PODCAST

From Cybercrime Investigator
to Private Sector Leader

Dicky Wong

From Cybercrime Investigator to Private Sector Leader

Episode 2 - Season 1

34:52 min

Dicky Wong

From Cybercrime Investigator to Private Sector Leader

Episode 2 - Season 1

34:52 min​

Listen on:

About the Guest

Dicky Wong

Head of Cyber Security and Technology Risk, New World Corporate Services (a New World Group Member)

Dicky Wong
Head of Cyber Security and Technology Risk, New World Corporate Services (a New World Group Member)

Dicky Wong oversees technology risk, cyber security compliance, and management across New World Corporate Services, spearheading the design and implementation of a robust risk framework for all business units.

A recipient of the prestigious CSO TOP 30 ASEAN 2024 award, Dicky is recognized for his exceptional contributions to the field. He also serves as the Principal Consultant for Cyber Security at Kai Tak Sports Park, Hong Kong’s new national stadium and a critical infrastructure asset, where he ensures the implementation of top-tier protection systems aligned with national security standards.

Prior to his current roles, Dicky spent over a decade with the Hong Kong Police Force, holding leadership positions within the Cyber Security and Technology Crime Bureau (CSTCB). He led teams managing technology crime investigations, cyber security frameworks, and major cyberattacks, amassing extensive expertise in combating large-scale threats in Hong Kong. 

Dicky actively contributes to the cybersecurity community through roles such as:

  • Director of Government Relationship Development, Cloud Security Alliance (CSA HK & Macau Chapter)
  • Executive Committee Member, Cyber Security Specialist Group, Hong Kong Computer Society
  • Member, HKSTP Data Governance Think Tank Group
  • Harvard Business Review Advisory Council Member – Cyber Security
  • Member, Asia Customer Advisory Board, Fortinet

An INTERPOL-accredited trainer in computer forensics, Certified Ethical Hacker, and Certified Penetration Tester, Dicky is currently pursuing an EMBA at CUHK and holds a Bachelor’s Degree in Management Economics from the University of Essex, UK.

Credits:

Presented by: Paul Jackson
Studio engineering and editing: Roy D’Monte
Executive producers: Paul Jackson and Ian Carless
Co-production by: THEOS Cyber and W4 Podcast Studio

Paul Jackson: Wherever you are in the world, hello and welcome to the Theos Cybernova Podcast. Before we begin, I have a small favor to ask: the best way you can support our show is by hitting the follow or subscribe button on the app you’re using right now. It really helps us reach more listeners. 

So please, take a moment and click that button. Thank you so much!

Welcome to the Theos Cybernova Podcast, hosted by me, Paul Jackson. This is the second episode, and each week we dive into the latest trends, challenges, and innovations shaping the cybersecurity landscape. We’ll be speaking with industry experts, thought leaders, and technologists. Whether you’re a professional in the field or simply curious about staying safe in the digital age, Theos Cybernova offers valuable knowledge and actionable insights for everyone. Today, I’m joined by the one and only Mr. Dicky Wong.

Dicky Wong: Thank you, Paul. Thanks for having me—it’s a real pleasure to be here.

Paul Jackson: The pleasure’s all mine. By way of background, Dicky and I go back a long way. Quick question: are you still playing rugby?

Dicky Wong: I try to, but these days I’m spending more time on the sidelines, enjoying a beer.

Paul Jackson: Sounds sensible! We’re not as young as we used to be, but it’s great to have you here today.

We’re here to talk about cybersecurity and, specifically, the transition from the public sector to the private sector. Dicky and I are both former Hong Kong police officers, so there’s no better person to explore this topic with. Dicky, can you start by sharing a bit about your personal journey?

Dicky Wong: Of course. My career path wasn’t the typical IT trajectory. I studied management and economics, not computer science or IT. I started at Bloomberg in the financial sector, where I noticed how heavily traders and analysts relied on technology. That’s where my interest in tech began.

But as an Asian kid, my dad wanted me to follow in his footsteps, so I left finance to join the police force. After completing general training—physical, legal, and otherwise—I was assigned to the frontline. Then, an opportunity came up to join the newly formed Cyber Security and Technology Crime Bureau. I had no idea what cybersecurity was at the time, but it was the closest department to IT. I applied, went through interviews, and was selected. That’s where my cybersecurity journey began. My first role was in technology crime investigations—tracking hackers and cybercriminals. A year later, I became the head of the Cybersecurity Operations Center, focusing on critical infrastructure in Hong Kong. My final role in the police was Chief Information Security Officer. After 11 years in law enforcement, 95% of which were in cyber, I transitioned to the private sector as Head of Cybersecurity and Technology Risk for New World Development Hong Kong.

