Building Cyber Resilience Through People: An Interview with Red Alpha’s CISO-in-Residence, Tzer Yeu Pang

The concept of cybersecurity is undergoing a radical redefine in today’s increasingly volatile digital environment, where every click and connection can lead to either opportunity or threat. Yet for Tzer Yeu Pang, CISO-in-Residence at Red Alpha Cybersecurity, the heart of defence is not found in firewalls or frameworks; it lies in people.

With a distinguished career spanning national defence, media ecosystems, and now talent development, Mr Pang offers a unique, multidimensional perspective on what it truly means to build cyber resilience. We sat down with him to explore his journey from safeguarding military infrastructure to mentoring Singapore’s next generation of cyber defenders.

Security: Different Priorities, Same Fundamentals

Mr Pang’s trajectory began in the Singapore Armed Forces and MINDEF, where Confidentiality was the cornerstone of his work in safeguarding national infrastructure. As he transitioned to Mediacorp, the media landscape emphasised availability—ensuring uninterrupted access to content and communications. While these environments could not be more different in their day-to-day operations, Mr Pang maintains that “the definition of ‘security’ itself has not evolved. The core pillars of cybersecurity—confidentiality, integrity, and availability (the CIA triad)—remain unchanged.”

What has evolved, according to him, is the relative emphasis placed on each of the CIA components, dictated by the operational context. In military settings, Confidentiality was paramount, bolstered by strong system Integrity and operational Availability. Conversely, in media, the focus shifted towards always-on platforms that deliver news in real-time. “Priorities may change; however, the fundamentals stay the same.”

From Fortresses to Futures: Investing in People

Few would expect a high-ranking defence strategist to pivot towards talent development. Yet for Mr Pang, the transition was less a career switch and more a natural extension of his belief in people as the backbone of cybersecurity. “Cybersecurity is driven by people, not systems,” he asserts. “Even the best tools are ineffective without the right talent.”

This philosophy took root during his time developing Singapore’s Cybersecurity Manpower Pipeline, in partnership with the Cyber Security Agency of Singapore. One of the flagship efforts from this collaboration was the Cyber NSF scheme, which gave full-time national servicemen (NSFs) the opportunity to serve in cybersecurity roles aligned with their skill sets. “This initiative not only enhanced operational efficacy but also addressed manpower issues by providing continuous support between education, National Service, and the workforce,” Mr Pang explains.

The Talent Gap: More Than Just Numbers

Despite major investments in recruitment and training, the cybersecurity talent gap continues to be a pressing concern. Mr Pang believes that the issue goes far deeper than merely filling roles. “The cybersecurity talent gap goes beyond headcount considerations,” he says, identifying systemic challenges across the ecosystem.

He points to Singapore’s academic streaming as one example. “Some individuals enter cybersecurity careers influenced by factors such as family expectations rather than personal interest in the field. Meanwhile, others who may have strong enthusiasm for cybersecurity might face different barriers to entry.”

Another concern lies in the disconnect between academic preparation and industry demands. The rapid pace of change in cybersecurity means that curriculum development often lags behind real-world needs. “By the time students complete their education, new cybersecurity methodologies and technologies may have emerged in the industry,” he notes. This creates a demand for just-in-time (JIT) training and ongoing upskilling that traditional education alone cannot meet.

Learning by Doing: The Red Alpha Approach

Red Alpha distinguishes itself through a strong emphasis on hands-on, experiential learning. “Cybersecurity is fundamentally a hands-on discipline; it cannot be mastered through theory alone,” Pang states. He illustrates the point with a vivid recollection of a past incident, “I remember sitting in a room full of vendor ‘experts’ speculating about an incident’s root cause. Meanwhile, one of Red Alpha’s engineers calmly mapped system connections, walked through real-time observations of the system’s behaviour, and methodically identified and resolved the root cause of the issue.”

For Mr Pang, this scenario perfectly demonstrates the value of practical skills over credentials. “Certifications can serve as a basic filter. They demonstrate an individual’s commitment to meeting a minimum standard. However, they are not proof of real-world capability. Hiring based solely on certifications risks overlooking both underqualified candidates and high-potential talent without the paper credentials.”

The Human Side of Cyber Defence

As much as cybersecurity demands technical expertise, it also hinges on human understanding. Mr Pang emphasises that cyber threats exploit psychological weaknesses, such as fear, fatigue, and bias. “Cybersecurity is not just a technical issue; it is a human one. It is important to acknowledge that there is an adversary on the other side, actively seeking vulnerabilities: in systems, in interfaces, and especially in people.”

He calls for cyber defenders to cultivate an attacker’s mindset while also understanding their organisation’s goals and constraints. “To stay ahead, cyber defenders must adopt an attacker’s mindset. They must anticipate and proactively outmanoeuvre potential threats. But this is only part of the solution. Cyber defenders must also develop a deeper understanding of the business goals, risks, and constraints. Only then can they make informed decisions and communicate security measures more effectively.”

In his view, success in this field increasingly depends on collaboration. “Cybersecurity is a team sport, not just within the organisation but across the entire ecosystem, including peers, juniors, seniors, and even regulators.”

Advice for Aspiring Cyber Professionals

To those intimidated by the field, especially individuals from non-technical backgrounds, Mr Pang offers an encouraging and inclusive message. “Curiosity drives the desire to understand how systems work and how they can be broken,” he says. “Determination ensures individuals don’t give up when answers aren’t obvious or when problems seem unsolvable.”

But curiosity and determination must be paired with decisiveness. “An action-oriented mindset means these individuals can move quickly from insight to intervention, a critical capability in a field where speed and adaptability often make the difference.”

When asked about a single principle he would impart to the future leaders of cybersecurity, he stated without hesitation, “Stay curious, and do not isolate yourself. The complexity of future threats will demand collaboration,” he advises.

He stressed the importance of community and relationship building. “Make time to build relationships, share knowledge, and learn from others. The strongest defenders in this field will not just master the technology; they will know how to build trust, forge alliances, and create strategies that win as a team.”

Connect with Tzer Yeu Pang on LinkedIn

Tzer Yeu Pang is redefining cyber leadership with his unique blend of defence acumen and mentorship. As the digital threat landscape evolves, so too must our approach to resilience – and his vision offers both a map and a mirror. To follow his journey and insights, connect with him on LinkedIn.