology Problem, IBM Think 2019 – CIO ASEAN, Aug 2019 • MindXchange briefing, Cyber Wars: The Enterprise Strikes Back, Frost & Sullivan, Nov 2018 • Keep control of your data in a new secured world (3rd CISO Leaders Summit 2017), Nov 2017 • Identifying Latest IT Security Technology in Protecting Maritime IT Infrastructure (Cyber Security for Maritime Summit 2017), Oct 2017 • Conversation with Information Security Officers: Managing information security and technology risk (Maritime Cyber Security Conference 2016), Nov 2016 OT, IOT, IIOT Security • Safeguarding Cyber and Security in an Increasingly Automated World, The Maritime CIO Forum, Digital Ship, Oct 2018 • IoT Security in the Digital Age, CIO Summit 2018 Tech Summit, IDC, May 2018 • IoT Security, Executive Security Action Forum, RSA Conference Asia Pacific & Japan 2017 (RSA Conference), Jul 2017 • Importance of Cyber and Physical Convergence (5th Annual CIO Leaders Summit Singapore), May 2017 Business Continuity Management • Panelist, emerging BCM Trends: An External Perspective, World Continuity Congress 2019, Apr 2019 Network Security • Level up your Network Security, CloudSec Singapore (CLOUDSEC), Aug 2017 Ransomware Threats and Mitigation • With outbreak of global ransomware, where does responsibility with securing IT Stack lies? (Cloud Security Expo Asia 2017), Oct 2017
|
Volunteer works related to cybersecurity |
Judge • The Cybersecurity Awards 2019 Organising Committee, 2019 • 2018 Frost & Sullivan Asia Pacific ICT Awards, May 2018 • The Cybersecurity Awards 2018 SME Category, Jan 2018 • Code:XtremeApps::2017 (Info-communications Media Development Authority), Jul 2017 • 2017 Frost & Sullivan Asia Pacific ICT Awards, May 2017 • AirRaid 2005 National Hacking Competition, 2005 • BlackOps 2004 National Hacking competition, 2004 Trainer • Adjunct Lecturer, Enterprise Security Architecture, NUS Institute of System Science, Jan 2020-Present • Guest Lecturer, IT Security Governance, Nanyang Polytechnic, Jul-Aug 2018 • CISM and CISA Review Courses, 2014-2015, 2019 Advisory • Reviewer, Controls Mapping of CSA-CCM with ABS-CCIG, May 2020 • Member, ICS Security Community Guidelines Taskforce, Cyber Security Agency, 2017 • Member, Advisory for DigiPro, SCS, Oct 2017 till present • Member, Cyber Security Panel (Skills Advisory Panel for Skills Framework for ICT), Nov 2016 • Panel Reviewer, SP Diploma in Information Security Management Course Review, Sep 2016 Career Mentoring • SCS Cybersecurity Mentorship Program 8x Runs - Q2-2017 till Q2 2019 • NTUC U PIVOT Program Run 1, 2016 and Run 2, 2017
|
Raise profile of Singapore cybersecurity both locally and internationally |
• Spoke at European LSEC Roundtable on COVID-19 Cybersecurity: From Lockdown to New Normal, Apr 2020 • Founding Member, Better Cybersecurity Coalition, Oct 2019 • Founded Maritime Port Cybersecurity Forum (MPCF) LinkedIn Discussion Group, Apr 2019 • Represented ISACA Singapore Chapter at ISACA Asia Leadership Meeting in Apr 2019 • Represented ISACA Singapore Chapter at Global Leadership Summit in Oct 2018 • Represented Singapore and NUSCERT at China-ASEAN Workshop on Capacity Building and Regional Cooperation of National CERT hosted by Ministry of Information Industry, PRC, 2005 • Represented Singapore and NUSCERT at APCERT Drill, 2006 • Represented Singapore and NUSCERT at ASEAN CERT Drill ACID 2006 • Spoke at the 18th Annual FIRST Conference ("Strategy for Inexpensive Automated Containment of Infected or Vulnerable Systems"), Jun 2006 • 2nd place, Scan of the Month SoTM Challenge, The Honeynet Project, Apr 2004 • SANS ISC reporting – SSH Honeypot Capture, Follow the bouncing Malware, 2004 • Contributor and Reviewer, SANS Top 20 Consensus, 2004 • Director of SIG^ GTEC Labs and directed the setup of largest honeynet outside US, May 2004 • Discovered CVE-2012-2984 security system vulnerability, developed PoC exploit, Aug 2012 • SCS Magazine 2018 Issue 2: Future-proof Our Ports: Lessons from movie Pacific Rim: Uprising • Computer World: How businesses should level up their cloud security?, Aug 2017 • Business Insider: Cyber Wars: The Empire Strikes Back. Dec 2018 • Medium: Goodbye Back-end IT Solutions CIOs hold Centre Seats in Business Strategies, Jun 2019 • CISO Leaders Summit: Interview with Steven Sim, Vice President, ISACA Singapore Chapter, Nov 2018 • CIO Asean: Security in the enterprise, a human or tech problem, Oct 2019 • CIO Asia Interview: How to embed cyber security best practices across a global organization?, Aug 2017 • CIO Asia Interview: How businesses should level up their cloud security, Aug 2017 • Asia Pacific Security Magazine: CII Defense-in-Depth, Nov 2017 • PSA Facebook: PSA ICT At Work – IT Security, Feb 2017 • Today Online Interview: More choices for poly, ITE grads in enhanced SkillsFuture program, Mar 2017 • Invited to speak and panel at multiple cybersecurity and maritime conferences and seminars. |