A recent survey from the Ponemon Institue and Opus found that CISOs see the ‘human factor’ as the biggest threat to security today. Many businesses train their staff, but too few comprehensively interrogate human psychology. Why do we keep using passwords that we know are easy to guess? Why do we open emails from senders we don’t recognise even though we know we shouldn’t? Most importantly, what does it take to change our behaviour online?
These are questions that Oz Alashe MBE places at the heart of CybSafe, a company he founded in 2015 but properly launched in 2017 to help businesses with an area of cyber security that he felt had been overlooked by an industry focused on technical solutions and tools.
“There is a misconception that humans are the weak link when it comes to cyber security, but we must remember that technology is designed by and used by humans,” Oz explains. “The idea that people are the afterthought in this is just counter-intuitive.”
He is not alone in this interest in addressing the human element in risk and resilience, as was proven by the interest in his inaugural PeepSec online summit. Taking its name from the many ‘sec’ (or security) events that dot the calendar, this summit focused on people, drawing on the wisdom of prominent cyber risk experts to explore the wider landscape of security behaviours.
“There are a lot of people interested in the human, cultural and social aspects of cyber security, so we wanted to foster the community and try to move the needle on how this issue is regarded in the UK,” explains Oz. Organising the online event led him to Cath Goulding, Nominet’s Head of Cyber Security, who filmed a talk for the summit.
“She is a consummate information security professional,” Oz commends. “Many in her position are interested in the human element but haven’t yet had the opportunity to delve into it further. And Nominet is an interesting company – I’m keen to hear more about how they are adapting to keep pace with industry changes. I love to get involved with the people who are doing something positive in this space.”
Making a positive impact is something that Oz sees as crucial to his life, instilled in him by his “extraordinary”, driven mother and cemented by a career in the military that lasted 14 years longer than he anticipated. After joining up because it “seemed more fun than a job in the City”, he rose through the ranks to Lieutenant Colonel and spent the majority of his service in UK Special Forces, engaging with the threats – many of them digital – to critical national security.
“People often forget that the military is about service, whether that’s service to the people you stand next to or the nation. It’s so important that people think beyond themselves. That’s why so many people leave the military and go into another form of service – for me, it was cyber security.”
CybSafe has grown quickly as interest in his idea spread. Oz started with a staff of three, ballooning to 20 in a single year and with many more on their way to join the team. It seems companies are recognising that they fail to hit the mark with cyber resilience and are alarmed by the statistics that show how influential human behaviours are on cyber security.
“Compliance training is often not very good,” says Oz. “Companies need to provide the right information and right stimuli, and then measure the right things. How much do people know, how do they behave, how do they learn, and how confident are they? Then, how does that apply to the organisation and risks?”
He believes that changing behaviours in a way that works for the human psychology is core to improving cyber resilience of companies today, but he also urges caution and the setting of realistic goals. “There is no such thing as perfection; only excellence,” he stresses.
This is a mindset that underpins everything Oz does. ‘Driven’ is a word he happily applies to himself, as is ‘restless’. He runs a fast-growing business from Canary Wharf, often returning home late to his wife and two children. His hobbies are high-octane – snowboarding, parachuting and motorbiking – but time for life beyond work is limited. “I don’t really switch off to be honest! I have a very understanding family.”
Humility and a willingness to learn shine out of Oz despite expectations of a man with an MBE for personal leadership in the most complex and sensitive of conflict environments. This is a man who serves, who does the right thing, and recognises the strength, resilience and importance of the human spirit no matter whether the battlefield is physical or digital. “Leadership is about service,” he stresses, “too many managers forget that.”
Satisfaction is an elusive idea for a man who sees his life as duty, but pleasure is to be found along the way. “I enjoy the challenge of growing a business that is making a difference in the world every day,” concludes Oz. “I was a public servant in the military, and now I’m just a different type of public servant. I can help a lot of people, and I don’t want to get to the end of my professional career and realise I have missed an opportunity to do that.”
Read more about Nominet’s Cyber Security Services here.