Analysing the Market Opportunity for Dedicated Resident Engineering Engagements
Based on Liquid Networx EPSP Announcement | February 2026
Executive Summary
On 20 February 2026, Liquid Networx — the first Fortinet Engage Preferred Services Partner (EPSP) in North America — announced the launch of dedicated and resident certified Fortinet engineer engagements for enterprise clients. This offering encompasses design, implementation, and ongoing operational support for Fortinet solutions including SASE, Zero Trust, and the Fortinet Security Fabric.
This case study examines the significance of this announcement through the lens of Singapore’s financial services sector, which faces an intensifying cybersecurity threat environment, increasingly prescriptive regulatory obligations under the Monetary Authority of Singapore (MAS), and structural pressures arising from accelerated digital transformation. The analysis argues that the Liquid Networx EPSP model — and equivalent specialist-led managed security service partnerships — addresses a demonstrable capability gap that Singapore banks and fintechs have yet to fully close.
49%
Surge in Phishing
Singapore 2024 (CSA) 21%
Rise in Ransomware
Singapore 2024 (CSA) 70%
Essential Controls Adopted
Avg. SG Organisation 90%
Financial Sector A-Rating
SecurityScorecard 2025
- Singapore’s Cybersecurity Threat Landscape
1.1 Escalating Threat Vectors
Singapore’s Cyber Security Agency (CSA) released its Singapore Cyber Landscape 2024/2025 report in September 2025, documenting a broad deterioration in the threat environment across virtually all measured categories. For the financial services sector specifically, phishing and impersonation attacks represent the most operationally disruptive category: banking and financial services ranked among the most spoofed industries in 2024, alongside government and e-commerce.
The phishing vector merits particular attention given the sector’s reliance on customer-facing digital channels. A 49% year-on-year surge in reported phishing cases — with over 6,100 incidents logged and 12% of phishing emails found to contain AI-generated content — underscores both the scale and the sophistication of adversarial capabilities. The deployment of AI to craft personalised, contextually credible lures represents a material shift from historical mass-blast phishing campaigns and demands a commensurate elevation in defensive capabilities.
Ransomware activity increased by 21% over the same period. While manufacturing bore the greatest incidence rate, professional services firms — including financial advisory and legal entities — were disproportionately targeted. Double-extortion techniques (simultaneous data exfiltration and encryption) are now standard practice among threat actors, substantially raising both financial exposure and regulatory reporting obligations for affected institutions.
Key Data Point — DDoS Risk
Singapore was ranked the seventh most attacked country globally in Q4 2024, and notably the third-largest source of DDoS attack traffic. Key targeted industries included telecommunications, internet services, and banking & financial services. With Singapore connected to 26 submarine cables, the infrastructure attack surface extends well beyond traditional perimeter controls. (Source: CSA Singapore Cyber Landscape 2024/2025)
1.2 AI as a Dual-Use Threat Amplifier
The CSA has highlighted artificial intelligence as a ‘double-edged sword’ in the current threat landscape. Threat actors leverage generative AI for research, code troubleshooting, phishing content generation, and payload development. For financial institutions managing large customer datasets and operating complex multi-cloud environments, this development compresses the response window between a campaign’s initiation and its successful execution.
Defensive AI deployments — including anomaly detection, automated incident triage, and SIEM correlation enhancement — require sustained human expertise to configure, tune, and maintain. This dependency on specialist engineering resources is precisely the gap that dedicated resident engineer models are designed to address.
1.3 Supply Chain and Third-Party Risk
A ransomware attack in March 2025 against a Singapore-based IT services provider compromised the personal data of over 100,000 individuals and disrupted operations across multiple public sector agencies. The incident illustrated the downstream consequences of supply chain vulnerabilities — a risk dimension that the CSA’s Cybersecurity (Amendment) Act 2024 now formally incorporates into Critical Information Infrastructure (CII) owners’ incident reporting duties, including threats and incidents originating from their supply chains.
For financial institutions operating complex third-party ecosystems — spanning cloud service providers, payment processors, data analytics vendors, and telecommunications infrastructure — this regulatory expansion materially increases the scope of security governance required. Resident engineering partnerships with deep Fortinet Security Fabric expertise provide a tractable means of extending visibility and controls across these extended perimeters.
