Digerati50: A hand at cyber-securing Malaysia
By Tan Jee Yee September 19, 2020
- Fong Choong Fook wishes he had paid attention to business classes in uni
- Became first cybersecurity testing lab TÜV established outside of Europe
Digital News Asia (DNA) continues its series that profiles 50 influencers who are helping shape Malaysia’s Digital Economy, from Digerati50 2020-2021 (Vol 4), a special biennial print publication released in July 2020. The digital copy can be downloaded from the sidebar link. The following article is an expanded version of the print version.
One can say that hacking is in Fong Choong Fook’s blood.
A 13-year old Fong had just received a PC from an uncle working in the IT industry, and an obsession in trying to beat video games with the highest score possible led him to begin hacking the games.
This early venture into programming gave him the necessary leg up when he went into IT in his tertiary education – and enough skill for him to access the back-end systems of his university in order to retrieve and decrypt an entire database of passwords, all to get back at bullies.
He landed his first job accessing the company’s website before his interview in order to sneak in the line “Candidate Number 2” on the webpage – the number he was scheduled to the interview as. He was hired on the spot.
Fong would gain more in-depth knowledge in computer security across the years, and would eventually work as part of the security team under British American Tobacco (BAT). It was a comfortable job, but to Fong, it was a prison.
Despite having little savings, and with his first born, Fong took the leap and started his own cybersecurity practice – LE Global Services (LGMS). It was, in most ways, a risky endeavour. “For me, anytime is the best timing,” he says.
Perhaps it was. 15 years later, LGMS is now the largest company in Malaysia specialising in cybersecurity tests and accreditation. The company has grown steadily over the years – more than two years ago, the company operated in a 2,000 square feet office with close to 16 staff members.
Today, their office encompasses 20,000 square feet with almost 100 employees, servicing clients both locally and internationally. LGMS’ clients include most major financial institutions in the country, as well as telecommunication operators and a large number of enterprises big and small.
First to receive ISO 27001 in ’09 & partner Germany’s TUV in ’20 for a lab outside Europe
They are also the first consulting company in Malaysia certified under ISO 27001 standard in 2009, which basically means that the company manages information and customer data is meeting international standards in terms of security. Fong himself was awarded Cybersecurity Professional of the Year 2016 by Cyber Security Malaysia.
2019 saw a few additional breakthroughs for the company. LGMS had signed a contract with Alibaba Cloud to be their first cybersecurity service provider outside of China, offering testing and certification over the cloud platform.
In March 2020, they started a joint venture with TÜV (Technischer Überwachungsverein) – one of the oldest certification organisation in the world – making LGMS the first cybersecurity testing lab TÜV has established outside of Europe.
A lot has happened over the past years for Fong, but the core business of LGMS remains the same. “Our business is very simple. In contrast to other cybersecurity firms, we only provide testing, certification and training. That makes it easy for us to specialise,” he says.
Their testing services, which include finding vulnerabilities within the systems of financial services, have now expanded to include IoT devices and product testing – among the systems they tested on are medical devices and naval shipping navigation systems.
LGMS isn’t just making sure systems are up to par security-wise, but people too. Two years ago, the company kickstarted the Asia Cybersecurity Exchange, an initiative to help fund and develop cybersecurity startups. While they haven’t yet found a startup they can back, the program have since managed to train almost 500 university students via its cybersecurity programs.
This is part of an initiative with MDEC, wherein MDEC would help seek students from universities who are suitable for the program, while LGMS sponsors the training. The program, which is free for the students selected, provides training through real-life case studies on top of advice and guidance through industry mentors. Promising students were even offered jobs at LGMS upon graduation.
The COVID-19 pandemic thankfully didn’t affect much of LGMS’ operations – Fong says that only larger projects and international projects saw delays, as he couldn’t fly out consultants to work on those projects.
As a whole, demand for cybersecurity has increased during the movement control order (MCO) period, as more businesses began moving their operations online and implementing work from home policies, thus turning to LGMS for consultancy and training. In fact, Fong says that they are now able to conduct more online training compared to before. “We are quite blessed for being in this industry,” he quips.
As for LGMS itself, the company has long been practicing working from home via a rotation system, where only certain teams are required to come to the office on certain days. “MCO has accelerated this process. Because we have established this earlier, switching to a complete work-from-home experience felt seamless,” Fong says.
Less time for himself and hobbies
Fong currently feels tired. He has been building LGMS into a business for 15 years now, managing the company as well as handling the technical aspects. He finds himself having less time for his pastimes now, which is difficult for a person with as varied in hobbies as he is. Fong used to spend weekends either going for motorcycle rides (he once rode for two weeks across the South Island side of New Zealand) or flying the drones he built himself.
“The company is going well, but I just need to juggle and balance my time,” he says. He does find enjoyment in running the company, but find the biggest thrills in technical work still. “It’s in my nature, I suppose. Given the chance, I would like to go back to teaching and coding.”
Cybersecurity is still a big motivator for Fong, who finds the satisfaction of helping people and organisations be more secure as a driving force. Fong says that, till today, the clients that they have helped in assessing their security needs, have not been hacked [touch wood].
“It’s a reminder for us to always provide thorough and comprehensive work for our client. We take our tests very seriously, because this is our core business: we don’t sell any software or hardware. What we sell is our expertise,” he says.
Fong wishes that he has paid more attention to business class during his university days, however. “An advice I would give any tech entrepreneur: whatever you do, don’t forget about business and accounting. These are essential knowledge,” he says. Fong is currently picking up additional business skills as they go along.
His knowledge in all matters of cybersecurity, however, has certainly helped with company management. “It’s because we get to see the trends that are coming – we understand them, and we know where things are headed. It helps us in charting the direction of the company.”