 Hai, semua. Terima kasih kerana datang bersama kami malam ini. Jadi, sekali lagi, terima kasih kepada SG JunialDF untuk mendukung GavTech StagX dan, tentu saja, Kai dari Macurix untuk menjadi seorang pembicara kami juga. Jadi, saya adalah Joyce, dan bersama kawan-kawan saya, kami menerima StagX Deffrail kerja di GavTech. Pada prosesan berikutnya. Terima kasih. Jadi, saya akan hanya ingin memperkenalkan GavTech dengan sering-sering dengan anda semua. Jadi, GavTech adalah sekarang sekitar 3,000 kuat. Dan kerja kami boleh sebenarnya diperkenalkan ke dalam 3 kawasan. Jadi, ini adalah pembicara, pembicara, cyber dan pembicara. Dalam pembicara, kami ada lebih 700 pembicara yang memperkenalkan pembicara untuk WOG, yang adalah pembicara dan pembicara dan memperkenalkan projek nasional strategik. Jadi, kami juga ada pembicara, pembicara digital, pembicara dan IoT, pembicara data dan AI, pembicara cyber dan infrastruktur. Dan pembicara pembicara, juga mengenai pembicara pembicara dari pembicara perjalanan ke kawasan komersial ke kawasan data, dan bahkan ke pembicara pembicara kepada semua pembicara publik. Dan kemudian adalah pembicara pembicara yang paling besar dari 3. Dan itu menggambarkan lebih dari hal kami sebenarnya. Pembicara pembicara pembicara sebenarnya menarik dengan mengenai teknologi lebih daripada 60% dari pembicara pembicara di Singapura. Dan akhirnya, pembicara cyber dan pembicara pembicara. Jadi, GavTech adalah pembicara yang berkawasan untuk kekawasan pembicara dan pembicara pembicara pembicara di GavTech sebenarnya. Jadi, untuk memastikan semua kerja yang kita lakukan adalah selamat dan benar-benar selamat, pembicara pembicara pembicara sebenarnya menggambarkan kekawasan Pembicara Pembicara dan pembicara pembicara di kawasan pembicara. Terima kasih, Isu. Selamat jalan. Jadi, kami akan juga suka mendapatkan anda untuk membantu kami di portu Pembicara Pembicara Singapura. Jadi, portu ini sebenarnya adalah satu perjalan untuk menjelaskan produk yang kita telapakan dan juga adalah dokumentasi yang anda mungkin mahu cuba. Jadi, sebuah dokumentasi mempunyai identiti digital nasional, gateway api, dan banyak-banyak lagi. Jadi, kami juga mempunyai pembicara komuniti semasa kita menjelaskan kekawasan Pembicara Pembicara Pembicara Pembicara yang seperti yang ini, pembicara pembicara dan video dan juga pembicara dari pembicara Pembicara Pembicara Pembicara Pembicara Pembicara Pembicara. Jadi, semasa portu ini sebenarnya dalam pembicara pembicara Jadi, tolonglah minumkan kami semasa pembicara pembicara pathetic aaak, jika anda adaporte mungkin apa yang anda mahu katakan lebih atau bagaimana kita boleh memb Jahr tutorial ein Peach lebih baik for kita, tolong jangan berhgn terima kasih harus kita Rashid Jadi, inilinear 1 menyokongokek So, some of our notable speakers will include Minister Vivian, Martin Fowler, Jin Kim, and many more as you can see on the screen. So, we actually have a thriving developer community in Singapore and even beyond. So, through SAC, we actually hope to encourage the developer community to share and learn together. So, and also over the years, GavTech has actually developed many products in consultation with community and getting at SAC 2020, it's really our chance to share some of these products and experiences with you. So, as you can see from the QR code on screen, registration is already open. So, you can just scan the QR code on screen to register your interest. Next, please issue. So, one very important thing that we would like to tell everyone is that during this period, we really want to support the tech community. So, if you can just scan the QR code now, you'll be able to see the full listing of jobs that we have. So, at the moment, we have about close to 400 perm and contract positions. So, you know, whether you're a software developer, software engineer, deaf engineer, or any other business analyst, you should be able to find something interesting. So, while some of the positions are for Singapore citizens and permanent residents, we are very open to considering foreigners with niche skill sets. So, if you know of any other friends who might be keen or have been displaced during this period, please share this link with them. Okay, and on to my next slide. Thanks, Ishu. So, finally, if you have not done so, please join us at the StackX community. So, as part of our commitment to engage developers and would-be techies like yourselves more, we actually formed the StackX community last year. So, you can just scan the QR code on screen now to join our StackX telegram channel. So, this is where we will share the latest information on deep dive StackX sessions with government as well as private sector professionals who will share on a really wide range of topics. And thank you very much for listening. This is the end of my introduction and we are excited to have Shane Wu from GavTech to share with us how he successfully took the plunge well into the tech industry from a non-tech background which some of you mentioned that you're interested in and also cross-tech domains in GavTech. So, thanks everyone again. Okay. Thank you, Joyce. So, these are the two speakers for us today. So, I will stop sharing my screen first so that Shane can share his