Theos Cybernova Ep. 2 - Dicky Wong: From Cybercrime Investigator to Private Sector Leader

Show Notes

How do you transition from public service to a leadership role in the private sector? It’s a journey filled with challenges, opportunities, and lessons that few have mastered.

Former Hong Kong police officer and cybersecurity leader Dicky Wong has walked this path. From investigating cybercrime and protecting critical infrastructure to leading as Head of Cybersecurity and Technology Risk for a major corporation, Dickie brings a unique perspective to the ever-evolving world of cybersecurity.

In this compelling conversation, Dicky shares his journey, from his early days in law enforcement to his rise in the private sector. He dives into the differences between public and private roles, the global cybersecurity talent gap, and how passion and proactive leadership can make all the difference.

Whether you’re considering a career shift or seeking inspiration in the field of cybersecurity, this episode of Theos Cybernova delivers invaluable insights.

About Dicky Wong:

Dicky Wong
Head of Cyber Security and Technology Risk, New World Corporate Services (a New World Group Member)

Dicky Wong oversees technology risk, cyber security compliance, and management across New World Corporate Services, spearheading the design and implementation of a robust risk framework for all business units.

A recipient of the prestigious CSO TOP 30 ASEAN 2024 award, Dicky is recognized for his exceptional contributions to the field. He also serves as the Principal Consultant for Cyber Security at Kai Tak Sports Park, Hong Kong’s new national stadium and a critical infrastructure asset, where he ensures the implementation of top-tier protection systems aligned with national security standards.

Production Credits:

Presented by: Paul Jackson
Studio Engineer & Editor: Roy D'Monte
Executive Producers: Paul Jackson and Ian Carless
Co-produced by: Theos Cyber and W4 Podcast Studio

Transcript

 Wherever you are in the world, hello and welcome to Theos Cybernova Podcasts. Before we begin, I've got a quick favour to ask from you. There's one simple way that you could support our show, and that's by hitting the follow or subscribe buttons on the app that you're listening to the show on right now.

It makes a huge difference in helping to get the show out there. to as many people as possible. So please, please give us a hand and click that button now. Thank you very much. 

The Theos Cybernova podcast hosted by Paul Jackson. So here we are with the second episode of Theos Cybernova podcast. I'm Paul Jackson, and each week we are digging into the latest trends, challenges, innovations that are shaping the cybersecurity landscape, as well as talking to a fantastic mix of leading industry experts, thought leaders, and technologists. 

So whether you're a professional in the field or simply curious about staying safe in the digital age, we hope that Theos Cybernova will offer up valuable knowledge and actionable insights for everyone.  So here we are. And our guest today is the one and only Mr. Dickie Wong. Thank you very much, Paul.

Thanks for having me.  It's a real pleasure having you on here. So, , by way of explanation, myself and Dickie go back quite some way. And, , Dickie, are you still playing rugby?  , I try to, but you know, as age getting by and try to stay more, spend more time on the side of the field and drinking beer, I think that's more, more enjoyable now. 

Very sensible. You're not as old as me yet, Dickie, but that's certainly very sensible.  But seriously, we're here today to talk about cyber and, , Dickie and myself, we're both former Hong Kong police officers.  And today's focus is going to be on that transition from the public sector to the private sector and, , no better person to talk to about this than Dickie and, , but first of all, tell us a little bit about yourself, Dickie.

Tell us about your, your personal story, how you got to where you are now. Sure. , thanks very much, Paul. , let's go back to how I begin my. career. So I'm not an IT background, , educator. I didn't get my degree in IT or computer science. I studied management and economics. So, , it would be kind of a surprising for many of you guys.

And when I graduated, I actually joined, , Bloomberg, , one of the financial,  , Fender Institute.  And then I started to notice that the vet, the traders and the salespeople or the analysts that I serve,  it's all using technology to help their work. , obviously they're very smart, but in some way they quite rely on technology to helping them to make decisions.