- Regulatory Environment: MAS and the Compliance Imperative
2.1 Technology Risk Management (TRM) Guidelines
The Monetary Authority of Singapore’s Technology Risk Management (TRM) Guidelines — most recently updated in January 2021 and operationally extended through subsequent notices and advisories — establish comprehensive requirements for technology governance, cybersecurity controls, and operational resilience across all licensed financial institutions in Singapore. These apply to full banks, wholesale banks, merchant banks, insurers, capital markets services licensees, and digital payment token service providers.
The TRM Guidelines are not aspirational. They impose board-level accountability for technology risk governance, mandate documented risk management frameworks, and require demonstrable controls across identity management, access governance, network security, system resilience, and third-party risk management. Enforcement is active: MAS has issued corrective directives requiring institutions to strengthen controls and has imposed restrictions on business growth for institutions with inadequate risk management programmes.
MAS Notice 644 Technology risk requirements for banks — mandatory controls covering system resilience, security management, and incident response
MAS Notice 658 Management of outsourced relevant services for banks — third-party risk assessment, monitoring, and contractual security obligations
MAS TRM Guidelines 2021 Comprehensive best-practice standards covering IT governance, cyber resilience, software development security, and penetration testing
Cybersecurity (Amendment) Act 2024 Expanded CII reporting scope including supply chain incidents; new category of Systems of Temporary Cybersecurity Concern
CTREX Panel (2024) MAS Cyber and Technology Resilience Experts Panel; advises on emerging technology risks, third-party risks, and quantum security
2.2 Zero Trust and SASE as Regulatory Instruments
The MAS TRM Guidelines explicitly reference network segmentation, privileged access management, and the principle of least-privilege access — architectural tenets that align directly with Zero Trust design philosophy. While MAS does not prescribe specific vendors or architectures, the practical implementation of TRM-compliant controls in multi-cloud, hybrid-workforce financial institutions increasingly converges on Zero Trust network access (ZTNA) and Secure Access Service Edge (SASE) frameworks.
Fortinet’s Security Fabric — the integrated platform for which Liquid Networx holds EPSP certification — encompasses SASE, ZTNA, SD-WAN, and next-generation firewall capabilities. For a Singapore bank seeking to simultaneously satisfy MAS’s network security requirements, manage geographically distributed branch operations, and secure a remote workforce, a coherently integrated Security Fabric deployment managed by a resident certified engineer offers significant governance advantages over a patchwork of point solutions.
2.3 The 2026 Regulatory Tightening
Singapore’s cybersecurity regulatory environment is notably more demanding in 2026 than in prior years. Key developments include the formal recognition that outsourcing does not transfer cybersecurity responsibility — organisations that rely on third-party systems to deliver essential or critical services must understand and govern the cybersecurity posture of those providers. Cloud adoption no longer reduces regulatory exposure; it increases the need for structured security governance.
Incident reporting thresholds have also been tightened. Financial institutions are expected to report not only confirmed breaches but also significant threats, near-misses with material potential, and supply chain incidents. This shift from reactive to proactive reporting requires maintained situational awareness that a resident engineer embedded within an institution’s security operations can materially support.
Regulatory Context: MAS FSTI 3.0 Funding
The Financial Sector Technology and Innovation Scheme (FSTI 3.0), launched in 2023 and aligned with Singapore’s Industry Transformation Map 2025, provides government funding support for projects that enhance cybersecurity and operational resilience. Financial institutions pursuing dedicated security engineering engagements may be eligible for FSTI support, reducing net implementation costs and strengthening the business case for advanced security postures.
- Market Opportunity Analysis
3.1 The Capability Gap in Singapore Financial Services
Despite the financial sector recording the highest cybersecurity performance rating of any sector in Singapore’s SecurityScorecard analysis — with 90% of assessed institutions achieving an A-rating — aggregate performance metrics mask significant heterogeneity. Large locally incorporated banks (DBS, OCBC, UOB) maintain substantial in-house security engineering capabilities. Mid-tier and foreign wholesale banks, digital banks, insurance groups, and the fintech ecosystem represent a distinctly different risk profile: institutions with material regulatory obligations, complex technology environments, but constrained capacity to employ and retain certified security engineers across the full Fortinet stack.
The CSA notes that Singapore organisations averaged only a 70% adoption rate of essential cybersecurity measures, with only one-third of organisations fully implementing at least 60% of measures recommended in national cybersecurity standards. This gap persists despite the heightened regulatory and commercial incentives to close it — a pattern consistent with a structural talent and expertise shortage rather than a motivation deficit.