screen. Okay, so, introduction of Shane first. So, Shane graduated from the NUS Business School in 2018 with a degree in Business Administration. Despite his non-technical background, he realized that he wasn't that interested in a traditional business career and wanted to pursue tech fortunately by picking up skills through self-study. He was able to make the leap to join the GavTech program. He spent the first two years as a cybersecurity specialist doing threat hunting under the government IT security and incident response team and has recently joined the data science and AI division as a quantitative analyst. This cross-domain exposure has given Shane valuable experience and a unique perspective of how tech can be degraded. And, yeah, take it away, Shane. Okay, thanks, Issue. Yeah, so, hi everyone. My name is Shane Wu. So, today I'll be sort of sharing with you guys to be a part of my journey. I think that they've already introduced a bit of my background. So, I won't go over that too much. But, yeah, so, I will say that I don't think that the experience is as grand-doy as the public. It kind of makes it out to be. I think each step along the way is like, you know, it's like one step at a time. I guess only when you look at it, it looks like it's quite a big difference. Okay, yeah, so as mentioned, I think that the first kind of unusual thing is that we graduated from NUS Business Administration. And this is, of course, not something, it's not a degree which you would expect someone working in a tech industry to have. And I recall that the reason why I even chose to do NUS Business in the first place was because honestly, I had no idea why I wanted to do for the rest of my life. So, the standard thing, if you don't know what you want to do, you choose a general degree because if you have a business degree, you can kind of do anything. So, that was kind of the thought process I had back then, right after I graduated and when I was in army. So, yeah, that's why I applied to a business. I will say it's fortunate because I sort of discovered the direction I wanted to go towards while studying business. But I mean it's fortunate that I discovered that interest, therefore I could take the steps to slowly pivot from doing pure disciplines towards trying to break into tech. And as mentioned, I have sort of like now across domain across two domains, cybersecurity and data science. And these are two domains which I think actually all the domains, if you think about it, they sound a little bit different. It's not sure where the overlap for these two sorts of skill sets at first glance. But I think that there are ways that there's a stronger overlap that might be first thought. Okay. So, let me talk a bit now of the details how exactly that sort of transition happen from that starting point from a new business undergrad. And I think that a lot of these principles will apply because I came from a non-traditional background with non-traditional, without the foundation. I didn't have that starting point of studying computer science or computer engineering. But I think what really made the difference is taking the effort to do those small things that show that you're interested in that transition. So taking the time out of your day to self-study or whatnot. I think that the details are the important steps. So in this tradition journey I think there's a few main point. The first key point is that when I was studying business there's quite a few different things that business school kind of features. There's like marketing, there's like finance, management, human resource kind of stuff. But one part of it related to supply chain management feel is more mathematical than more technical. I think nowadays also businesses in general are trying to leverage data trying to do data analysis more. So this was kind of like following those kind of thought process maybe to justify how to true certain business processes, how to optimize certain business processes. So that was like what business it is about. So there's some statistics and I found that one really very enjoyable because it's very quantitative and I mean I guess everyone here will also appreciate the quantitative things as opposed to the qualitative very fluff courses where you just say things and it's all about how you say things. So I mean that was sort of my direction of like hey I don't want to do all that qualitative stuff. And that's where the interest was. And then I mean even though the business group doesn't offer it so the first thing I did was I tried to take as many electives as I could to learn more about this. So the first thing was that I went to take statistics electives which I think like a lot of people in my cohort also looked at me like I was insane because who wants to do statistics. But then yeah so that's what I started and I wanted to do more business analytics. Then I realized to do business analytics you actually need some programming you need to know R in statistics so you need to deepen your technical capability and then I started to look into online courses. So actually if anyone here has not taken that step or doesn't have that foundation in computer science programming I would recommend CS50 or EDX because until now I think