Career Advice Recruitment tips

Halting the hackers: EY global security leader Ken Allan talks about getting ahead in cybersecurity in Hong Kong

As the digital era gains pace, cybersecurity is a growing priority for companies which need to protect the online operations and sensitive data critical for doing business in the 21st century. To find out about cybersecurity careers, we talked to Ken Allan, global cybersecurity leader at EY, who maps out career paths and explains how demand for talent is outpacing supply in Hong Kong.

How does Hong Kong measure up to global cybersecurity standards?

In the financial industry, Hong Kong has active regulatory bodies that focus on making sure the banking community is keenly aware that they must be cyber secure. In addition, with many multinationals operating in Hong Kong, cybersecurity “best practices” from companies in Europe and the US deliver benefits to Hong Kong-based enterprises.

However, there is still much to be done globally for all organisations to adapt and anticipate in the face of the continually evolving cyber threat environment. 

Enterprises should take an “active defence” stance, with advanced security operations centres that identify potential attackers and analyse, assess and neutralise threats before damage can occur.  It is imperative that organisations consider cybersecurity as an enabler to build and retain customers’ trust.

What makes a cybersecurity professional different to an IT professional?

Whilst cybersecurity has spun out of IT, it is now a mature function with a completely different set of responsibilities.

IT should be focused on getting the right information to the individuals who need it, on time, and as cost-efficiently as possible. Cybersecurity professionals should be concerned with making sure that the business is secure, and that its IT, business processes and staff have the right set of security controls and training in place. Ideally, cybersecurity should be separate from IT, with separate reporting lines, and able to act independently from IT.

How has the landscape for cybersecurity professionals changed in Hong Kong? 

The demand for such professionals is very high in Hong Kong. In fact, demand outpaces supply, as it does in most markets globally, driven in large part by the financial services sector. However, cybersecurity professionals should continually update their skills to keep pace with evolving market demands, especially in business and communications skills. This will enable them to communicate effectively and build networks with internal business stakeholders and external stakeholders such as regulators and partners.

What are the main factors driving the cybersecurity industry in Hong Kong?

The Hong Kong drivers are the same as those around the world: the increasing sophistication of attacks; industrialisation of cybercrime as an illegitimate business; regulatory pressures; and recognition of cybersecurity threats as an issue that should concern everyone in an organisation, starting with the CEO and the board of directors.

What industries show the greatest demand for cybersecurity professionals in Hong Kong?

In Hong Kong, the greatest demand is in the financial services industry.

What roles and career paths are open to cybersecurity professionals?

There are tremendous opportunities, because cybersecurity – with its ability to affect organisations in so many ways – has become a highly visible and important issue that concerns enterprises’ boards of directors and CEOs. Cybersecurity professionals have the opportunity to become very senior executives and get involved in all aspects of a business. These include acquisitions, where sensitive market-impacting information must be kept confidential, and new product development, where it is important to incorporate best practices in cybersecurity into the product-development lifecycle.

For those looking to compete in the industry, what skills and training are needed?

Strong business and IT backgrounds are some of the key skills required to compete in the current industry. With the current trend of internet of things (IoT), it is also important to have strong skills in embedded systems, and in building in security into every connected device.

What qualifications and experience do hirers look for?

A professional cybersecurity qualification, such as the Certified Information Systems Security Professional (CISSP), is a good starting point. It is important for professionals to be open-minded, innovative and flexible, to keep pace with the resourcefulness and creativeness of cyber criminals.

Cybersecurity professionals should keep one goal in mind: to outsmart cyber criminals. These days, that’s an incredibly challenging task and it’s why demand for skilled cybersecurity professionals is going to remain high for the foreseeable future.


This article appeared in the Classified Post print edition as Halting the hackers.