‘Major data breaches are far too common, with human error often being a cause’

7 Apr 2020

Oz Alashe. Image: CybSafe

CybSafe’s Oz Alashe discusses his move from the military to cybersecurity, and the importance of security awareness in organisations.

Oz Alashe is the CEO and founder of UK cybersecurity company CybSafe, which is based in London.

A former UK Special Forces lieutenant colonel, Alashe is now focused on helping organisations effectively address the human aspect of cybersecurity. He and his team have developed a software platform that leverages data analytics to measure and improve cybersecurity awareness, behaviour and culture.

‘During my time in the UK Special Forces, I saw how human warfare had largely evolved from the physical space to the online space’

Describe your role and what you do.

I have the immense privilege of leading the team here at CybSafe. I’m responsible for the concept, vision and managing the day-to-day operations of the company.

The role is strategic and involves making ‘big decisions’. But, at this stage in the company’s story, it’s equally important for me to roll my sleeves up and get stuck in. I like to get involved in as many different areas of the business as I can – whether it’s sales, development, marketing or something else. Because I can see more of the details, I can better identify needs and put the pieces of the puzzle together and see the bigger picture. This gives me the chance to create a really strong strategy.

Ultimately, my responsibility is to grow and develop CybSafe: the team, company and the product. We want to empower everyone to make the best possible cybersecurity decisions.

How do you prioritise and organise your working life?

My diary varies quite dramatically from day to day, as you can imagine! I always have a packed schedule and it’s critical to be thoroughly organised in the way I approach my work. My priorities are always the team and our customers.

What are the biggest challenges facing your sector and how are you tackling them?

CybSafe is in an emerging industry within the wider cybersecurity sector, so it’s especially important for us to keep our finger on the pulse of sector trends and changing customer needs, and continue to innovate and improve our product.

What are the key sector opportunities you’re capitalising on?

Cybercriminals are far more likely to target people within an organisation than attempt to access a network through a technological vulnerability. On the whole, most organisations know this. Large and small businesses all over the world voluntarily invest in security awareness training in an effort to prevent data breaches.

The problem is – many don’t see any benefit from these programmes. Major data breaches are still far too common, with human error often being either a cause or catalyst in the majority of cases.

At CybSafe, we’re addressing the underlying issues that have led to this situation. Our platform measures what people know about security, individual security habits, people’s attitudes towards security, and overall cyber risk.

Through a combination of AI-machine learning, intelligent phishing simulation and security behaviour interventions developed in collaboration with psychologists, CybSafe helps organisations enhance security awareness and security behaviours, and helps to build a culture of security.

What set you on the road to where you are now?

During my time in the UK Special Forces, I saw how organised criminal groups exploited the online world to fund larger criminal activity such as terrorism, and how human warfare in general had largely evolved from the physical space to the online space. A new electronic battlefield had clearly emerged, and everyone from nation states to individual business were on the front line of attack.

After leaving public service, during my time at a boutique counter-threat firm, I was struck by the discrepancy between online security threats and how organisations were reacting to them. I saw that most data breaches were caused by social engineering or human error, but noticed that few organisations, if any, had any real way of genuinely addressing this human aspect of cybersecurity.

Human cyber strategies simply weren’t effective. The approaches I saw lacked an understanding of how to foster behaviour change. There was no measurement of what and where the impact was. And there was no understanding of the need to develop a cybersecurity culture.

I became determined to change all this – and that’s really where the story of CybSafe all began. We finalised the central idea for CybSafe in 2015, and launched officially in the summer of 2017.

What was your biggest mistake and what did you learn from it?

For me, failing to achieve something is only detrimental if we don’t learn something from it. I’ve made mistakes – I’m only human – but every mistake has ultimately driven me forward on a personal and professional level. As an entrepreneur and CEO, I think it is vital to embrace every failure as an opportunity to improve. This also sets a great example to your team.

How do you get the best out of your team?

It’s about being authentic in the way I work; it’s about being open to different ideas; it’s about really valuing and understanding the work that the team does; it’s about ensuring that each and every member of that team are valued; it’s about listening and communicating effectively; and it’s about ensuring that each member of the team can find meaning in the work they do.

Have you noticed a diversity problem in your sector?

Unfortunately, the cybersecurity industry remains a male-dominated space – but progress is being made. At CybSafe, for example, we’ve been involved in the Cyber School Hub initiative, which fosters collaboration between schools, the National Cyber Security Centre and companies like us to encourage young women to engage with computer science and cybersecurity principles.

But diversity and inclusivity is about more than just gender. And so our industry has much more to do to attract and support people of different backgrounds, races, experiences and perspectives.

Did you ever have a mentor or someone who was pivotal in your career?

My mother has always been pivotal in my career. Growing up, I was fortunate to be surrounded by an incredibly loving family who encouraged me to challenge myself. It was because of their support that I was able to pursue the military and public service career that I did. My life experiences gave me the confidence to launch my own business, and I will always be grateful to my family for their support.

What books have you read that you would recommend?

The books that really helped me in my journey to becoming an entrepreneur were Ben Horowitz’s The Hard Thing about Hard Things, Eric Ries’ The Lean Startup, and James Kerr’s Legacy.

While these books gave me the motivation and guidance to launch a successful start-up, I also took inspiration from Simon Sinek’s Start With Why, Horowitz’s What You Do is Who You Are, and Matthew Syed’s Bounce: The Myth of Talent and the Power of Practice when building a company culture.

What are the essential tools and resources that get you through the working week?

We’re big users of Google apps and G-Suite. These tools allow us to work effectively as an organisation, and add an extra level of security that can be constantly updated and assessed. We’re also strong believers in practising what you preach, so try not to have stray docs or slide decks saved under miscellaneous folders.

Another great tool we use is Slack. It’s a convenient way to collaborate over projects and to organise ourselves according to different topics and business functions.

Want stories like this and more direct to your inbox? Sign up for Tech Trends, Silicon Republic’s weekly digest of need-to-know tech news.