that this is by far the best online course I've ever taken. It's the productive value of this course is really quite safe. I can't believe it's free but of course the caveat is that it really takes up a lot of time because I think that the content is really heavy like I put here I think it could take at least more than two modules from NUS. So it's like twice the workload and it's heavy because it goes into all that detail that you need so I learnt low-level stuff like this arrays that kind of thing so I got a foundation so I think that one helped me so these kind of steps I get to build my general technical competency and then the next sort of important turning point then is that when I had internships because internships is how you from a technique like you know you try to translate things into actionable business you can actually work on them in real life so it's no longer theory it's now more technical stuff so the first internship I had with SingTel, I would say that I worked as a business analyst and it wasn't that technical but if I didn't have that first internship experience I probably wouldn't get the second one in one step at a time and I would say that the second one was where I saw after that transition I'm more comfortable saying that I'm technically capable so because before that it was all just like courses and stuff but when I was working here and unfortunately because of my boss at the time pushed me quite hard to work on a lot of different things so for example before that I had never touched Python but because they used Python I had to learn Python and then they were working with different databases to interact with the SQL databases I worked on building dashboards I even built a web app because I can't remember the reason why but she was trying to present some claims data on a web interface so I actually had to host that web so I built everything and you can run that small build and you show this is the different kinds of things and it's quite cool just having this diverse variety of experience and it's not enough it's very actionable so as mentioned that gave me the confidence to say hey, I'm actually building it in skills and I think because of that that allowed me to pass the graphic technical test because the test was in Python so if I didn't have Python probably wouldn't be in Python but even after I got in learning never ends because after all that transition from business to tech I still am now just in the interest of tech and especially my learning is pretty general so it's like I'm learning what computer science should learn but I joined cyber and it's quite a lot of cyber-specific knowledge that you need to learn and now I'm in data science and it's different but before I go into that I'll just talk a little bit about how cyber-security can work so a brief overview the different kinds of functions and cyber-security so cyber-security can be broad there's two main categories there's the red team and the red team is more offensive so basically it's hacking to test your defences so if you build a web app make sure that it's built securely I mean you're not going to go through line by line and then reread everything to make sure there's no errors so what they do is they have penetration testers that come in to hack your website to test if it's working or not and if they manage to hack in then of course they found a hole in so there's a way you need to go and fix that so that's basically how red team works and then there's the blue team it's the one where you set up your permitted defences correctly and you set up with firewall rules and then you monitor them so you want to see it's the network config and it'll look reasonable so you expect to see a certain rate of network config but it suddenly spikes maybe it's because it's in the DDoS so that kind of monitoring I will say though especially last time when I was telling people that I used to work in cyber-security and I sat in front of a monitor for 8 hours straight and I just stare at the screen and see if everything is okay but that's not why or even worse you're the guy who sets up the rules to say that you can't browse Google or you can't use Facebook at work because there's a security risk so I wasn't doing that actually I was interested in the incident response team which is it's a necessary function because most people don't think of this when they think of security so what exactly did I do in the incident response team what exactly is incident response about in GovTech we have this team the JITSA and basically what this team is it's kind of like the center of excellence for incident response so basically if there's a security incident in any agency then there's this central S team to handle that and then JITSA will be the one to investigate to see what happens and the whole purpose of this is that if there is a successful security breach then you do the analysis to understand how did this happen what did they get away with so it's kind of important to understand so it's kind of like a crime investigation in the digital space inside the incident response team there's quite a lot of specialized skills so for example digital forensics of malware analysis malware analysis if you have that malware you can