Paul Jackson: Before we dive into that transition, I have to ask—where did you get that posh English accent?

Dicky Wong: Well, my parents sent me to study in the UK when I was nine. I went to a boarding school in the countryside, very much like something out of Harry Potter. That’s where I picked it up.

Paul Jackson: Ah, makes sense. Now, let’s get serious again. Transitioning from law enforcement to a challenging private-sector role must have been daunting. Many listeners from government roles might be contemplating a similar move. What was your experience?

Dicky Wong: The hardest part wasn’t the career shift—it was convincing my dad I was leaving the police force! On the professional side, the difference between the public and private sectors is vast. In law enforcement, your job is relatively secure as long as you don’t make major mistakes. In the private sector, you face tougher challenges but also exciting opportunities to innovate and learn. I wanted to push myself further, especially as technology evolves so quickly. I was looking for a new challenge, and I knew I had to change my environment to grow.

Paul Jackson: That’s inspiring! What do you think gave you the qualities needed to succeed as a Chief Information Security Officer?

Dicky Wong: I’ve never been someone who’s fixated on titles. For me, a title is just a responsibility. I actively take on challenges rather than waiting for instructions. That’s a mindset I developed from playing rugby—every player is responsible for the team, regardless of their position. This proactive attitude helped me earn trust and responsibility in my roles.

Paul Jackson: That’s a great analogy. Rugby teaches discipline and accountability. But do you miss having the authority to investigate cyberattacks now that you’re in the private sector?

Dicky Wong: Sometimes, yes. I still have that investigative mindset, but now I rely on collaboration and leveraging connections to achieve my goals. The private sector has its limitations, but teamwork across sectors is essential to combat cybercrime effectively.

Paul Jackson: Speaking of collaboration, public-private partnerships often get mentioned, but they don’t always work seamlessly. What are the barriers?

Dicky Wong: It depends on the region. Globally, countries like the US, UK, and Japan have implemented successful partnerships. However, cultural differences and a lack of a clear middleman often hinder progress. Effective collaboration requires someone to bridge the gap between the public and private sectors.

Paul Jackson: That’s a great point. Law enforcement agencies often face challenges like staff turnover. Officers may gain skills and then move to different departments or leave for the private sector. Is that a big issue?

Dicky Wong: It is. In the police force, officers can’t stay in the same role for more than four years to avoid conflicts of interest. While this policy has its merits, it disrupts continuity. For specialized bureaus like Cybersecurity and Technology Crime, extensions up to eight years are possible, but even that isn’t enough. The demand for cybersecurity experts in the private sector means many officers leave once they’re trained, seeking better opportunities.

Paul Jackson: That’s a challenge worldwide. Do you think police forces should change their strategies to retain talent?

Dicky Wong: Yes, especially for cybersecurity roles. I believe forces should consider bringing in specialists or consultants from the private sector. These experts could provide insights and bridge gaps between police practices and industry needs. Training general police officers for technical roles doesn’t always yield the best results.

Paul Jackson: Interesting. On that note, who makes a better cybercrime investigator: a technologist trained as a police officer or a police officer trained in technology?

Dicky Wong: There’s no definitive answer. Effective cybercrime investigation requires diverse skills. Some officers excel at technical aspects, while others are strong in observation and evidence analysis. A well-rounded team with varied capabilities is key. Collaboration makes the difference.

Paul Jackson: Let’s shift gears. Hong Kong recently introduced new cybersecurity legislation for critical infrastructure. Do you think this will enhance the city’s cybersecurity posture?

Dicky Wong: Absolutely. During my time as the head of the Cybersecurity Operations Center, I worked closely with critical infrastructure like transportation and utilities. These systems are essential to public safety and national security. The new law raises awareness and encourages organizations to prioritize cybersecurity, which is critical in today’s digital era.

Paul Jackson: Do you think Hong Kong has enough cybersecurity talent to meet the increased demand?

Dicky Wong: Unfortunately, no. There’s a significant shortage of skilled personnel. Cybersecurity is a demanding field that requires dedication and hard work, and not everyone is willing to go the distance. Globally, this is a challenge, but I hope to see more organizations investing in training programs to address the gap.

Paul Jackson: You’ve always emphasized passion. How do we cultivate that in the next generation of cybersecurity professionals?

Dicky Wong: It starts with providing opportunities and mentorship. Passion grows when people feel supported and see the impact of their work. Training programs and industry involvement are key.

Paul Jackson: What qualities make a good Chief Information Security Officer?

Dicky Wong: Beyond technical skills, a CISO must understand the organization’s goals and communicate effectively with senior leadership. You need to translate technical issues into business language. Staying informed about global cybersecurity trends and being proactive in addressing potential threats are also critical.

