As we move deeper into the digital age, the significance of cybersecurity cannot be overstated, particularly in Asia, a continent characterised by its diverse cultures and rapidly evolving economies. By 2025, fostering community cybersecurity readiness will be crucial for several reasons, including protecting economic stability, safeguarding cultural heritage, and enhancing social cohesion amidst the growing threats posed by cybercrime.
The SANS Institute
The SANS Institute, also known as The Escal Institute of Advanced Technologies, is a private, for-profit, organisation providing information and cybersecurity training and certification. Founded in 1989, its early days saw it as a cooperative for information security thought leadership. SANS Institute director of Strategy, Matthias Chia, says it has evolved over the years to provide cybersecurity awareness and training for organisations both public and private.
“We provide high-quality training, run public events, and offer certifications to validate the skills of cybersecurity professionals,” said Chia. He said that the SANS Technology Institute provides bachelor's and master's degree programs training up to 30,000 practitioners each year.
Status of cybersecurity awareness
Asked to describe the level of awareness and interest in cybersecurity among communities in Asia, Chia noted a growing interest in cybersecurity due to increased digital connectivity and notable incidents affecting daily life.
He cited a recent breach involving the Ministry of Education's mobile guardian in Singapore, which compromised student and parent information during exams, causing significant disruption. “This incident, along with rising ransomware attacks, highlights the real-life impacts of cybersecurity issues on communities, emphasising the need for greater awareness and preparedness in the region,” he opined.
Private-academia collaboration
Chia emphasised the importance of hands-on experience in cybersecurity education. He stated, “Cybersecurity is one of those fields where hands-on practical knowledge is critically important.” He highlighted the role of the SANS Institute, where instructors, who are active professionals in companies like CrowdStrike and Blackberry, share real-world experiences and lessons learned in the field.
Chia added that this practical training equips aspiring cybersecurity professionals with the skills they need for various job roles. He revealed that the Institute recently aligned its courses with the Cyber Security Agency of Singapore’s competency framework, ensuring that students know exactly what classes to take to meet industry requirements, thus strengthening the cybersecurity workforce at a national level.
The SANS Institute has matched its courses to job roles in the five different areas of competencies identified by the CSA. “Anyone looking to enter those job roles in the industry knows what classes they need to take. And this is at a national level, for anybody seeking operational technology jobs. They can take the classes that equip them with the right skills which are required by employers who are looking to hire in these roles,” Chia elaborated.
Measuring the impact of community engagement
Asked how organisations can measure the impact of community engagement in improving cybersecurity, awareness and practices, Chia revealed that the Institute counts the number of individuals accessing its educational resources including webcasts, webinars, live training events, and certifications.
“We do see a rising trend of people coming for these events, getting more educated, more aware,” said Chia. The SANS hosts around 30 training events annually and offers free community nights—short talks that provide essential cybersecurity knowledge to those unable to attend formal classes. Attendance at these events has grown from approximately 30-40 participants to 60-70, indicating increasing interest in cybersecurity education.
Chia emphasised that as the demand for cybersecurity professionals rises, so too does the positive impact of training on community awareness and practices, ultimately strengthening defences against cyber threats in the region.
Readying the millennial cybersecurity specialists
Chia acknowledged that while interest in the field is growing among young professionals, significant barriers to entry exist, particularly due to the necessity of professional certifications beyond a degree in information security.
“We can try and motivate them by reducing this barrier of entry,” revealed Chia. To address this, SANS has partnered with Cyber Youth Singapore to provide underprivileged youths access to affordable certifications and training. They have successfully reduced the cost of SANS courses, typically over $10,000, to just $100 through various sponsorships and scholarships.
“This initiative aims to equip young individuals with the necessary skills and certifications to enhance their job prospects in the cybersecurity industry, thereby fostering a new generation of skilled professionals ready to meet the demands of the field,” he added.
Accessibility to all
Chia acknowledges that access to cyber security training and facilities is not equally available to all, particularly those in underserved communities.