try and run it or even reverse engineer it what is the program trying to do or even reverse actually scan the code to see what it's doing but the common skill set for this team is log analysis because everyone needs to read logs at some point because logs of what really mark down what the computer is doing and what anybody is doing on the computer and the interest and I raise this up because I think this is one example of where there's a carryover especially between cyber security because log suggest a form of data and having the ability to understand data the data literacy I mean it's a really common skill set because I'm comfortable with scanning logs I'm also comfortable with scanning in large data sets and understanding what's important to build my data sets what's important to the end user to optimize that kind of thing and there's also the processing of data if you want to suggest a lot from a lot of different agencies half the time they're not going to have the same format because they're all using different types of software or different versions but you have to still do the same thing so you have to build a very strong data pre-processing pipeline so for my team we use ELK but this is the same top process when you're doing data science you also have a very strong data processing pipeline data cleaning is 70% of the work so in that sense you don't hate it's actually surprising even though these two functional domains are very different okay so back to when I first joined after I first joined cyber security I first joined the incident response team I do want to say though it was kind of like a shock in some sense because when you do cyber security I think there's quite a lot of specialised knowledge that you need and maybe this kind of knowledge is taken for granted at some level because for example when you learn about networking protocols it's like okay you know computers can talk to computers or the internet is made out of TCP LAP, HTTP, this kind of thing I had absolutely zero knowledge of all of this when I first joined I think it was to the extent where if I remember correctly when I first joined the incident response team I did not even know the difference between private and public IPs so I had no idea you know there was specific ranges reserved so I was like what no wonder the IPs were looking the connections were following these rules that I had no idea so that's why I needed to learn all this kind of stuff quite quickly and I guess to make matters worse you don't only need to know what these kinds of things are you also need to know how they behave what is normal and what is abnormal so can you imagine you do any of this and then you join and then you actually ask to assist with the investigation but you know I had no idea where to start or this one so that was quite challenging I remember that so so I will say though I felt that that knowledge never really helped me that much even though I just said it's quite a challenge to learn about all these kind of things that's it I still felt like I could contribute even though I wasn't very strong in that aspect and I felt that I can contribute mainly because I will contribute by having a big picture view or a good analytical view of the process because you find these kinds of clues it's good to know you need the technical skills to identify but to put those clues put those clues together into a picture of what was the entire plan what were they trying to do that's different from the technical skills so the technical skills facilitate that but having that overarching view to put those different pieces together I felt like that was how I was going to contribute I feel like this is the skill that's probably more important because this is what comes next after you have that foundation I will say though it might be partially because but also partially because I had very good colleagues so I always knew that my colleagues at CSG they had no idea what this kind of specific malware was trying to do or I have no idea how does this system lock certain events and they will always be able to make that from whatever I didn't know so it sends me to cover for each other Aside from that, CSG was very good at learning I learned from my colleagues and I learned from them because they would always teach me whenever we did and worked together but I also learned a lot because the department as a whole has a very strong emphasis training security you take a lot of certifications you go for conferences and that really builds up the foundation on situational awareness so I felt being said for all this after looking back how much information was downloaded into me during the first year so other than that there's also opportunities for software skills if you're interested I'm not sure if everybody is interested in building up that presentation skills or what I'm doing right now but there's also opportunities for that because if you go for conferences or get stack we have some people presenting a stack or even internal presentation there's opportunity for development as well and looking back this incident response experience was quite a lot of fun because it's problem solving and if you're that person you like to solve problems you have that problem