So that's where I started my interest on knowing more tech and it.  , but then, , after a few years,  , being an Asian kid, and my dad was also a former police officer, and you guys would guess that, , as a dad will always ask you, hey, son, follow the footstep of the dad. So then I'm like, okay, I give up finance and then I changed to a completely different view.

be a finance guy and going to be a law enforcement. So I went through all this, u , general training where you do physical  u  , studying law and all that stuff. No IT, nothing at all. But then after I graduated, I passed out from the police college. I was assigned it to the frontline for a year and a bit.

And then suddenly one day,  , this new cyber security and technology crime bureau, , Was recruiting people and opportunity came again. So then I put my hand up and I went for, through all the interviews and then I got selected. , at that time I had no idea what cybersecurity was about, but Hey, that was pretty much the department that's closest to information technology.

So then I thought, why not? Let's give it a try and see where we end up. And that's where my cybersecurity, , career begins. And then. The first role that I was placed to was doing technology crime investigations, , where I would have to investigate a cyber hacking or cyber enabled crime to try to lock down cyber criminals.

And as it goes by, I learned As the job goes and after a year or so, I was assigned it to be the head of cyber security and, , operation centers in, in the police force, looking at the critical infrastructures in Hong Kong. And then on my last post was the chief information security officer for the Hong Kong police force.

And then after 11 years spending in the police force, 95 percent doing cyber. And then now I'm working as the head of cyber security and. Technology risk for New World Development Hong Kong, which is a one of the conglomerates in Hong Kong. So here's where's my career fantastic. But before we move on to that transition, where did you get that posh English accent from? 

Well, I try to, I still try to keep it. , so my parents sent me to UK when I was nine years old and then I was a country boy.  , as you can imagine, it's just like, Big old Harry Potter school type and outsides like playing field rugby field And that's where I was being grown up with so that's where I picked up my accent Fair enough, but on the serious note again you like myself made that transition from the public sector from law enforcement from government into a very Challenging position in the private sector and I know many of our listeners will be currently in government and contemplating maybe making that big step, you know, into the private sector and feeling perhaps, is it daunting?

Is it too much for me? Is it too difficult? Is it something that, you know, I'm not going to be able to handle? , did you have any of those kinds of pressures when you were thinking about leaving the police? , there's a lot of questions, but before answering those, I think my biggest challenge was try to persuade and tell my dad I'm leaving the police.

That was the toughest. toughest job for me to do. , but yeah, going back to your questions,  , working cyber for law enforcement agencies and comparing to the private sector is completely different angle, , when you're working in a government, yes, you could be treating it as like a comfortable job or not comfortable, but a secure job.

And you just make sure you don't make any big, big, big mistake. Then you will still get your job. Right. But for me, it was slightly different. Instead of thinking about all the challenges or the questions that you raised just now,  I took everything as a challenge in a positive way, meaning, , yes, I know it will be tough and hard work. 

, need a lot of dedication when you come to the private sector. But I think as I was looking for a new challenge, , in, in my career at that time, because as technology goes by, you know, There's a lot of new things that I want to learn. I want to see, I want to experience, which sometime, , if you're working in a law enforcement agencies, you know, you might not be able to be the most  upfront, trying new technologies.

And hence, I know I have to change my environment and upgrades that challenge, try new things. And I just took it forward instead of just, you know, wearing it on a daily basis. That's really interesting. And, , so when you actually made the move on your say day one, I mean, , what do you think gave you those qualities?

What do you think was it about you that gave you that necessary quality to be a chief information security officer?  , to  be honest, I'm not a very title loving kind of person. I just, I always believe in.  Your title is not something for you to show off or flash. It's just a responsibility that you need to bear in with you.

And I think that's, , a good character about myself is  I always take on responsibility more actively than passively, meaning I don't have. To wait for people or my boss or my management tell me, Hey Dickie, because you're in this seat, you need to do this. I will always be upfront, trying to take on more responsibility to do a better good for the company.

