Q&A with a PAIB

03/30/2022

Chen Zhao CPA, Head of Technical Security at Asian Development Bank, who is based in Manila, says the COVID-19 pandemic has made cybersecurity a major concern for organizations. He shares how his CPA training helps him to add value in business decision-making, and why cybersecurity specialists are in greater need than ever before



What attracted you to work at a regional development bank?

The mission of Asian Development Bank (ADB) is to eradicate extreme poverty in Asia and the Pacific, with the goal of ensuring a prosperous, inclusive, resilient, and sustainable region. It is not a simple task that can be completed over a few years or even decades. However, witnessing professionals all over the world coming together towards a common cause is very inspiring. In my division alone, people come from different countries including the United States, Nepal, France, India, the Philippines and Italy. Working at ADB provides unique opportunities to collaborate on important global challenges together with other international financial institutions such as the World Bank, the International Monetary Fund and the broader United Nations family. It’s hard to get more dynamic than that. 

What is one key lesson you have learned as a cybersecurity expert?

Always be curious, humble and resilient. Cybersecurity is often depicted in the media as some “cool” guy wearing a hoody, consuming energy drinks, watching five monitors where code flashes faster than a person can read, and furiously typing on three keyboards at the same time. In reality, most cybersecurity professionals spend time teaching themselves about new threats and how to respond to them. “Defeat” in the world of cybersecurity is, unfortunately, rather common. Attackers are almost always a few steps ahead, and new vulnerabilities emerge every day. Being resilient means accepting defeat, learning your lesson, and bouncing back stronger.

In what ways has your CPA training helped you in your career? How has it helped you manage issues?

My CPA training laid the right foundation for me to acquire business acumen. Business leaders may struggle to understand the impact of malware unless one can explain its effect on operational risk. At the same time, if a cybersecurity professional understands the underlying business process and the value a system delivers, they could maximize the security return-on-investment either through implementing the right controls at key junctions to avoid costly security breaches.

How has the COVID-19 pandemic increased the importance of cybersecurity within organizations?

As a result of the COVID-19 pandemic, there is now a heightened awareness of cybersecurity. With flexible work arrangements, the legacy “border” has practically disappeared, exponentially increasing the difficulty of protecting key information assets and processes. Government authorities, regulators and tech companies in more developed economies are pushing towards an IT ecosystem that is essentially “perimeter-less” and “password-less.” These are not new concepts, but COVID-19 has catalysed these transitions, especially as remote work may continue after the pandemic.


How should other accountants equip themselves as cybersecurity grows in prominence?

Improving everyone’s security mindset would naturally contribute to the security maturity of an organization. Accountants can get in touch with a computer emergency response team or build a genuinely collaborative relationship with the cybersecurity person at work, just by having regular conversations.