SALUTATIONS
1. The Honourable Tuan Fabian Bigar
Secretary General, Ministry of Digital
2. The Honourable Dato’ Ts. Dr Haji Amirudin Abdul Wahab
Chief Executive Officer, CyberSecurity Malaysia
3. The Esteemed Tuan Soffian Mohammed Amin
Chief Programme Officer, Human Resource Development Corporation (HRD Corp)
4. Mr. Sanjay Bavisi
President and Chief Executive Officer, EC-Council
Representatives from Ministries and Government Agencies,
Distinguished Members of Industry and Academia,
Esteemed Members of the Media,
Ladies and Gentlemen.
Salam Perpaduan and Salam Malaysia MADANI.
1. I would like to express my highest appreciation to all who are present this morning at the Launch Ceremony of the Cyber Security Professional Capacity Development Programme – Certified Chief Information Security Officer (C|CISO). The implementation of this programme marks another strategic step in strengthening cyber security within the public sector and driving holistic digital transformation.
2. This programme would not have been possible without the vital role and commitment of CyberSecurity Malaysia as the implementing agency. The leadership and strategic initiatives championed by this agency are instrumental in shaping a robust and resilient national cyber security ecosystem.
3. In addition to focusing on technological aspects, CyberSecurity Malaysia also places strong emphasis on the development of highly skilled human capital—an essential prerequisite to support the nation’s progress in the digital era.
4. The implementation of this programme also reflects the strong collaboration among various key stakeholders. I would like to extend my sincere appreciation to the Ministry of Human Resources (KESUMA) and the Human Resource Development Corporation (HRD Corp) for their unwavering support, particularly in funding this initiative. The commitment and strategic investment from both parties are crucial to the success of a national-scale programme such as this.
CYBER SECURITY ACT 2024 (ACT 854)
Distinguished Guests, Ladies and Gentlemen,
5. On 26 August 2024, the Government officially enforced the Cyber Security Act 2024 (Act 854). The drafting and implementation of this Act mark a significant milestone in the nation’s efforts to enhance cyber space security, particularly in addressing increasingly complex threats to our national critical systems and infrastructure.
6. This Act establishes a clear and comprehensive regulatory framework for cyber security governance within the National Critical Information Infrastructure (NCII) sector. It outlines key requirements, including mandatory incident reporting, regular security audits, compliance with security standards, and the implementation of technical controls as prescribed by the Chief Executive of NACSA (National Cyber Security Agency).
7. In this regard, Act 854 is not merely reactive in addressing cyber threats—it is also proactive, placing strong emphasis on prevention, risk management, and the strengthening of comprehensive cyber security policies and strategies. The Act also demands a high level of accountability and transparency in the management of organisational information, positioning Malaysia on par with developed nations in terms of cyber security legislation.
THE NEED FOR QUALIFIED CYBERSECURITY WORKFORCE
8. In line with the implementation of this Act, Heads of National Critical Information Infrastructure (NCII) Sectors are responsible for developing and enforcing their respective organisation’s Cybersecurity Code of Practice, as outlined in the Directive of the Chief Executive of NACSA No. 7 of 2024. This Code of Practice requires strong technical capabilities, sound legal understanding, and high-level leadership competencies—thereby underscoring the urgent need for a qualified and professional cyber security workforce to ensure effective compliance and implementation of the Act.
9. The role of cybersecurity professionals, particularly those entrusted with the responsibility of safeguarding an organisation’s information security and technological infrastructure, is critically important. These individuals must not only understand legal and technical requirements, but also possess the ability to translate such requirements into systematic operational actions that are aligned with regulatory obligations and industry standards.
10. Therefore, the development of professional workforce capacity and competency must be elevated as a national agenda. Without the support of a skilled and certified workforce, the policies and laws that have been enacted risk failing in their implementation. Training, certification, and continuous development must be strengthened to ensure the successful enforcement of Act 854. 6 C-CISO PROGRAMME: THE STRATEGIC ROLE OF CISOs IN SUPPORTING THE IMPLEMENTATION OF ACT 854
11. Recognising this critical need, the Certified Chief Information Security Officer (C|CISO) Programme has been introduced as one of the key initiatives to strengthen information security leadership within organisations, particularly those operating in the national critical infrastructure sector.