3.2 Demand Drivers for Resident Engineering Models
Several converging demand drivers make the resident or dedicated engineering engagement model particularly compelling for Singapore’s financial services institutions in 2026:
Regulatory accountability: MAS governance obligations require board-level oversight of technology risk, which in turn demands demonstrable, accountable security engineering capabilities — not merely contracted SLAs.
Threat environment velocity: The 49% phishing surge, rising ransomware incidence, and expanding AI-enabled attack surface require continuous policy tuning, threat hunting, and incident response that periodic managed security service provider (MSSP) engagements are structurally ill-suited to provide.
Architectural complexity: Hybrid work models, cloud migrations, and cross-border payment infrastructure create network architectures that resist standardised security templates; resident engineers can provide context-sensitive design and adaptive policy management.
Talent market constraints: Fortinet-certified engineers are in high demand across the Asia-Pacific region; engaging a resident engineer through an EPSP partner circumvents the direct hiring market where certified talent commands premium compensation and exhibits elevated attrition.
Government co-investment: Smaller institutions, particularly digital banks and licensed fintech companies, may access FSTI 3.0 grant funding to partially offset engagement costs, materially improving ROI calculations.
3.3 Competitive Positioning of the EPSP Model
The Engage Preferred Services Partner designation is Fortinet’s highest-tier service delivery credential, awarded following rigorous qualification of a partner’s verified capacities in deployment, operations, and maintenance of end-to-end Fortinet solutions. The credential provides access to direct Fortinet engineering collaboration on service delivery, meaning resident engineers at EPSP-designated partners maintain closer visibility into Fortinet’s roadmap, vulnerability disclosures, and operational best practices than do standard resellers or system integrators.
For a regulated Singapore financial institution, engaging an EPSP-designated partner for resident engineering services offers three distinct advantages over conventional procurement approaches:
Credentialed assurance: EPSP partners carry Fortinet’s institutional endorsement of their service quality, providing an auditable basis for third-party risk assessments and MAS outsourcing governance.
Operational continuity: The resident engineer model embeds expertise within the client’s operational context, enabling faster incident response, more effective threat hunting, and greater institutional knowledge retention than rotation-based consulting models.
Vendor-aligned escalation: EPSP partners typically have formalised access to Fortinet professional services escalation paths, reducing mean-time-to-resolution for complex platform issues and ensuring clients benefit from emerging security capabilities as they are released.
- Illustrative Engagement Scenarios
4.1 Licensed Digital Bank: SASE and Zero Trust Deployment
A Singapore-licensed digital bank with no branch infrastructure, 400 employees working in hybrid arrangements across Singapore and regional hubs, and a core banking platform deployed on a major public cloud presents a prototypical use case. The bank faces full MAS TRM compliance obligations, has no legacy on-premise network infrastructure to integrate, and manages a customer base accessing services exclusively through mobile and web channels.
A resident Fortinet engineer would be tasked with designing and implementing a Fortinet SASE architecture to provide consistent zero-trust policy enforcement regardless of user location or device ownership status. The engagement would encompass SD-WAN policy design for regional office connectivity, ZTNA deployment for application access governance, and FortiAnalyzer integration for MAS-compliant logging and incident evidence preservation. Ongoing resident support would include continuous policy optimisation as the bank scales, threat intelligence integration, and quarterly MAS technology risk reporting support.
4.2 Regional Wholesale Bank Branch: Security Fabric Consolidation
A regional bank branch operating in Singapore under a wholesale banking licence manages correspondent banking relationships, treasury operations, and trade finance for corporate clients across Southeast Asia. The branch has historically accumulated point security solutions from multiple vendors, creating policy inconsistencies, alert fatigue, and operational complexity that impedes both security outcomes and MAS TRM governance documentation.
A dedicated Fortinet engineer engagement in this context would focus on Security Fabric rationalisation: consolidating perimeter, endpoint, and network security functions onto the Fortinet platform, establishing unified policy visibility, and integrating with the global SIEM environment maintained by the bank’s head office. The primary regulatory deliverable is a coherent, documented control framework that satisfies MAS Notice 644 requirements and simplifies the annual technology risk self-assessment process.
4.3 Insurtech Platform: OT/IT Convergence and Supply Chain Risk
An insurance technology firm offering embedded insurance products through third-party digital platforms manages an unusual convergence of IT security obligations (MAS TRM requirements as a licensed insurer) and third-party risk exposure (its distribution model makes it structurally dependent on the security posture of partner platforms). The Cybersecurity (Amendment) Act 2024’s expanded supply chain incident reporting scope has elevated this exposure to board-level attention.