Paul Jackson: How do you stay ahead in such a demanding role?

Dicky Wong: Discipline and consistency. My day starts at 4:00 AM with news updates from the US and UK. I plan my schedule, handle meetings, and dive into documentation. Once you find your passion, the motivation to keep going becomes second nature.

Paul Jackson: Do you think senior leadership in Hong Kong is becoming more receptive to cybersecurity? Dicky Wong Yes, especially after recent incidents have served as wake-up calls. Leaders are starting to understand the importance of strong cybersecurity measures. However, economic challenges mean budgets are tight, so we need to justify investments with clear, impactful messaging.

Paul Jackson: Can technology, like AI, solve cybersecurity challenges?

Dicky Wong: AI can make a significant difference, but it’s not a magic solution. Cybercriminals are constantly innovating, and they only need to succeed once, while defenders must succeed every time. Collaboration across sectors and countries is essential to stay ahead.

Paul Jackson: How can Hong Kong improve its cybersecurity landscape?

Dicky Wong: Strengthening data privacy regulations and enforcing existing laws are crucial. The new critical infrastructure ordinance is a step in the right direction, but we also need more resources for training and enforcement. Collaboration between public and private sectors will be key to success.

Paul Jackson: What advice would you give to aspiring cybersecurity professionals?

Dicky Wong: Start with international courses and certifications to gain comprehensive knowledge and practical experience. Yes, they’re expensive, but the investment pays off in terms of skills and career opportunities.

Paul Jackson: And once they’re trained, should they start in-house or go straight into consulting?

Dicky Wong: I’d recommend starting in-house to build a solid foundation, then transitioning to consulting if they’re passionate about sharing their expertise.

Paul Jackson: Finally, let’s end on a lighter note. What music do you listen to while working or relaxing?

Dicky Wong: I’m a big fan of pop jazz. It helps me focus and stay calm while I’m working on policies or programming. It’s my go-to genre.

Paul Jackson: Great choice! Dicky, it’s been an absolute pleasure having you on the show. I hope we can have you back for another episode soon. 

Paul Jackson: Theos Cybernova is presented by me, Paul Jackson. Our studio engineer and editor is Roy Devonte. This podcast is a co-production between Theos Cyber and W4 Podcast Studio in Dubai. Thank you for listening!

Episode Summary

How do you transition from public service to a leadership role in the private sector? It’s a journey filled with challenges, opportunities, and lessons that few have mastered.

Former Hong Kong police officer and cybersecurity leader Dicky Wong has walked this path. From investigating cybercrime and protecting critical infrastructure to leading as Head of Cybersecurity and Technology Risk for a major corporation, Dickie brings a unique perspective to the ever-evolving world of cybersecurity.

In this compelling conversation, Dicky shares his journey, from his early days in law enforcement to his rise in the private sector. He dives into the differences between public and private roles, the global cybersecurity talent gap, and how passion and proactive leadership can make all the difference.

Whether you’re considering a career shift or seeking inspiration in the field of cybersecurity, this episode of THEOS Cybernova delivers invaluable insights. 

Episode Timeline

Code for the Podcast Timeline

Explore More Podcast

Episode 1 - Season 1

11:49 min

Building THEOS Cyber, Embracing Growth, and the...

Discover the story behind THEOS Cyber, its growth journey, and future aspirations.

Episode 2 - Season 1

12:45 min

From Cybercrime Investigator to Private Sector Leader

Follow the transition from cybercrime investigator to a leader in the private sector.

Episode 3 - Season 1

30:19 min

Cracking the Code to Cyber Talent and Recruitment

Explore strategies for finding and nurturing top talent in the cybersecurity industry.

Episode 4 - Season 1

11:49 min

Building THEOS Cyber, Embracing Growth, and the...

Discover the story behind THEOS Cyber, its growth journey, and future aspirations.

Episode 5 - Season 1

12:45 min

Crisis Leadership When Cyber Attacks Strike

What happens when a ransomware attack hits, and every decision counts?

Episode 6 - Season 1

40:15 min

The Modern CISO’s Balancing Act—Security, Business, and Innovation

Is the traditional CISO role becoming obsolete?
 

Episode 7 - Season 1

38:33 min

The Leadership Playbook for Aspiring CIOs and CISOs

What does it take to transition from a cybersecurity practitioner to a strategic leader?

Episode 5 - Season 1

12:45 min

Crisis Leadership When Cyber Attacks Strike

Dives into the realities of managing a breach, from evaluating ransomware demands...

Episode 6 - Season 1

40:15 min

The Modern CISO’s Balancing Act—Security, Business, and Innovation

Discuss the evolving responsibilities of cybersecurity leaders.