Visionary Leadership in Cybersecurity: Heng Mok’s Journey as Zscaler APJ CISO-in-Residence

Singapore, August 22, 2024—In an era where cybersecurity threats are becoming increasingly sophisticated, the role of a Chief Information Security Officer (CISO) has never been more critical. Heng Mok, CISO-in-Residence for Zscaler Asia-Pacific and Japan (APJ), stands out as a visionary leader in this field, combining a wealth of experience with a relentless commitment to innovation and learning. His journey through various industries, from financial services to government and telecommunications, has uniquely positioned him to navigate the complex and ever-changing landscape of cybersecurity. Heng’s approach is deeply rooted in his belief in pushing boundaries, adapting to new challenges, and fostering a culture of continuous learning, not just for himself, but for his entire team.

Heng’s insights into the cybersecurity industry are not just theoretical; they are born out of decades of hands-on experience across multiple sectors. His ability to translate this vast experience into practical strategies for combating cyber threats is what makes his leadership so impactful. At Zscaler, Heng plays a pivotal role in guiding both the company and its clients through the challenges of modern cybersecurity, advocating for innovative approaches such as Zero Trust architecture and the integration of advanced AI technologies. His story is one of adaptability, collaboration, and a deep understanding of the threats that businesses face today, making him a trusted authority in the APJ region’s cybersecurity landscape.

A Journey Driven by Curiosity and Continuous Learning

Heng Mok’s career trajectory is a testament to his relentless curiosity and desire to explore the unknown. Heng’s innate desire to “push boundaries, continually learn, adapt, and take risks” led him to cybersecurity, unlike many people who follow a linear path. This mindset naturally led him into the cybersecurity sector, which is known for its rapid evolution and constant demand for innovation. For Heng, the field of cybersecurity is one where the learning never stops, and this perpetual challenge has been a key motivator throughout his career.

The diversity of Heng’s experience across industries has been instrumental in shaping his approach as a CISO. Each role he has undertaken, whether in consulting, risk management, or strategy, has added a new layer of understanding to his overall approach. “The variety of roles I’ve undertaken, from consulting to risk management, architecture, and strategy, has enabled me to build a holistic view of cybersecurity,” Heng reflects. This broad perspective allows him to approach cybersecurity challenges with a comprehensive understanding, making his leadership not only effective but also deeply informed by real-world experience.

The Impact of Diverse Industry Experience

Heng’s extensive experience across multiple industries provides him with a unique perspective on cybersecurity. Having worked in financial services, government, and telecommunications, he has developed a deep understanding of the different challenges and requirements each sector faces. “The variety of roles I’ve undertaken has enabled me to build a holistic view of cybersecurity,” Heng explains. This experience allows him to draw on a vast reservoir of knowledge and apply it to his current role, where he navigates the complex and evolving cybersecurity landscape with a seasoned eye.

However, Heng is keenly aware that no single person can tackle the myriad challenges of cybersecurity alone. He emphasises the importance of building a strong, complementary team to achieve success. “The most crucial element is building a great team around you that complements the skills, approach, and experience necessary to succeed,” Heng asserts. This philosophy underpins his leadership style, ensuring that his team is not just skilled but also aligned in their approach to tackling cybersecurity challenges.

A Day in the Life of a Zscaler CISO-in-Residence

As the CISO-in-Residence at Zscaler, Heng’s role is as diverse as his background. He is part of a global team of former CISOs, each bringing their own experiences from managing cybersecurity functions at large, global companies. “We leverage our collective experiences to guide customers and prospects, understanding that cybersecurity is a team sport,” Heng says. This collaborative approach is central to Zscaler’s philosophy, recognising that no single entity has all the answers in the fight against cyber threats.

Heng’s day-to-day responsibilities involve working closely with clients to understand their unique challenges and develop tailored cybersecurity strategies. His role is not just about providing solutions but also about fostering a culture of continuous learning and adaptation. “Cybersecurity is a team sport, and a collective defense approach is required—we can always learn from each other,” Heng notes. This ethos of collaboration and shared knowledge is crucial in today’s rapidly evolving cybersecurity landscape, where the ability to adapt quickly can mean the difference between success and failure.

Addressing the Surge in Phishing Attacks in Singapore

The rise of Singapore as one of the top 10 originators of phishing attacks globally, as highlighted in Zscaler’s 2024 Phishing Report, is a matter of significant concern. This ranking is largely due to Singapore’s advanced digital infrastructure and its role as a financial hub in Asia, which makes it a prime target for cybercriminals. “The high level of connectivity, coupled with Singapore’s role as a data centre hub, has expanded the attack surface, making it an attractive target for cybercriminals,” Heng explains.

Heng advocates for a proactive cybersecurity strategy in light of these difficulties, particularly for sectors like manufacturing that are frequently the target of phishing attacks. He recommends adopting a “never trust, always verify” mindset, which is central to the Zero Trust approach. “Organisations must adopt a ‘never trust, always verify’ mindset by embracing a Zero Trust approach across people, processes, and technology,” Heng advises. This strategy ensures that every access request is thoroughly verified, thereby reducing the risk of compromise and enhancing overall cybersecurity resilience.

Leveraging AI to Combat Sophisticated Phishing Attacks

The integration of AI and deepfake technologies in phishing attacks represents a new frontier in cybersecurity challenges. Heng highlights the role of advanced technologies, such as AI-driven defenses, in mitigating these evolving threats. “AI-driven defenses are crucial in combating the evolving threat landscape,” Heng asserts. By implementing AI-powered phishing prevention controls, organisations can mitigate risks at multiple stages of the attack chain, from preventing access to suspicious websites to shutting down compromised users and preventing data loss.

Zscaler’s approach to leveraging AI is comprehensive, targeting every stage of the phishing attack chain. This includes using AI to inspect encrypted traffic, segment applications to limit lateral movement, and prevent data exfiltration through real-time inspection of data in motion. “AI-powered app segmentation limits the blast radius of a potential incident,” Heng notes, highlighting how these advanced technologies are essential for building a robust cybersecurity posture.

Guidance for Aspiring Cybersecurity Professionals

For newcomers to the cybersecurity field, Heng offers advise that is both practical and visionary. He encourages aspiring professionals to embrace a mindset of continuous learning and adaptation. “Continuously learn, adapt, and become an expert in your industry,” he advises. This deep understanding of the business is crucial for translating potential threats into effective risk mitigation strategies.

Heng also emphasises the importance of fostering a collective responsibility for cybersecurity within organisations. “Cybersecurity should not just be the responsibility of the security team but everyone’s responsibility,” he stresses. By cultivating a culture of security awareness and transparency, organisations can better equip themselves to face the evolving threats of the APJ region. Heng’s guidance underscores the need for a holistic approach to cybersecurity, where every member of an organisation plays a role in maintaining security.

Heng Mok’s journey through the multifaceted world of cybersecurity serves as a powerful example of how continuous learning, adaptability, and collaborative leadership can drive success in an ever-evolving industry. His insights, drawn from years of experience across various sectors, underline the importance of a holistic approach to cybersecurity—one that leverages advanced technologies like AI and Zero Trust architecture to stay ahead of emerging threats. Heng’s leadership at Zscaler not only helps safeguard organisations in the APJ region but also inspires the next generation of cybersecurity professionals to embrace the challenges of this dynamic field.

For those interested in connecting with Heng Mok and learning more about his work, you can reach out to him directly on LinkedIn. Engaging with thought leaders like Heng is a valuable opportunity to gain deeper insights into the world of cybersecurity and explore ways to enhance your own organisation’s security posture.