Evolve APAC 2024: Key Insights

Evolve APAC brought together some of the brightest minds from the region, offering attendees a unique opportunity to learn from industry experts. You can find a wide range of topics aimed at enhancing your skills, building a resilient mindset, and mapping out your career growth. 

From practical insights on technical proficiency to discussions on the evolving demands of the industry, each session provided actionable takeaways designed to help you thrive in your role. 

In this article, we’ll recap the highlights of the event, diving into the key insights shared by speakers and the valuable lessons that emerged from each session. Let’s dive in! 

Alvin Rodrigues is a cybersecurity leader with nearly 30 years of IT industry experience. His session dealt with the importance of building a strong foundation in security, especially at a time with increasing demand for cybersecurity professionals across various industries. 

The main theme of the session was Rodrigues’ foundational framework which consists of five key components: foundational knowledge, technical skills, security awareness, hands-on experience, and soft skills. 

When it comes to technical skills in cybersecurity, they were presented as the core ones, due to the technical nature of the field. Certifications also emerge as a way to validate skills and build credibility.

For security awareness and best practices, Rodrigues stressed the importance of understanding the threat landscape specific to different industries. He recommended the MITRE ATT&CK framework for understanding cybercriminal tactics, as well as understanding security frameworks such as NIST and ISO 27001, and the incident response preparation.

Hands-on experience through labs, simulations, and challenges are also an important component of a strong foundation in cybersecurity. Alvin discussed various platforms for gaining practical experience, including vulnerability labs, penetration testing simulations, malware analysis labs, and cyber ranges. He also encouraged participation in industry projects and personal initiatives to expand knowledge and experience.

While technical skills are a must in this industry, soft skills should never be understated. Rodrigues highlighted the importance of soft skills in cybersecurity, particularly the security mindset, effective communication, and leadership qualities. He stressed the need for continuous learning and introduced the concept of a ‘mastermind group’ for knowledge sharing and personal growth.

Emil Tan is a cybersecurity professional with over 10 years of experience. He works as a Cybersecurity Consultant at Booz Allen Hamilton, runs a community group called Division Zero, organizes the SINCON conference, and is involved with several other cybersecurity organizations, such as CREST.

The session introduced a ‘Professional Profile Framework’ or ‘Skill Stack’ that Tan co-created. This framework outlines various layers of skills needed for impactful output in cybersecurity, including the foundation of excellence, technical proficiency, cognitive agility, interpersonal intelligence, and impactful delivery.

The foundation of this framework is an eagerness to learn and adapt — qualities that are essential given the constant changes in cybersecurity. This mindset sets the stage for building the next layer: technical proficiency. Here, the focus is on developing specialized, hands-on expertise that equips professionals with the tools needed to handle complex challenges.

Cognitive agility was another key point of discussion, described as the ability to think creatively and adaptively. This involves using both analytical and innovative thinking to solve problems and approach scenarios with a ‘hacker mindset.’ At this level, it’s about not just understanding concepts but being able to apply them in dynamic, real-world situations.

Soft skills and business awareness were also emphasized. Cybersecurity professionals need to be aware of the broader organizational context and align their efforts with business goals, making effective communication and relationship-building essential parts of the skill set.

The importance of community was another highlight, with cybersecurity described as a collective effort where sharing knowledge and insights can lead to better overall results.

Lastly, the session tackled the topic of the talent gap in the industry, reframing it as a skills gap rather than a lack of people. The emphasis was on the need for stronger critical thinking skills alongside technical abilities to close this gap effectively.

Mike Lo comes to us with over 20 years of experience in the cybersecurity industry, starting his career around the year 2000, as part of the first batch of cybersecurity professionals in Hong Kong.

Lo starts the session by outlining the key steps for starting a career in cybersecurity. Identifying personal interests, setting milestones, considering specific cybersecurity domains, and conducting research get highlighted as crucial steps before applying for jobs. And in order to identify interests and better understand one’s strengths and weaknesses, self assessment comes up as the ideal solution. Assessing your skills is done in three stages: identifying strengths, evaluating experience and determining gaps.

When it comes to identifying skills gaps, this can be done through assessing skills, performing a gap analysis, following learning paths, and some strategic planning of course.

For both newcomers and mid-career professionals, there are various educational options including academic programs, online courses, bootcamps, and certifications. Whatever the option may be, hands-on training and practical knowledge application are important additions.

Lo emphasizes the importance of building a strong understanding of core cybersecurity concepts. He recommends developing expertise in various areas such as networking, programming, and security protocols.

You can also hear some strategies for growing professional networks, including attending industry conferences, joining professional organizations, and building a strong LinkedIn profile. Lo emphasizes the importance of connecting with cybersecurity professionals and seeking advice from experienced peers like you can do on Evolve.

