Chin Kiat Chim: Inside the expanding role of the CSO

Based at global headquarters in Singapore, Chin Kiat Chim, global CISO of Dyson, outlines the changing role of security executives in the context of technology and business priorities.

chin kiat chim dyson

As the guardian of information security, the chief information security officer (CISO or CSO) has traditionally operated as an expert in risk management and compliance, motivated by a desire to protect the organisation from rising threat levels. While such foundational responsibilities remain, in 2020, the role is expanding to include strategy, management and leadership responsibilities.

That’s the view of Chin Kiat Chim, global CISO of Dyson, who represents a modern-day breed of security executive, one capable of enabling the business while protecting core company assets.

“Businesses and organisations are struggling with the demands of today’s digital marketplace and connected citizens and consumers,” said Chin Kiat, speaking to CSO ASEAN. “Digital transformation is changing the composition of C-suites where technology is taking the driving seat for business growth and revenue. For CISOs, this means that valuing the achievement of business and revenue objectives is equally important as risk management and compliance objectives.”

How the CISO role is evolving

Due to rapid innovation and change driven by digital transformation, Chin Kiat said CISOs must now be equipped with deep technical expertise, combined with transformational management skills. “Both cyber security and data privacy regulations increasingly view security as an integral part of the overall customer experience, which in turn demands robust security and privacy by design throughout the business and regulatory framework,” he added.

Going forward, CISOs are expected to become enablers of innovation and growth, in addition to strengthening the security, compliance and privacy capabilities of an organisation. “The CISO now must identify as a business enabler,” Chin Kiat advised. “They must be recognised in the same way from the boardroom or C-suite to the various lines of business and departments that keep the organisation focused, functioning and moving forward on a day-to-day basis. … The CISO must also speak the language of business and be conversant with the basic activities and values of the company.”

In acknowledgement of an evolving threat landscape — especially evident in Southeast Asia — Chin Kiat said disruptive digital technologies continue to “infuse every aspect” of the business, providing opportunities and challenges in equal measure. “This introduces new elevated risk but also elevates the value and importance of the cyber security function,” he said. “When the CISO increasingly has a seat at the executive table, it is showing that security is no longer just about risk, it’s also about competitive differentiation.”

Chin Kiat’s role at Dyson

As global CISO of Dyson, Singapore-based Chin Kiat is responsible for shaping the company’s cyber security roadmap at a global level, in addition to developing and delivering strategies across more than 80 markets worldwide.

Such a scope also includes enabling and securing Dyson’s enterprise IT functions, as well as new production innovation and development and advanced manufacturing resilience.

“I am a problem solver by nature with the expectation being that a CISO can help an organisation solve cyber security challenges via different problem-solving skills and methods,” said Chin Kiat, who joined the business in July 2019, following more than eight years in security-focused roles at DHL. “And most importantly these are the problems that others ignored most of the time.”

According to IDG Security Priorities Study findings, the leading priorities for CISOs in 2020 centre around improving the protection of confidential and sensitive data (59 percent), ahead of increasing security awareness programs and staff trainings (44 percent) and upgrading security to boost corporate resiliency (39 percent).

In 2020, Chin Kiat is prioritising setting up the foundation and ecosystems capable of accelerating Dyson’s cyber security transformation journey, alongside maximising value creation through the agile adoption of advanced technologies to modernise cyber defence capabilities.

During his interview process, Chin Kiat said Dyson’s strong engineering culture was evident, complemented by the company’s speed of innovation and commitment to problem solving. Founded in 1991, the business has evolved from the humble beginnings of a small workshop in rural England to a multibillion-dollar organisation specialising in the design and manufacturing of household appliances such as vacuum cleaners, hair dryers and air purifiers.

The brainchild of inventor and industrial designer Sir James Dyson, plans are in place to fully relocate company headquarters to Singapore in 2021, based at St James Power Station in the HarbourFront area of the city-state.

In his previous position as CISO of DHL Express, Chin Kiat played an instrumental role in helping the global logistics leader establish a Global Cyber Security Centre of Excellence in Singapore through joint collaboration with the Singapore Economic Development Board (EDB).

The centre launched with the aim of centralising and strengthening the company’s cyber security capabilities, while enabling the team in Singapore to proactively monitor and respond to cyber risks within a network spanning more than 220 countries and territories.