A resident engineer engagement would deliver FortiGate and FortiClient deployment for the firm’s internal infrastructure, combined with a structured third-party security assessment programme leveraging FortiAnalyzer telemetry to monitor integration points with distribution partners. The engagement would also develop the incident response playbooks and MAS-required notification workflows that the firm’s security team lacks the Fortinet platform expertise to author independently.
- Strategic Implications and Recommendations
5.1 For Financial Institutions
Singapore’s financial institutions operating below the tier of the three major local banks face a genuine capability-obligation mismatch: MAS TRM requirements demand engineering-grade security governance, but the certified talent market cannot supply the required expertise at commercially sustainable in-house employment rates. The EPSP resident engineer model offers a structurally appropriate response — providing institutionally credentialed, vendor-aligned, contextually embedded expertise at terms more accessible than full-time specialist hires.
Institutions should evaluate resident engineer engagements specifically against the following MAS TRM compliance dimensions: network security architecture governance, identity and access management policy maintenance, third-party risk technical assessment, and incident response capability assurance. FSTI 3.0 funding eligibility should be assessed in parallel with engagement scoping.
5.2 For Security Services Partners in the Asia-Pacific Region
The Liquid Networx announcement signals an evolution in the managed security services market: from SLA-based remote operations towards embedded, relationship-based engineering partnerships. Partners seeking to enter the Singapore financial services market should recognise that MAS-regulated institutions place significant weight on audit trails, vendor credentials, and contractual accountability — all of which the EPSP designation framework directly supports.
The Singapore market also presents a gateway function for regional expansion. Financial institutions headquartered in Singapore frequently operate branches and subsidiaries across Southeast Asia with analogous cybersecurity obligations and equivalent talent constraints. An EPSP-credentialed resident engineering engagement originating in Singapore creates a natural reference architecture and relationship basis for regional rollout.
5.3 Structural Limitations of the Analysis
This analysis is conducted on a market basis, drawing on publicly available regulatory documentation, CSA threat landscape data, and the published terms of the Liquid Networx EPSP announcement. It does not reflect proprietary client engagement data from Liquid Networx or Fortinet. The Singapore-specific market opportunity assessment should be stress-tested against actual procurement cycles, institutional risk appetites, and the competitive dynamics of the local managed security services market before informing investment or partnership decisions.
Conclusion
The Liquid Networx EPSP announcement is not merely a vendor partnership milestone — it represents a meaningful data point in the evolution of enterprise security service delivery models. For Singapore’s financial services sector, the convergence of a materially worsening threat landscape, increasingly prescriptive MAS regulatory obligations, and persistent certified engineering talent constraints creates an environment in which the dedicated resident engineer model is not simply convenient but structurally necessary for a significant segment of the market.
The EPSP designation provides the institutional credentialling that MAS-regulated institutions require for third-party risk governance. The Fortinet Security Fabric platform addresses the full architectural stack required for TRM compliance. The resident engineer delivery model provides the continuity, contextual knowledge, and operational responsiveness that periodic consulting engagements cannot replicate. Together, these elements compose a service offering whose timing — given Singapore’s 2026 regulatory tightening, escalating threat environment, and digital transformation momentum — is well-suited to the market’s current needs.
Key Sources and References
Cyber Security Agency of Singapore. Singapore Cyber Landscape 2024/2025. Published September 2025.
Monetary Authority of Singapore. Technology Risk Management Guidelines. January 2021.
Monetary Authority of Singapore. MAS Notice 644 (Technology Risk); Notice 658 (Outsourcing). Various amendments.
Singapore Parliament. Cybersecurity (Amendment) Act 2024. Passed May 2024.
SecurityScorecard. The State of Cyber Resilience in Singapore. July 2025.
Chambers and Partners. Cybersecurity 2025 — Singapore: Trends and Developments. 2025.
GQS Singapore. Singapore Cybersecurity Regulations in 2026. January 2026.
Liquid Networx. Press Release: Liquid Networx Announces Dedicated and Resident Fortinet Engineer Engagements for Enterprise Clients. Business Wire, 20 February 2026.
Security Quotient. Singapore Cyber Threat Landscape: A 2025 Outlook. 2025.