Soundness of Mind in Cybersecurity Leadership: Harrison Nnaji’s Journey as CISO of FirstBank Nigeria
Tue 9 Jan 2024
In an industry that’s rapidly evolving and facing ever-increasing challenges, Dr. Harrison Nnaji, the Group Chief Information Security Officer (CISO) for FirstBank Nigeria, stands out as a leading figure.
Ahead of his appearance at the Cloud & Cyber Security Expo on 6-7 March at ExCeL London, we had the opportunity to delve into his journey to becoming a CISO and his unique perspective on cybersecurity.
– – – – – –
How did your career in cybersecurity evolve, leading you to the role of CISO at FirstBank Nigeria?
Harrison reflected on the changing landscape of cybersecurity in the banking sector, especially since 2019, when a new regulatory framework transformed the role of a CISO.
“The Risk-based Cybersecurity Framework and Guidelines for the Banking Industry made the CISO position pivotal,” he explained.
His journey, however, began much earlier, encompassing various roles across the IT security spectrum in companies like Airtel Nigeria and IBM.
In 2014, Harrison took a strategic step into the financial industry, joining United Bank for Africa as the head of a new division focusing on enterprise security.
“It was a challenging yet rewarding role that laid the groundwork for my future endeavors,” he said.
Harrison’s transition to FirstBank Nigeria in 2017 was timely, aligning with the new regulatory requirements. His extensive experience in different facets of cybersecurity, coupled with an engineering background, made him an ideal candidate for the CISO position.
Do you believe your engineering background gives you an edge in your role as a CISO?
Harrison believes that having a technical foundation is beneficial in understanding and addressing cybersecurity challenges.
“While it is possible to excel as a CISO without an engineering background, the technical knowledge aids in comprehending vulnerabilities and testing architectures more effectively,” said Nnaji.
Harrison’s journey to the top echelons of cybersecurity is a testament to the dynamic nature of this field. His expertise and insights are not only shaping FirstBank Nigeria’s security strategies but also contributing significantly to broader industry dialogues.
As a CISO, what do you consider the key skill sets necessary for success in this role?
Harrison emphasised the importance of a balanced skill set for a CISO, blending technical acumen with business savvy.
“The role of a CISO is not just about managing cybersecurity risks; it is about aligning with the strategic objectives of the organiaation,” he said.
This requires a CISO to be business-minded, understanding the organisation’s goals and how cybersecurity can support and enhance these objectives.
He also stressed the significance of people skills, which are crucial in managing relationships, leading teams, and navigating conflicts.
“It is about understanding the people you work with, whether they are morning or night people, and how to engage them effectively,” said Harrison.
This people-centric approach is vital in a role that often involves communicating complex technical issues to non-technical stakeholders.
However, Harrison does not downplay the importance of technical skills.
“At the end of the day, technology plays a key role in achieving business objectives,” he points out. A CISO must be able to translate business strategies into technological implementations that are secure and efficient.
Looking to the future, what do you see as an essential trait for CISOs?
“Soundness of mind,” Nnaji asserted. This will become increasingly critical.
In a field marked by constant change and challenge, the ability to remain composed and make clear, strategic decisions amidst chaos is invaluable.
“A CISO must navigate conflicting factors while ensuring the organisation stays protected and on course with its goals,” he aadded.
His perspective paints a picture of the CISO role as one requiring a unique blend of technical expertise, business understanding, and strong leadership qualities, all grounded in a stable and clear-minded approach.
When selecting cybersecurity solutions for FirstBank Nigeria, what are the key factors you consider?
Harrison delved into the strategic approach he employs in choosing cybersecurity solutions.
He developed an adoption model that prioritises a deep understanding of the specific problem and its context.
“Every solution has its merits, but the challenge lies in its application,” he said. The key is to tailor the solution to the unique environmental realities of the organisation.
He noted the importance of understanding not just the problem, but also the operating environment.
Harrison questioned: “For example, does the solution require 5G, but we operate on 3G? Do we have a diverse system ecosystem?”
These questions are crucial in determining the right fit.
He also highlighted the role of independent assessments from organisations like Gartner and Forrester.
“These provide a framework to evaluate the potential solutions,” he explained. Harrison then conducts an internal evaluation against a checklist of requirements to narrow down the options.
Engaging with vendors for proof of concept is another critical step.
“It is about testing how a solution performs in our unique environment,” he noted.
Beyond technical capability, Harrison considers factors like regional support, customer service models, and the vendor’s organisational focus and stability.
“Integration capability with existing systems and previous team experience with the solution are also essential considerations,” added Nnaji.
This comprehensive approach has resulted in a high success rate in adopting effective cybersecurity solutions at Fesbank.
With reports indicating high levels of burnout among cybersecurity professionals, how do you manage to maintain a sound mind and lead your team effectively?
Harrison brings a wealth of educational and professional experience to this issue, including four Master’s degrees in diverse fields and a Ph.D. in leadership and organisational strategy.
His approach to maintaining a sound mind revolves around empathetic people management and understanding the separation between the person and their work.
“Delegation, understanding accountabilities, and recognising individual pace within a team are crucial,” he explained.
He emphasised the importance of team bonding and creating harmony by acknowledging the unique backgrounds and training of each team member.
For Harrison, managing his team effectively involves giving them the space to mature at their pace, facilitating where necessary, and bringing in experts to speak on various aspects like financial management, health, and career growth. This holistic approach helps balance the team and manage the workload efficiently.
He also highlighted the significance of focusing on strategic matters, engaging in relationship management, and developing his mind.
“Understanding emerging technologies, risks, and effective communication are key to bridging the gap between the management, board, and the team,” he said.
What are you looking forward to sharing at Cloud & Cyber Security Expo?
Harrison is excited to share his insights on the future of cybersecurity at Cloud & Cyber Security Expo.
“I will be discussing what cybersecurity might look like in the next three to five years, based on current research and knowledge,” he shared.
Harrison is particularly interested in the concept of ‘skills for access’ and how internal and offline interactions are increasingly critical in cybersecurity.
His session aims to provide attendees with a glimpse into the future, helping them understand upcoming challenges and prepare accordingly.
“It is about enabling attendees to mentally travel to the future and then work backward to ensure they are at the right pace to defend themselves effectively,” added Nnaji.
His comprehensive approach to leadership in cybersecurity offers invaluable insights into managing a successful team while maintaining personal well-being. Harrison’s forward-thinking perspective is a guiding light for professionals navigating the complex and ever-changing world of cybersecurity.
Don’t miss the opportunity to hear more from Harrison Nnaji at the Cloud & Cyber Security Expo, where he will delve deeper into the future of cybersecurity and the skills necessary to navigate it.