And I think this is one of the qualities that my management also saw in me as well. And I adopt that, , Attitude or personality is actually from playing rugby actually, , as I'm sure Paul, you might know on the field, whether you're a captain or not, but your coach, your captain will always say, , everyone should take on responsibility of being their own captain and captain for the team.

And if you have that mindset, all 15 guys on the field, you, it's going to make a big, big difference when you're playing a competitive game.  That's a great way of putting it because rugby is all about discipline, isn't it? It's all about, you know, , taking on that responsibility and shouldering it and not, , you know, not avoiding responsibility.

So yeah, very, very good point. Do you find it frustrating at all? You know, cause obviously you'll see attacks on your organization coming in and you wish you had the power now to follow up and, , and investigate, you know, with your police powers, Yeah. , I mean, I do you, we, in some way I still have that DNA in me, wanted to do the investigation and everything.

, although now I don't have the authority, I don't have the power to do so. So how I would go about it, I would just leverage all my connections, my friends around us to, me to, Maybe make my life a lot easier or try to achieve to the place that the goal or objective that I want to do. , but because now we in a different role, private sector has their own limitation, public sector also has their own limitation.

And that's where I always emphasize on collaboration is very, very important because not one person can do everything and do anything, everything together. So you need to work as a team from different sector, different role, different title to achieve the goal.  Yeah, so you touched on a very important point there when you talked about collaboration and we often hear the jargon public private partnerships. 

However, you know, it never seems to quite work, does it? You know, what are the challenges we face in trying to get experts like yourself, like myself, in the private sector working better with the government bodies?  Yeah, , I will not say it doesn't work well, depending on which country or what What kind of, which area you're from.

If you're looking at global perspective, , public private partnership has been adopted across different countries, like the US, UK, Netherlands, Japan, Hong Kong, anywhere you name it. But I think the, the only way, or the challenge that's not making  100 percent utilize or maximize is sometimes a culture, sometimes culture.

And second is, okay, now we have the public sector who's expert in doing law enforcement and driving policies. Now we have private sector who's professional,  , in technical, in technical know how and everything like yourself and I. Okay. So, but then we still need someone in the middle  can create that balance of making the,  Perfect match  instead of just like private sector come and talk to the public sector and say, Hey, we're going to do collaboration and everyone's like, yeah, okay, everyone let's collaborate, but how, what to do?

, how do we strike a balance? How do I avoid conflict? And I think it's the middle men that we, a lot of places still searching for.  Perfect one. Yeah, I tend to agree with you on that. So I think one of the challenges as well with the law enforcement is the revolving door, because they, they either leave the force for better opportunities like yourself, or they are moved on because of promotions, etc.

So is it a challenge? I mean, because I've left the force 14 years ago, right? You're more recently out, I think a couple of years, right? And,  you know, do you see this as a problem that the fact that somebody you might build a relationship with in the in the In the cybercrime team, suddenly they're moved into a completely different department.

Yeah, I think it's, it's, that is definitely a nature in challenge for public, for law enforcement agencies.  , just to give the audience a bit of a background within the police force,  , you cannot stay in the, in the same role or same department more than four years because you try to avoid to create that,  , Bias or conflict of interest.

That's the whole organization. That's what they have. So that's why when people are trained up with a skill set and then it takes time and then after four years, okay, now you've got your, all your skillset, but you have to move on and then that's it. And there's no legacy, no one's following up. And. Yeah, it's a shame to see things are moving out so quickly and no one picking up and the continuity is not there.

And in the past, I understand the force they have tried to extend this. If you're working in cybersecurity and technology crime bureau, it's because it's a special bureau that requires special skillset. They try to extend to eight years  of a service. Now, , in some way it's good, But in,  , sometime when you're doing a promotion, people may not like it as much because you would think, oh, you're so narrow into what you do because at the end of the day, you're a police force, right?