12. This programme encompasses five key domains that form the foundation of a Chief Information Security Officer’s (CISO) core competencies:
a. Domain 1 focuses on governance, risk management, and compliance with legal requirements and industry standards;
b. Domain 2 involves the implementation of information security controls and the systematic and periodic management of audits;
c. Domain 3 covers the management of security programmes and the organisation’s day-to-day operations;
d. Domain 4 emphasises core technical skills and data protection strategies; while
e. Domain 5 involves strategic planning, financial and procurement management, as well as oversight of third-party engagements with the organisation.
13.As a Chief Information Security Officer (CISO), the individual holds a strategic role in ensuring the organisation’s compliance with the provisions under Act 854. This responsibility encompasses the formulation of cyber security policies, the implementation of effective technical controls, as well as comprehensive risk management and compliance oversight. The CISO is also entrusted with leading the organisation’s preparedness plan to address any cyber incidents through a structured and holistic approach.
14. In addition to regulatory and implementation responsibilities, the CISO also plays a vital role in driving a culture of security transformation within the organisation. This includes building workforce capability through continuous training and certification, as well as ensuring that all systems and technologies in use adhere to established security standards.
15.At the same time, the CISO serves as a strategic liaison between the government, industry, technology providers, and the National Critical Information Infrastructure (NCII) community. The success of Act 854’s implementation hinges on the credibility of the CISO as a competent leader—one who can respond swiftly in times of crisis and inspire public confidence in the nation’s digital security.
16. Overall, the implementation of the C|CISO programme not only supports NCII entities in meeting the requirements under Act 854, but also strengthens the nation’s preparedness in addressing today’s cyber security challenges. It represents a long-term investment in human capital development, shaping a cadre of strategic, dynamic, and future-ready digital leaders who will serve as the nation’s frontline defence in cyber security.
BUILDING A DYNAMIC & COLLABORATIVE CYBER ECOSYSTEM Distinguished Guests,
Ladies and Gentlemen,
17. In confronting the increasingly complex and borderless challenges of cyber security, it is clear that the Government cannot shoulder this responsibility alone. A comprehensive and responsive approach—one that involves close collaboration between government agencies, the private sector, technology providers, and training institutions—is essential.
18. To ensure an effective response to these threats, the nation requires a dynamic and collaborative cyber ecosystem. This entails strategic participation from public agencies, industry players, technology service providers, and professional training institutions. The entire value chain must be mobilised in a holistic manner to establish a robust, integrated, and forward-looking cyber security framework.
INVESTING IN EDUCATION AND TRAINING
19. Continued investment in internationally recognised training and certification will produce a competent cadre of cyber security professionals and enhance the nation’s resilience against cyber threats. This is a crucial step in safeguarding the digital sovereignty of the country.
20. I urge more ministries, government agencies, and sectoral leaders to take proactive steps in participating in the C|CISO Certification Programme. Such participation is essential in mainstreaming the 9 role of Chief Information Security Officers within the public sector as strategic leaders—not only with technical expertise, but also the capability to shape the organisation’s cyber security direction. This initiative will directly strengthen the sectoral responsibilities in securing the National Critical Information Infrastructure (NCII).
Distinguished Guests, Ladies and Gentlemen,
21. In the past, a nation's strength was measured by its military might. Today, it is defined by the security and trust placed in its digital systems. Digital defence is now the cornerstone of national prosperity and stability.
22. It is therefore my great pleasure to officially launch the Cyber Security Professional Capacity Development Programme – C|CISO Certification for Ministries and Government Agencies. May this initiative serve as a stepping stone towards a safer, more sustainable, and resilient digital future for our nation.
Thank you.
– END –