and you just want to solve it and it's an issue and you just keep doing it and that was how it was for me there's a time pressure to solve it but it's also I want to figure out how it's done and it's kind of like playing a game so I enjoyed that quite a lot so it's kind of shameless self plot I put this out here because those of you who are familiar with cybersecurity you might know of what capture the flags are CTFs so capture the flags are basically these are more routine events so the competition organisers typically they will host machines and inside the machines there are different flags maybe different files with different secrets or maybe you have to access certain folder those are flags and people compete with flags when hacking into the machines and getting privileges so that's how I think CTFs that originally occurred and I think they're still mainly along this line but there's also blue team CTFs so the one that I'm talking about here is called boss of the soft so in the picture you see that is me with my team when we were competing so we took this picture because we won the Singapore region so yeah I mean it's interesting it's quite a lot of fun to try this because you can but I mean I also somehow or other we were able to compete at Singapore do quite well there's also one that actually just happened recently the conference it just happened I think it's actually still ongoing but there's also another boss of the soft there which I went with the rest of my team and I won't say how well we did because that would be another self-pick but if you're interested in going I think the results are out okay so that is what I sort of experienced what I did in cybersecurity and now I've rotated to data science so data science achieved two main objectives the first objective is to assist in driving better decision making extracting the insights from data because I think there's a lot of data there's a lot of information locked up because there's a lot of data everywhere so if you're able to sort of unlock that information then we can make better policy decisions and the second main objective is to uplift the general capabilities of all government agencies or officers who assess analytics data so just democratise the data so everyone can do data analysis themselves and I think that me rotating from subscriptive to data science is quite unusual and it's quite interesting because this is like a living example that if you really wanted to at least within GovTech you can have this experience to try different equality centres because it might be just an impression but you can imagine if you do this outside really are you going to be able to switch from cyber to data it seems a bit professional that being said of course I don't think it was quite so easy because there's still a certain expectation for competency because when I wanted to rotate they gave me the same technical test that they give to all hires so it's like if you apply from outside or internally you still have to pass that technical test and but I mean I guess because of my background when it first started from as well interest because when I was in cyber I was still reading about I was able to keep up able to pass that test that's why I'm here now I haven't been here for that long because I only rotated out of cyber security into data science in August so right now it's been less than 3 months but even in that short time actually I think that this it's been surprising how much stuff that I learned in cyber has come in handy in data science and I think it's also because when you're in data science you don't just do data science work you have to do all that supporting stuff you need to be aware of networking like if you want to host your data science model on AWS for example then you need to know how the networking works and I really leveraged a lot of my knowledge from what I learned from cyber security because we had to learn all these things how they work to investigate them so I think that that was really surprising and I think as time goes on I might even find more ways that this kind of competencies overlap and in fact I think that previously I mentioned that the most important thing that I felt for doing instant response was that critical thinking and I feel that that's also a save in data science similar to data science if you want to build a machine learning model I think it's pretty straightforward you just have to package but what makes the difference between a good or bad data scientist it's not whether you can run the most long run but if you really understand the data and what problem you're trying to solve and that is still the same kind of thinking that is sort of like university applicable everywhere and the analogy that I used was that it doesn't really matter what programming language that you know but as long as you know how to program well it carries across all domains so I think that that's like one way that it shows how the thinking kind of carries forward and is useful to everyone yeah I mean okay and I think that was that's about it for my sharing so that brings me to the end my journey I'm not sure are we doing questions now or afterwards or afterwards okay that's about it for me thank you very much