You're not a cyber, cyber dedicated, ,h,  , police officer. So there's a good and bad about it. But I think  the hardest part is to keeping  those trained officers to stay within the police force. That's the hard one because now the market is so much in demand of, , cyber security personnel. So a lot of officers will get trained, get their self, , certified in certain areas, and then they will leave the police force because they will see more opportunity out there.

And I think that's more challenging than just  Not getting them rotating to another police department.  Yeah, I think you're right there, Dickie. It's going to be, look, it's not just the Hong Kong police either. This is a perennial challenge for any government body or any police force all around the world.

So it's a difficult one to overcome. Do you think that perhaps,  , , police officers, , you know, they should do better in terms, or sorry, police forces should do better in terms of this retention by changing their strategy. I mean, you mentioned about this four year rotation.  By the end of four years, you're only just beginning to become an expert really in cyber.

So that's surely not, not beneficial at all. , and should forces consider bringing in specialists that are maybe not sworn police officers that are just pure technology specialists. Do you think that's the way that the forces need to go perhaps? Yeah, I actually quite agree and buy towards this idea. , why?

There are a couple of reasons, because when you are purely trained up as a general string police officer, moving into the cyber department, at the end of the day, your DNA is still very fully intact. Equipped and run in a police sense, and you're so lacking from what the reality or not the reality, what the whole industry is needing.

So, I think  that's one of the very good way to bring in specialist or consultant, cyber security consultant from the private sector to give a different angle, give a bit of a support, telling the senior management what to do and how to do a combat cyber crime. I think that's a, that's a, that's a good.  , opportunity and good method or initiative to have definitely got it.

Got it. Yeah. One question I often get asked is,  , who makes a better cyber crime investigator? Is it a technologist that you trained to be a police investigator? Or is it a police investigator with experience who you trained to be a technologist?  Oh, that's a very tough question. , I think,  I mean, you and I know very well,  not all police officers can be a good detective.

You know, it's, it's, it's, it comes with sense. We come with your sensitivity and it comes with your observation and everything. , and so on. So I think there's no one dedicated figure or character that, that can achieve the best. Again, it has to come with collaboration. Collaboration meaning some people are very good at technical, some people are very good at detail observant, looking at evidence.

So imagine if you have a team, , have a diverse capabilities, and those capabilities, when you gather all them together, that will make a very strong cyber team. So there's not one specific character. Again, it's a teamwork. Yeah. Yeah. No, I, I, yeah, I think you, you nailed it there. , so let's, let's change tack a little bit.

, because as you're well aware, you know, Hong Kong is introducing perhaps some would say belatedly a little bit, you,  , , legislation, , around critical infrastructure, cybersecurity for critical, critical infrastructures. , what's your views on this and do you think it's going to, , enhance the overall cybersecurity posture of Hong Kong?

Yeah, I think,  , to, to start that off, I 100 percent agree with this new bill coming in.  , Going back a bit of a history of myself, , earlier I mentioned I was the head of Cyber Security Operations Center in 2016. And my role was to looking after the critical infrastructure of Hong Kong Network System.

So critical infrastructure is not something new to me. And. By looking at critical infrastructure, actually, we have to understand the spirit and the nature of critical infrastructure, such as the rail system, airport, and stuff like that. And we've got to understand why those are the areas that is named as critical infrastructure, because if their system gets damaged, then it will affect the national security and the public safety.

And hence, that's why they're very, very important. And. With the government introducing this new law, I think it was, it's going to enhance the overall awareness by organizations about the importance of cybersecurity. Now looking at this digital era, like every single organization for the past years, you'll hear they're going through a digital transformation or digitalization.

Those are the two words that everyone's trying to use to enhance their operation efficiency and stuff like that. So imagine you're every single company is adopting so many new technologies and sometimes the management don't even know. The level of risk that they are in, they just thought that, okay, we have an IT team.

Okay, that's it. Everything is done. But cyber is still something being neglected, , sadly to say. So I think with new, this new law coming in, I think it's going to change a lot of, , mindset of senior management on organization and for Hong Kong, definitely. That's, yeah, I definitely agree with you on that.

