27-Oct-2021 Thomas Wong: From FinTech to HealthTech Cyber Defence Page ContentIt took a casual conversation with some ex-colleagues from a financial institution for Thomas Wong, Cyber Defence Risk and Compliance Assistant Director at IHiS, to discover HealthTech.“My ex-colleagues asked if I would be interested to join them in IHiS. I learned about what they were doing in IHiS and went on to do my own research into the company,” added Thomas, who brought with him around 12 years of experience in the finance industry.Upon reading about the work and numerous projects delivered by IHiS to the Public Healthcare Institutions (PHIs), Thomas was sold, and decided to pursue a career in HealthTech.“I really liked what I saw! I reckon there’s no better place than IHiS to be, an agency that can enhance the nation’s health through tech, and to develop a deeper understanding of HealthTech and appreciation of our healthcare system. Healthcare is also one of the biggest targets for cyberattacks amongst all the industries. So it is where a lot of the action is - we help protect our systems from more than a million threats daily,” he added. Meaningful to improve the cybersecurity posture and resilience of Singapore’s public healthcare systemsWhen asked why he found his job meaningful, Thomas smiled, and said, “It’s because I know my team is constantly making positive impact to the cybersecurity posture and resilience of our public healthcare systems.”Thomas’ Cyber Defence Risk and Compliance team performs thematic reviews of systems and projects, ensuring that technical controls and processes comply with public healthcare’s security policies. They focus on reviewing both existing and emerging threats that the Public Healthcare Institutions (PHIs) are and may be exposed to.“My typical work week includes engaging our partners to understand how their systems and applications are managed, reviewing their submitted artefacts and discussing if there are areas that we could improve on,” explained Thomas. Striking a balance between mitigating risks and applying cyber defence controlsFor Thomas, the single and most challenging aspect of his work would be articulating the risk and proposing a feasible solution to the issue.“It is really a fine balance between addressing the risks without being overbearing on the additional controls that may be introduced to the engineers on the ground. This may be a tough task to accomplish but with constant engagement, close collaboration and the support from our partners, we would usually come to a common consensus and solution that has the best interest of both the efficiency of our healthcare colleagues and security of patient data in mind,” he assured. Acknowledgement from healthcare partners keeps the team goingHis team is most encouraged when healthcare partners recognise and appreciate their efforts to help them identify areas of improvements which may not have been feasible to implement previously due to legacy issues.“We do receive thank you notes from them, even though they have to undertake additional measures to remediate the areas of improvements that my team has recommended. This has reaffirmed our team’s resolve to continue to do what we’ve been doing, which is to strengthen and improve the overall cybersecurity posture of the PHIs,” Thomas shared. Challenges can be overcome with a close-knit cyber defence teamThomas credits his team’s successes to his dedicated, close-knit and diverse team of 6. In spite of COVID-19 measures, they try to find pockets of time amid their busy schedules to catch up and nurture a good working relationship.“While my team is neither considered as frontline healthcare workers providing medical care to our patients, nor the project team that develops and delivers the many useful applications to the PHIs, we are very much motivated by the fact that we are constantly helping to ensure that the common systems under our mandate, especially Critical Information Infrastructure (CII) Systems, are well protected,” he added with pride.The support they extend one another goes beyond the workplace. “One of my team members and I were recently sponsored to enroll in the same SysAdmin, Audit, Network, and Security (SANS) Auditing course. We discussed and exchanged notes on the course materials, provided support to each other and I’m glad to share that we both manage to pass the exams in April 2021.” IHiS is more than just a HealthTech company“I know some people may think that IHiS is nothing more than a company that provides IT support to the PHIs - but it is so much more than that!” retorted Thomas.“The numerous HealthTech applications and platforms that we have been developing throughout the years have a positive impact to the overall operations of the PHIs and Singapore’s reputation as a smart nation. I can say that at IHiS, we stay true to our mission of making HealthTech better by integrating intelligent, highly-resilient and cost-effective technologies with process and people. IHiS is the place to be for HealthTech,” he continued.