Loh Kar Wei is a cybersecurity trainer at the Centre For Cybersecurity Institute (CFCI). She holds the Offensive Security Certified Professional (OSCP) certification and has been credited with discovering two Common Vulnerabilities and Exposures (CVEs). Since 2023 she has trained multiple cohorts of career-switchers and beginners stepping into their first cybersecurity roles. We spoke with her about what draws women to the field, what holds them back, and why Singapore is a genuinely good place to start.
What Strengths Do Women Bring to Cybersecurity?
Kar Wei is careful not to speak for all women, but she is confident about one quality she observes consistently.
“We are more meticulous in the processes and the results that we get, which I guess would be more relevant to something like cybersecurity.”
Attention to detail is not a soft attribute in this field — it is operationally critical. Missing a misconfigured permission, overlooking an anomalous log entry, or underestimating the scope of a vulnerability can have real consequences. Meticulousness is a technical skill.
She also highlights the value of diverse perspectives. Cybersecurity is fundamentally about anticipating how someone else might think and act. The broader the range of viewpoints within a team, the harder that team is to blindside.
A Classroom Where Women Are Not a Minority
One of the barriers to women entering cybersecurity is that the environments can feel unwelcoming — not through overt hostility, but simply through proportion. When a room is 80–90% male, it creates a subtle friction that discourages many women before they begin.
Kar Wei has noticed a different dynamic in CFCI’s classrooms.
“I do see a higher ratio of females in my classes, which is something that I didn’t really see as much when I was still schooling.”
This is not accidental. CFCI’s enrolment approach does not filter by age, academic background, or prior career — which has organically produced a more balanced learner mix. A more representative classroom creates a more comfortable learning environment, and a more comfortable learning environment produces better outcomes.
How Kar Wei Got into Cybersecurity
Kar Wei’s path began with something simple: she liked building things and breaking them. That intellectual curiosity — wanting to understand not just how systems work, but how they fail — is a common thread among people who thrive in cybersecurity.
She is self-described as an introvert, which makes her decision to move into teaching particularly telling. She recognised that connecting with others who shared her curiosity was worth pushing past her comfort zone, and that the cybersecurity community was unusually good at fostering those connections across different backgrounds and experiences.
Her technical depth was shaped in part by an internship under Eugene Lim, a well-regarded security researcher at Singapore’s GovTech. Working on bug bounty programmes under his guidance gave her a practical grounding that she credits as the foundation for eventually earning the OSCP — a certification known for being difficult to pass without genuine hands-on skill.
The Community Makes a Difference
One of the moments Kar Wei points to as genuinely encouraging was seeing how broadly the cybersecurity community supports women entering the field — not just from within women’s groups, but from male colleagues actively driving those initiatives.
“Especially in Singapore, where there are already so many communities and initiatives trying to support younger women to join the industry, as long as you have the heart.”
Singapore’s cybersecurity ecosystem has matured considerably. Industry bodies, government-backed programmes, and community groups have created real entry points. The infrastructure is there. What Kar Wei observes is that the limiting factor is rarely external — it is self-imposed hesitation.
Her Advice: Push for Yourself
When asked what she would tell a young woman considering a cybersecurity career, Kar Wei is direct.
“Without this confidence and assertiveness to say that you are worthy and you are qualified to be here, sometimes it’s easy to be overlooked. This is something that you must fight for yourself because the chance of having someone to fight for you is not that high. If you want opportunities and you have a goal to reach, the only way to reach it is to push for yourself.”
This is practical advice, not motivational filler. Cybersecurity is a meritocratic field in many ways — certifications, lab scores, and demonstrated skill matter — but getting those first opportunities still requires self-advocacy. Knowing your worth and communicating it clearly is part of the professional toolkit.
Her second piece of advice is about patience with the process.
“Chase whatever that you enjoy doing. Even if you don’t really enjoy something at this given point in time. Sometimes it just takes time to build.”
Interest often follows competence. Early-stage learners sometimes disengage because the material feels unfamiliar or frustrating before it clicks. Kar Wei’s experience — both as a learner and as someone who has now taught multiple cohorts — is that persistence through that early friction is almost always rewarded.
What Makes Teaching Cybersecurity Rewarding
For Kar Wei, the most meaningful part of her work is not the certifications or the technical achievements — it is the people.
“The most rewarding aspect has been the opportunity to meet people from diverse backgrounds and hear their stories.”
That is a useful perspective for anyone considering a cybersecurity career: the field is not just about technology. It is about protecting people, organisations, and systems that matter. The human element — understanding context, communicating risk, working in teams — is as important as technical skill. Trainers like Kar Wei shape not just technical competency but professional confidence, and that shows in how graduates approach their first roles.
Starting Your Own Cybersecurity Journey
Kar Wei’s story illustrates something worth holding on to: you do not need a particular background, a specific degree, or years of prior experience. What matters is curiosity, willingness to do hands-on work, and the persistence to push through early uncertainty.
75% of graduates who secured cyber roles had no prior IT background. CFCI’s programmes are structured to build from first principles, with career support — CV coaching, interview preparation, and employer connections — running alongside the technical training.
For a practical overview of how people with no IT background make that transition — including the steps, timeline, and what to expect — see our guide to switching into cybersecurity in Singapore.
If you are exploring whether this is the right move, a free information session is the lowest-stakes way to find out. There is no commitment, and it gives you a clear picture of what a career pivot into cybersecurity actually looks like in practice. You can register for a free info session here, or join our Cybersecurity Experiential Workshop to get hands-on with the fundamentals before making any decision.
Frequently Asked Questions
Is cybersecurity a good career for women in Singapore?
Yes. Demand for cybersecurity professionals in Singapore is strong across both public and private sectors. Women bring valuable perspectives — including attention to detail and methodical thinking — that are well suited to the work. Initiatives from community groups and training providers have made entry more accessible, and programmes like CFCI's are intentionally beginner-friendly with no background requirement.
Do you need an IT background to start a cybersecurity career in Singapore?
No. 75% of graduates who secured cyber roles had no prior IT background. A good training programme builds foundational skills from the ground up, and hands-on labs accelerate practical understanding far faster than prior experience alone.
What is the OSCP certification?
The Offensive Security Certified Professional (OSCP) is a rigorous, hands-on penetration testing certification. It is widely respected in the cybersecurity industry because it tests real-world offensive skills under exam conditions, not just theoretical knowledge.
How can women get started in cybersecurity in Singapore?
A practical first step is attending a free information session or experiential workshop to explore the fundamentals without commitment. From there, a structured programme with career support — such as CV coaching, interview preparation, and employer connections — gives the best foundation for securing a first role.