Do you think there's enough skill sets in Hong Kong though? Because it's going to drive demand for cybersecurity skill sets and is there, does it really exist in Hong Kong? Is there enough talent out there?  , I can tell you in Hong Kong from my observation, , we do not have enough talents.  , don't, maybe not even mention about talents.

We don't even have enough. Thank you. Cyber security personnel or manpower. , one of the reason is because nowadays, , it's very hard to select people who are passionate about cyber security. , I can tell you, , if you guys, , the audience listening, cyber security is, is, is a fancy word, but you need a lot of hard work and dedication to get yourself there.

Fully trainable, understand this. And hence, , sadly to say, sometimes I see people just halfway through their training, they would just give up. It was just too tough for them. , and hence in Hong Kong, we don't have enough manpower to take up cyber jobs, not just Hong Kong, globally as well. And I do hope, , to see more organization or institutes spend more Effort or resources on the training of cyber security personnel as well. 

Yeah, you're absolutely right because , you know, i'm obviously with a company called Theos now as you know, right and , we are obviously looking for the talent the same kind of talent you're looking for, , or Sometimes different because obviously we also focus on investigations on incident response, etc And it's just it's hard to find that and I think in hong kong certainly we recognize there is going to be a growing market You Because of the, the demands from the government, from the authorities, for organizations to take cybersecurity more seriously, to be more responsible in protecting the data that they are entrusted with.

And that's a good thing, obviously for Hong Kong, but finding the people to actually deliver that is another story entirely. Right. But, , you know, as I say, as we grow as a company, we're looking to bring on people that we can mentor and train up. And I think passion is the key word. You, you really, you know, You, you emphasize the word passion and I love that because I've, I've known you for a long time now, Dickie, and if there's one thing you're not short of, it's passion.

And, , you know, it's, it's, it's, it's, it's something that we need to instill and try and develop that core of, of people in, in Hong Kong who share that passion and can help to drive the industry forward when it's needed most, which is right now, really. Yep, absolutely. I mean,  , passion is a word is, is easy to say, but when you really put that into action  is, is, is difficult because he's, he's going to guarantee that you will go through a lot of challenges.

It will try to push you back.  , I wouldn't say beat you down, but You have to know where  you're, you're trying to achieve. And when you have that direction, you just need to go for it, consistency, everything. And I do hope Hong Kong to have more passionate cyber people around, to be honest. Yeah, I agree with you entirely.

And look, let's, let's not be too, , you know, , negative about this because we all, we both know quite a nber of excellent people in, in, in Hong Kong, but just not enough of them, I guess. So, so aside from passion, what are the qualities really make a good chief information security officer then?  I think when you are, , sitting on a, , semi or middle high management position, , apart from tech, you got to be sensitive about, , your organizational goal, because at the end of the day, you're not, your work is not only for your own department, it's actually to help the organization to go forward or to defense the whole thing.

So as a CISO, , apart from technical, you also need to understand business language as well. When you talk to the CEO or CFO asking for budgets and also telling them your strategy, your plans, why do they need to invest in your team? And also you need to have the sensitivity that you need to be able to observe what's around the world. 

, you need to read about, read a lot of cybersecurity news, report, research, trying to identify, is there something common or threats coming up? , let me share about my routine. I, I wake up about four o'clock,  , am in Hong Kong time  and then I start reading the news overnight in the U S or what happened in the UK.

And then I start my day at six o'clock. I'm planning my day, , meetings and docentation work and then meeting people. , yeah. So again, this, , consistency and persistency about what you do. And once you find your passion, once you find what you love,  then you will just wait. You will just wake up. And you were just like, okay, so what's on today?

Let's go. And this is, this is the attitude that you will be, and you should be building up to.  Yeah, I mean, I hope we're not putting off too many aspiring cybersecurity  gurus in the audience by telling them they have to wake up at 4am. Just me.  Just you, yeah, I get it, I get it. But,  , you know, you talked about communication skills, etc.