For cybersecurity interview preparation, it’s important to understand the role requirements and consider the employer’s perspective. Lo closed the session by outlining various career paths in cybersecurity, including penetration tester, security analyst, security engineer, and cybersecurity management, and stressing the importance of continuous learning, staying up-to-date with industry trends, and pursuing relevant certifications, such as OffSec certifications.

The rapid evolution of technology used for organizational protection has expanded the attack surface significantly, especially during COVID-19 and remote work transitions. Emerging technologies like cloud computing, IoT, and AI are transforming operations but also creating new vulnerabilities for attackers. The cybersecurity landscape is characterized by constant change, with new threats emerging daily that require quick adaptation from organizations.

This is how Chathura Abeydeera introduces us to the story of the current cybersecurity landscape.

All of this leads to certain challenges for cybersecurity professionals.

For all cybersecurity professionals, rapid technological changes mean they are constantly playing catch-up.

This is where Abeydeera introduces the concept of resilience and adaptability. Resilience and adaptability are key traits needed not just for survival but also for thriving in the ever-evolving cybersecurity landscape.

In cybersecurity, resilience refers to the ability to bounce back quickly from incidents rather than simply withstanding them. It involves maintaining business continuity after an attack or personal setback.

Adaptability is crucial as threats evolve daily; relying on a single strategy is insufficient. Continuous learning helps professionals stay ahead in this fast-paced field.

Key strategies for resilience include the mastery of three critical skills: problem-solving, analytical thinking, and technical knowledge. Abeydeera highlights the necessity of being able to assess and respond quickly to incidents, underscoring that experience is crucial alongside technical skills. 

We are then introduced to the concept of emotional resiliency, which is vital for professionals dealing with both technology and people. One part of emotional resilience includes the ability to handle attacks and learn from mistakes without becoming overwhelmed. Additionally, embracing lessons learned from failures builds character, personality, and organizational resilience.

Adaptability goes beyond technical skills; it involves cultivating a mindset geared towards continuous learning about trends and techniques in cybersecurity. One way to nurture this mindset involves engaging with various resources like blogs, webinars, or certifications, and building your hands-on experience through CTF competitions or practice labs, regardless of one’s level of expertise.

Resilience and adaptability are vital skills not only for success in cybersecurity but also in life overall.

In his session, Faisal Yahya, Country Manager for PT Vantage Point Security Indonesia, provided an in-depth exploration of the current cybersecurity landscape. He began by noting the alarming frequency of data breaches, highlighting that across Asia, there are over 800 attempted breaches every 39 seconds. This statistic set the tone for a discussion that covered the intersection of new technologies, such as AI, quantum computing, and the increasing prevalence of remote work, that are reshaping the security environment.

Faisal identified three key trends shaping cybersecurity in 2024: the explosion of the attack surface due to the proliferation of connected devices and 5G networks; a shift towards zero-trust security approaches; and the rise of cybercrime-as-a-service. He detailed how these trends are affecting different sectors, particularly financial services, technology, and manufacturing, which are experiencing increased vulnerabilities such as payment fraud, source code theft, and supply chain attacks.

Remote and hybrid work, which Faisal argued has fundamentally altered the security landscape, are creating new perimeters that need protection. He noted a sharp rise in phishing attacks targeting remote employees, illustrating the increased risks tied to the expanded attack surface and endpoint security challenges.

Faisal also addressed the transformative potential of AI and quantum computing, discussing both their applications in cybersecurity and the new threats they pose. He outlined how machine learning can enhance threat detection and response but cautioned about the risks to current encryption methods from emerging quantum capabilities, underscoring the urgency of adopting post-quantum cryptography.

Towards the end, Faisal highlighted a critical challenge in the cybersecurity field: the severe talent shortage. He pointed out a global shortfall of 3.5 million cybersecurity professionals, with a 52% surge in demand for security roles in Asia. He underscored the need for continuous skill development, presenting a strategic pathway for career progression and emphasizing the importance of ongoing education to keep pace with the rapidly evolving threats.

Faisal concluded by advocating for a proactive, adaptive approach to cybersecurity, stressing the importance of balancing technical excellence with professional growth to future-proof security operations.

Evolve APAC 2024 provided a comprehensive look into the current and future state of cybersecurity, featuring sessions led by seasoned industry professionals who shared their knowledge and insights. Each presentation delivered practical advice, strategic frameworks, and thought-provoking ideas, offering attendees valuable guidance for building skills, navigating career paths, and tackling the evolving challenges in the field. 

You can register to watch all of the sessions here.