"Access to cybersecurity training sometimes is a matter of privilege," conceded Chia, revealing that while SANS is active in Asia Pacific, not all communities receive direct training. To address this, the Institute has partnered with SkillsFuture Singapore, which funds 50% of SANS courses to help Singaporeans acquire in-demand cybersecurity skills.
Additionally, SANS hosts free community nights in regions like Indonesia and Malaysia, aiming to give back to communities with the greatest need. They also provide recorded podcasts, webcasts, and webinars that anyone can access, ensuring broader reach.
“Through these initiatives, the SANS strives to improve equitable access to cybersecurity education and support the development of skills in underserved populations,” beamed Chia.
Recently, SANS signed a Memorandum of Understanding with the Association of Muslim Professionals in Singapore to encourage members of the Malay Muslim community to enter the cybersecurity field, recognising its growing demand.
This partnership aims to deliver tailored training programs, specifically a boot camp offering three SANS courses and GX certifications that align with the skills pathway established by the Cybersecurity Agency of Singapore and SkillsFuture.
With 13 employers committed to interviewing participants who obtain these certifications, the program provides a direct pathway into the cybersecurity industry. Chia highlighted that such strategic partnerships are essential for enhancing cybersecurity education and opportunities within local communities, making a meaningful impact on workforce development.
Strengthening national cybersecurity
When prodded on the role of public-private partnerships in strengthening national cybersecurity, Chia stated, "At the national level, governments have the opportunity to push certain agendas, including ensuring digital trust." He noted that SANS collaborates with various governments across the Asia Pacific, such as Singapore's Cyber Security Agency and Australia's Signals Directorate, to identify needs for strengthening cybersecurity efforts.
According to Chia, the focus areas include skills development, where SANS helps create competency roadmaps for citizens to enhance their cybersecurity skills. He also the other key aspect of workforce development, aimed at ensuring that businesses can trust the cybersecurity talent they hire, similar to professionalisation in finance or accounting.
Finally, Chia mentioned the importance of organising national-level exercises to test sector resilience against cyber incidents, ensuring preparedness for real-life scenarios.
“Through these partnerships, the SANS Institute aims to bolster national cybersecurity frameworks and build confidence among citizens and organisations alike.” Matthias Chia
Raising community awareness in 2025 and beyond
Asked to share his expectations for 2025, Chia emphasised the need for tailored actions to enhance community cybersecurity readiness across Asia Pacific. He highlighted two main calls to action for governments. He is adamant the importance of increasing cybersecurity awareness: “Even in the most cyber-mature communities, there’s a need to stay updated on the latest trends, attacks, and mitigations.” He stresses that the rapid evolution of cyber threats necessitates ongoing education for all citizens, especially in less mature countries.
Chia is calling for a critical assessment of the cybersecurity workforce. As the industry grows, it’s essential to ensure there are enough qualified professionals to defend against cyber threats. He noted that governments should evaluate whether they have the right capabilities and resources in place to respond effectively to potential attacks. Building trust between governments and the private sector is crucial for fostering these collaborations, allowing for effective solutions to be implemented over time.
Click on the PodChats player to listen to Chia hear on how to raise the cybersecurity readiness of the community in 2025.
- What is the SANS Institute in the context of cybersecurity?
- How would you assess the level of awareness and interest around cybersecurity among communities in Asia?
- In what ways can technology companies collaborate with educational institutions to enrich cybersecurity training?
- How can we measure the impact of community engagement in improving cybersecurity awareness and practices?
- What strategies can we implement to motivate young people to pursue careers in cybersecurity?
- Do you think there is, today, adequate and equitable access to cybersecurity training for all youth, especially in underserved communities?
- Recalling NIST’s efforts to partner with public and private organisations, can you elaborate on the role strategic partnerships play in enhancing cybersecurity resilience within local communities?
- At the national level, what is the role of public-private partnerships in strengthening national cybersecurity efforts?
- We are coming into 2025, any call to action for businesses, governments, and the communities of Asia in general on how everyone can contribute to raising community cybersecurity readiness in 2025?