And, you know, is that really more important, do you think, than the technical qualities then? Absolutely.  I would not say it's more important. , so everything through my career is like a stage, , different, you go through different stages. So when you start your cyber security, , career, you obviously you will spend more time on doing technical, understanding the technical perspective.

And as you get to more senior, management level, you would need to spend a lot of time communicating with your senior management  who are not technical background. So that's where your communication skills needs to be trained up because you're trying to, , turn tech, , technical language into more han readable language for them to understand. 

, so I think it's, it's a stage of the career that where you spend more time on training up your skillset, but coming to your questions yet, communication skills is. It's very essential because at the day, we all han being. Yeah, I, I really agree with that. And look, a lot of my work at the moment is doing board briefings, executive,  , committee briefings, et cetera.

And I am, I don't know how you feel about, I'm not talking about your specific role now, but in the community in general in Hong Kong, do you think senior leadership are more open to understanding or trying to understand more about cybersecurity? Cause it definitely. wasn't a conversation for the boardroom, even a couple of years ago, really in Hong Kong, was it?

Yeah, I think now they're more open because, , sadly for the past year in Hong Kong, we saw a lot of cybersecurity incidents and I think it's, it's one of the wake up calls for them. And now, Those incidents, we don't want to see them to happen, but it did. But my advice is cyber security professionals should start using those reference cases  to turn them into a story and tell your management,  , the importance of having a cyber hygiene environment, a good defense system that can really help to protect the company operation and,  , , and the whole organization as a whole.

And I think nowadays management are more open. But sadly against the economy is a bit of a downturn and people are just worrying about spending. So it's going to be  a tug of war, like put and pull thing, but I think it's getting better.  Do you think technology is going to save the day? Do you think AI is going to come in and make everywhere secure? 

Yeah.  , yeah, like, oh, it's a, it's a hot word being around and in the industry for many, many years.  , I, I won't be like bold enough to say it's going to save the world, but it's going to make a change. It's going to make it make a change. And if we use it in the right way, that's how I put it.  Yeah. But do you not think that criminal ingenuity is always going to stay ahead of us as the protectors?

Yeah. I mean, there's, , there's always a saying, right? Cyber criminals only need to get.  Right once, while law enforcement agencies have to get it right every time, like,  you cannot have any,  , , step back and everything like, yeah, cybercriminals, because they're more free, right? They can just use anything, and anytime, no one would care if they make something wrong.

And so. Again, in order to battle this is collaboration. It's definitely collaboration on public private sectors. Yeah. And also international collaboration. We were talking earlier, it's kind of, I don't want to dwell on geopolitics, but unfortunately, you know, there needs to be a good rapport between law enforcement agencies because well, cybercrime is borderless.

And, you know, if, if, If law enforcement is to combat cybercrime, they need to work together. And when law enforcement isn't working together, the only ones who benefit from that are the criminals. And yeah, as I said, I'm not going to touch on geopolitics at the moment, but , unfortunately we are seeing less collaboration between law enforcements, which is kind of a shame, I guess. 

So,  , Moving on from those topics, , where do you think Hong Kong could go to next? Because we've talked about the cyber legislation, , the critical infrastructure, but is that enough? Because Hong Kong often gets criticized because our data privacy regulations seem to be a bit behind, , you know, when you compare them to GDPR, , in Europe, etc.

Yeah, I think, , you, you're absolutely right. , if you, if you look at the, in, in China, they actually don't call it a critical informed structure. They call it a critical information infrastructure. So, the reason to have a protection for critical infrastructure, as well as just the IT operations, but it's, it's the data that's behind it.

It's so important that they want to protect. Yes, you're right. Hong Kong is still, far behind, , about data protection. And again, I do see some like good initiative that the PDPO are doing the BCPD,  , whether it's fast enough or not in the right place. And I think it could be up to discussions. And I think Hong Kong now we have the new law, hopefully, or I've seen in the industry, like different sectors are.

