This interview is part of GovInsider’s inaugural Cybersecurity Champions report featuring public sector cybersecurity officials around the world.
Please give a brief description of your job function as a cybersecurity professional, as well as what your organisation does.
As the Director of the Cyber Cooperation Office at the National Cyber Security Agency (NCSA), Thailand, my role involves overseeing both domestic and international cybersecurity coordination.
This includes managing partnerships with international cybersecurity organisations and ensuring Thailand’s cybersecurity strategies align with global standards. Domestically, I work to integrate cybersecurity policies and foster collaboration across governmental sectors, private industries, and critical infrastructure.
NCSA is responsible for safeguarding the nation’s critical infrastructure, developing cybersecurity policies, improving cybersecurity awareness, and responding to cyber incidents.
We also work globally to strengthen national resilience through cooperation and information sharing.
What kind of cyber threats does your organisation face on a regular basis?
NCSA regularly faces various cyber threats, including ransomware, phishing attacks, and exploitation of vulnerabilities in critical infrastructure.
Our focus is on securing the nation’s Critical Information Infrastructure (CII). Collaborating with government agencies, regulators, and private sector partners is essential to mitigate risks.
We also face cross-border cyber threats and work internationally to strengthen cybersecurity defense mechanisms, share threat intelligence, and implement joint strategies.
In your view, what are the biggest threats and challenges (be it in the network layer, and/or in areas such as scams, phishing and identity theft) in the public sector cybersecurity scene globally?
One of the biggest challenges in the public sector cybersecurity space globally is the increasing sophistication of cyberattacks, including phishing, ransomware, and identity theft.
As governments and public institutions adopt more digital technologies, their systems become increasingly vulnerable to exploitation by cybercriminals. Another challenge is the need for improved cybersecurity awareness and training for staff at all levels.
Ensuring that critical systems and sensitive data are protected requires a coordinated effort across sectors, better security practices, and a culture of vigilance to mitigate these risks.
To subscribe to the GovInsider bulletin, click here.
Many say that we are entering an age of AI-driven cyberwarfare where both hackers and cybersecurity professionals use AI tools for attack and defence. What is your view?
AI is rapidly transforming the cybersecurity landscape, enabling both attackers and defenders to enhance their capabilities.
Hackers use AI to automate attacks, develop more sophisticated phishing schemes, and exploit vulnerabilities faster.
On the defence side, AI is crucial in identifying threats, detecting anomalies, and responding to incidents in real time.
We must ensure responsible use of AI, while continuously adapting our defences to stay ahead of adversaries.
Cybersecurity is often described as a team sport whereby a network’s vulnerability is often defined by its weakest link. In this context, how important is having a whole-of-government or whole-of-country cybersecurity posture?
A whole-of-government and whole-of-country cybersecurity posture is crucial for minimising risks and building resilience against cyber threats.
Cybersecurity is most effective when all sectors – government, critical industries, and regulators—work together to address vulnerabilities and share information.
By fostering collaboration and aligning efforts across all levels, we can ensure that no sector is left behind, reducing the potential for a single point of failure.
This collective approach strengthens the entire system, enhances threat detection, and improves the ability to respond to incidents quickly and effectively.
An often-repeated point in the cybersecurity sector is what your Plan B is after your network is breached. Can you share your point of view on this aspect?
Having a robust Plan B after a network breach is critical. This plan must include effective incident detection, response, and recovery protocols that involve coordination across government, CII sectors, and regulators.
Once a breach occurs, the focus is on containing the attack, isolating affected systems, and limiting the impact. Communication with stakeholders, including CII providers and regulatory bodies, is essential to restore services quickly and manage public trust.
Post-breach analysis helps identify weaknesses, reinforce security measures, and improve our national response capabilities, ensuring stronger defences moving forward.
If your organisation gave you an unlimited budget for cyber defence, what would you spend it on?
With an unlimited budget, I would focus on enhancing our cybersecurity infrastructure through advanced threat detection systems, AI-driven security tools, and robust training programs for professionals.
I would prioritise expanding our cybersecurity workforce and improving collaboration between government agencies, regulatory bodies, and critical sectors.
Additionally, strengthening international partnerships and information sharing would be a key investment to address global cyber threats.
The overall goal would be to ensure a more resilient, adaptive cybersecurity posture that can effectively respond to current and emerging challenges.
What brought you to this profession and what do you love the most in your job and what would you like to improve?
I didn’t set out to work in cybersecurity, but I gradually found myself drawn to it through my interest in policy, coordination, and how technology shapes the world around us.
It can be an intimidating space, especially for women, but I’ve learned that leadership in this field isn’t only about technical expertise. What I enjoy most is working with people – connecting different agencies, cultures, and ideas to move things forward.
If there’s something I’d like to keep improving, it’s how we make cybersecurity feel more approachable, and how we encourage more women and young professionals to see themselves in this field.
The lack of qualified cybersecurity professionals is a global problem, how do you think this can be overcome?
To overcome the shortage of qualified cybersecurity professionals, we need to invest in education, training, and awareness programs.
Encouraging individuals to pursue careers in cybersecurity through internships, scholarships, and mentorship programs can help bridge the skills gap. Additionally, promoting diversity within the field and fostering international collaboration will bring new perspectives and solutions.
Governments, educational institutions, and the private sector must work together to create accessible training opportunities and certifications, ensuring that the next generation of cybersecurity professionals is well-equipped to handle emerging challenges.
If you had a chance to restart your career from scratch, would you still want to be cybersecurity professional and why?
Yes, I would still choose to be a cybersecurity professional. The field is ever evolving, offering continuous opportunities for learning and growth.
The ability to contribute to securing critical infrastructure and protecting society from cyber threats is incredibly rewarding.
Cybersecurity remains a vital and impactful area where professionals can make a significant difference in ensuring the resilience and security of digital systems.
The challenges are stimulating, and the work we do has a direct effect on national and global security.
