SINGAPORE: One is a do-it-yourself geek that had a passion for hacking computers from a young age, while the other is a self-professed late bloomer in the cybersecurity scene. Together, two former DSO National Laboratories researchers are looking to exploit the current wave of interest in and need for cybersecurity to build a lasting business.
The start-up in question? InsiderSecurity, a software vendor offering corporations automated cybersecurity monitoring tools at what is touted as an “affordable rate”, which was started in 2015 by Mr Jonathan Phua, who was subsequently joined by Mr Chen Kin Siong.
But what set the duo on this path?
Chen shared with Channel NewsAsia in a recent interview about his early passion for computers, specifically in breaking into the operating systems. Teaching himself using library books and guides gleaned off the Internet Relay Chat (IRC), the 34-year-old even wrote a paper detailing the computer security landscape in Singapore when he was in secondary school – which resulted in “local security companies pitching job offers” without knowing he was still a student.
His passion was further kindled when he was posted in 2003 to be a “consultant” at the Ministry of Defence’s (MINDEF) CERT and cybersecurity monitoring team, whose scope was, and still is, top secret. But through his stint, he picked up skills in reverse engineering malicious software and identifying state-sponsored attacks – which he currently applies at InsiderSecurity.
Phua, on the other hand, came late to the cybersecurity scene, even though he was a programming geek in his own right (he wrote a Windows 95 software programme back in his JC days). It was only when he applied, successfully, for a transfer to be a computer scientist at DSO in 2007 that his eyes were opened to the possibilities.
“I worked on problems that no one actually knew existed,” he recounted.
GETTING OFF THE GROUND
While the field is exciting and challenging, Phua says both of them have made sacrifices in order to make the company a reality.
The 39-year-old shared that they were on “comfortable” pay packets at DSO, which they gave up. Today, they draw “more than 50 per cent less” of what they used to earn, yet have to work harder than before, he revealed.
On a personal level, Phua shared that time away from his family, especially his four-year-old daughter, is tough. “She would ask: ‘Papa, can you come and play with me?’ and I would have to say: ‘Sorry, but papa has to work’.”
He recounted that when he first took the plunge and started the business, he only had one customer to count on. It’s only now that the business is on a more solid footing with “fewer than 10 well-known Internet firms” as customers. The co-founder declined to name the companies as he said it could pin a target on their backs for cybercriminals.
Remote monitoring services aside, InsiderSecurity also produced a report in April stating it discovered thousands of devices in Singapore that have been “rented out” to access the Web without their owners’ knowledge. This was done through the “billions of events” analysed by the company’s algorithms, it said in a press release.
“The big threat is that these hijacked devices may be hired to deliver crippling high-bandwidth cyber attacks in Singapore,” Phua said of the findings. “This attacks our national IT infrastructure from within, it is harder to defend and it deals more damage.”
The start-up added the hijacked devices are likely consumer devices such as notebooks, routers and webcams, with the report suggesting that some have been linked to university networks in Singapore.
Jonathan said the findings have since been submitted to the Cyber Security Agency of Singapore (CSA) for further verification.
BUILDING FOR THE FUTURE
The report also put into focus a key problem faced by Phua and his five-man start-up: How to get the company’s name out there.
“Our main challenge is marketing; people haven’t heard of the company,” he said, who added the Government contacts they have touched base with have helped with pointing them to the right people to network with.
Both men also acknowledged, and supported, the Government’s efforts to build up the talent pool for such skilled workers. For instance, there’s the Cyber Security Associates and Technologists (CSAT) programme which is an initiative to equip ICT professionals with three years’ working experience to pick up the requisite skills to switch sectors.
However, the company has yet to tap on the available official grants and other support measures that are available. “As entrepreneurs, we should do it without Government help anyway,” Phua said.
Longer term, Chen hopes that by starting InsiderSecurity, they would be able to make cybersecurity products for the masses, and not just for conglomerates that can afford to pay for these tools. He also wants to help build an ecosystem here to train a bigger team of online defenders.
Already, there are efforts to address the manpower shortfall in the sector. NTU, for instance, has a S$2.5 million collaboration with BAE Systems, a provider of defence, aerospace and security solutions, to develop advanced cybersecurity solutions and nurture more specialists in the field.
Down the age group, 19 secondary schools here have started offering computing as a new O-Level subject, which will focus on programming, algorithm, data management and computer architecture - concepts that are building blocks to expertise in cybersecurity.
But Phua wonders if an issue that could hinder the development of cybersecurity professionals lies in Singapore’s education system. The premise for schools here is an emphasis to teach students how to build things, but this might not necessarily work for cybersecurity, he suggested.
“It is counterintuitive,” Chen explained, “Since cybersecurity is about breaking things (and not building them).”
Ultimately, the journey for Phua and Chen from start-up to sustainability is still in the early days, but the duo aren't regretting their decision.
"It is a steep learning curve ... but there is more satisfaction," said Phua.