Being more aware of us trying to stay up front on protecting their, their environment. And they know,  , the law is not going to get  a u, , less tight. It's just going to get tighter and tighter. And which is a good thing for me, for us, I think. Right. Yeah. Again, though, I think we're going to come back to the challenge of enforcement, aren't we, that we spoke about earlier in this podcast.

And, you know, I've, , obviously the, the critical infrastructure, , security of critical infrastructure, , ordinance is going to have its own enforcement capability, its own,  , department. Is that the right way of putting it? Yeah. Yeah. It's going to call the commissioner's office.  The commissioner's office, that's the right thing.

So they're going to have their own investigators. And yes, if we talk about enhancing the data protection laws, the privacy commissioner is going to need more enforcement power, et cetera. Where are we going to find all these enforcers?  , well, I think now they would just like start pulling Manpower from different departments and join them But then again, it doesn't solve the issue because other departments will be losing up manpower as well, right?

So I think training up people is very very important in hong kong , as I said, , it'll be great to see more institutes or more Organizations are giving a helping hand to train up more people to fit in those gaps  Yeah, you're absolutely right. And, ,  the, , again, the challenge is training, of course, where do they get that training from?

, you know, , for example, if you, if you were talking to, , somebody in government right now and they wanted to know how to enhance their skill sets in this area, what would you recommend to them?  , to, to be honest, I mean, there is a lot,  , Some big and small, not large,  small and medi sized training, cybersecurity training institutes and stuff like that.

But I would literally recommend them to first start looking at more international courses being taught in overseas, because those ones, normally those ones are the ones that I attended  that gives you the most comprehensive knowledge, theory, and practical hands on experience as to learn. So I would say Look at more international perspective or international bodies that are providing those trainings will be beneficial more of the globally recognized, , certs, et cetera.

Yeah, no, it is challenging because the costs are high on day and finding budgets for those of you just mentioned before that budgets are tightening and yet the costs of the training is going up, but they are necessary on there. Yeah. I mean, again, if you, if you're looking at business perspective, the reason that they're expensive is for a reason, right?

You, for example, it's just like going to a. traditional institute, you're going to Harvard, you're going to Oxford, you're going to Cambridge, you're going to guarantee the institution fees is going to be high. Why? Because  the skill set and knowledge of the professors are good. So with cyber security, the same thing.

And if you want to go to a more international recognized body to get trained up, Yes, it's a cost that you need to pay, and once you've done that, then you're well equipped to come to the industry.  Okay, so once these public sector guys are all trained up and they sadly are going to let their governments down by jping ship to the private sector, what would you recommend, in house or consulting? 

, I would say try in house first. And then if you're passionate about consulting,  spreading your knowledge and experience, then definitely go to consulting. It's not one or the other, it's,  , which one I would say, I would suggest which one you start first, but I would say in house and then consulting. 

Right. That's a good advice there. So look, , Dickie,  I'm going to close the podcast now, but I always close these podcasts by asking  a question of my guests.  I'm a big music lover, right? So I'm always fascinated to know what other cybersecurity professionals are listening to, either when they're working or when they're relaxing.

So tell me, what are you listening to at the moment, Dickie? Yeah.  , when I work, I usually, I always open up YouTube and listen to,  , pop jazz.  Pub jazz is always something that calms me down in my mind.  , it just helped me to focus and concentrate on what I do even when I'm programming or writing policies and stuff like that, but hey,  , different people have different style. 

, I hope, I hope that people would like , pop, jazz, as I mentioned, , it's, it's good music.  Fantastic. Tiki, it's been a real pleasure having you on the show. Thank you so much. And if you're open to it, we might invite you back for a future episode, , where we'll talk about some different things. I would love to.

Thank you very much, Paul. All right. So Theos Cybernova was presented by myself, Paul Jackson, the studio engineer and editor was Roy DeMonte. The executive producer was myself and Ian Carlos. And this podcast is a co production between Theos Cyber and W4 Podcast Studio, Dubai. 

The Theos Cybernova Podcast.