Under the leadership of Chin Kiat, the facility also piloted and deployed advanced cyber security technologies related to the logistics sector, alongside joining forces with Singapore-based organisations to grow research and development capabilities. Such an approach earned Chin Kiat recognition in the inaugural CIO50 in ASEAN during 2019, recognising the top 50 senior technology executives driving innovation and influencing rapid change.

“I’ve learned from C-level executives about the importance of making security simple, pragmatic and affordable to implement in order to enable and not block the business,” advised Chin Kiat, drawing on more than 20 years of IT security experience. “We need simple solutions to solve complex problems, otherwise it will double up the complexities.

“This has become my core principle for solving cyber security problems. Finding the simple solution to solve complex problems is very challenging but it keeps me motivated to think creatively and explore better ways to make incremental improvements and keep operations running securely without disruption.”

SIngapore is a critical hub in Asia

“In my personal opinion, there are some benefits that we can leverage being a Singapore-headquartered company to form part of an overall security strategy,” Chin Kiat outlined. “Singapore is the critical hub in Asia — from financial, pharmaceutical, high-tech and logistics, to digital and cyber security. … Singapore has a strong integrated network and ecosystem that we can connect with to accelerate cyber security capabilities through joint technology partnerships.”

Backed by a strong talent pipeline from local universities and research institutions, motivated by delivering up-to-date skills to the local market, Chin Kiat said cyber security is also viewed as a strategic enabler of Smart Nation Singapore initiatives.

As a result, incentives are available from the government to encourage and support such innovation in the market, which includes the establishment of global and regional cyber security operations centres and the welcoming of security focused start-ups to the country. “This collaborative approach may provide flexibility, scalability and agility to grow cyber security capabilities and skillsets with the right partners at the right times when managing complex cyber topics,” Chin Kiat added.

The overriding aim is clear: to tackle future threats while securely enabling faster time-to-market with respect to new product innovations. This also includes focusing on the security convergence between the internet of things (IoT), IT and operational technology (OT), to enable “secure innovation, secure operations and secure enterprise resilience”.

“We are also expanding our cyber security capabilities in Singapore to support the growth of business headquarters and the rest of Asia Pacific markets,” Chin Kiat explained.

A modern approach to evolving security threats

In assessing changing market dynamics, Chin Kiat observed that cyber attacks are continuing to grow in both frequency and complexity, impacting businesses and government agencies of all sizes, irrespective of local, regional or global locations. “Nation-state-sponsored agencies, cyber criminals, hackers and a host of other bad actors are developing new tactics, tools and procedures to circumvent modern cyber security solutions,” he assessed.

To address such threats — while maintaining operations, growing the business, executing the mission and implementing digital transformation — Chin Kiat said success as a CISO requires a balanced focus on both business and deep technical expertise. “These emerging trends have not gone unnoticed by threat actors who are looking for loopholes in new enterprise work streams to exploit,” he cautioned. “An expanded combination of exploits of known vulnerabilities and customised zero-day attacks are now facing CISOs. Today’s CISOs must be able to effectively secure expanding networks against this growing menace while also meeting the evolving business objectives that define their new role.”

In response, Chin Kiat measures security effectiveness by adhering to three core principles of practice.

“Firstly, risk and trust co-exist,” he explained. “The effectiveness of managing risks dynamically to enable growth by exploiting new business opportunities is crucial, in parallel with continuously enhancing the trust of the organisation via secure, scalable and resilient services offered to customers.”

Next up is simple and pragmatic operations, achieved through adapting advanced technologies to transform complex cyber security operations — spanning prevention, detection, response, prediction — into streamline, interoperate and efficient operations to manage and response to cyber risk effectively.

“Thirdly, security must connect with people,” Chin Kiat advised. “Being able to visualise complex security topics into actionable data, empowering the people to take accountability and measure security in terms of value or a story for people to remember, not a statistical number visible in a financial report.”

For aspiring CISOs in the market, Chin Kiat cited “new technology understanding and adoption” as the foundational requirement for success in 2020 and beyond. “You must be mentally prepared to deal with a lot of volatility, uncertainty, complexity and ambiguity (VUCA),” he added. “If you are from a pure technical background, you must reset your mind and gain more business acumen to articulate risk in your line of business language. Mostly importantly, you must have the courage to own the problem and take action to fix it. You also need to be able to handle frustration and failure and become resilient enough to bounce back quickly and continue to work on your goals optimistically.”

Copyright © 2020 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)