Celebrating Cybersecurity Awareness Month with Skillsoft's CISO Okey Obudulu
During Cybersecurity Awareness Month this October, I had the pleasure of sitting down with Okey Obudulu, Skillsoft's Chief Information Security Officer (CISO), to learn about his unique approach to cybersecurity.
Okey's career journey spans a range of environments, each adding to his expertise. He spent some time in law enforcement as a criminal digital forensic investigator, handling highly sensitive information. Later, as VP of Cybersecurity at Goldman Sachs, he implemented best practices within a heavily regulated financial sector. Seeking new challenges, he moved on to lead and build cybersecurity programs from the ground up at start-ups like Justworks and Codecademy.
These varied experiences equip Okey with a distinctive perspective on designing and sustaining effective cybersecurity strategies. In this interview, he discusses the CISO role, the obstacles he faces, and the pivotal role of cybersecurity in today’s digital landscape.
For more insight from Okey, check out this on-demand webinar he participated in this month to delve into insights from Skillsoft’s 2024 Cybersecurity Awareness Report. The webinar highlights the most impactful courses and certifications shaping the industry in 2024, from cloud security fundamentals to ethical hacking.
The Role of a CISO
Following Skillsoft's acquisition of Codecademy in 2022, Okey transitioned from leading cybersecurity at Codecademy to overseeing Skillsoft’s cybersecurity efforts, marking a significant evolution in his role.
Strategic leadership is essential for defining the vision and guiding the execution of a cybersecurity program. “Our team benefits from strong, hands-on guidance across key domains to drive program success and resilience,” Okey explained.
Cybersecurity is a dynamic field, constantly presenting new challenges. It's essential to quickly understand emerging issues and determine their impact on our organization. “On some days, this means swiftly addressing new threats,” said Okey. “On others, it involves making informed decisions about the controls we are implementing or already have in place.”
Adaptability is key to navigating these changes and maintaining a robust security posture.
Getting hands-on and engaging with the work is vital. Maintaining a certain level of depth across all security domains helps Okey stay attuned to key priorities and support team members whose roles cover those areas. This approach enables the organization to establish a comprehensive program that provides the right level of protection for the company.
“Collaboration with legal, privacy, and compliance teams is a significant aspect of our work,” said Okey. “Meeting regulatory, compliance, and contractual requirements is non-negotiable. Additionally, managing vendor risk is a dual responsibility—we must scrutinize our vendors while also ensuring we protect our customers as vendors ourselves.”
For Okey, the best part of his job is the constant challenge. “You can never get bored!” he exclaims. This enthusiasm and dedication are evident in the way he approaches his work and leads his team.
Subscribe to the Skillsoft Blog
We will email when we make a new post in your interest area.
Vendor Risk and Customer Obligation
For any cybersecurity professional, managing vendor risk is a dual responsibility.
CISOs must scrutinize every vendor their organization works with to ensure they are protecting our confidential information. At the same time, they need to protect customers as vendors, themselves.
Okey believes that every business, including Skillsoft, has three cybersecurity obligations to its customers:
- Don’t collect information you shouldn’t be collecting. “If you are not going to use the information you’re collecting from your customers for a specific purpose, you don’t need to collect it,” said Okey.
- What you collect, you are responsible for protecting. “We see this pop up in the news when a company has been breached and a customer’s information is now in the ether,” Okey explained. “All information should be used for a clear purpose. That limits the potential for it to fall into the wrong hands.”
- Limit the potential for a breach. Okey believes that customers and vendors need to be partners. “Customers bring a vendor on because they have a business problem to solve,” he explains. “To be successful, the vendor must help the customer solve that problem.” However, vendors need to proactively manage security to reduce the risk of breaches, helping customers achieve their goals.
Skillsoft is committed to keeping customers’ information safe, remaining compliant with security and privacy requirements, and mitigating the risk of a security breach.
Mitigating the Risk of a Cybersecurity Breach
According to Okey, a well-rounded cybersecurity program encompasses three critical aspects, which can help to mitigate the risk of a cybersecurity breach:
- Protect Assets: The primary goal of cybersecurity is to safeguard an organization's valuable assets, including data, intellectual property, and infrastructure. This can prevent unauthorized access, data breaches, and other cyber threats that could lead to financial loss, reputational damage, and operational disruptions.
- Meet Regulatory Requirements: Compliance with regulatory requirements is essential to avoid legal penalties and maintain the trust of customers, partners, and stakeholders. Regulations such as GDPR, CCPA and others mandate specific security practices and measures to protect sensitive information. Adhering to these regulations ensures that the organization operates within the legal framework and demonstrates a commitment to data protection and privacy.
- Enable the Business: A robust cybersecurity program not only protects the organization but also supports its growth and success. Your security program can enable the business in a variety of ways, including regular security audits, sales enablement, showcasing your commitment to security and privacy, and building and maintaining trust with customers and prospects.
By focusing on these elements, CISOs can build a resilient cybersecurity program that not only safeguards the organization but also fosters its growth and enhances its reputation.
Tips for Improving Cybersecurity in Your Organization
Here are some eye-opening statistics on cybersecurity threats:
- Cybercrime costs are expected to grow by 15% per year over the next five years, reaching $10.5 trillion annually by 2025.
- In 2023, there were 2,365 cyberattacks, affecting over 343 million victims.
- The average cost of a data breach in 2024 is $4.88 million.
With these in mind, and as we wrap up our conversation, Okey shares some final thoughts on what CISOs should be thinking about every day. “Unfortunately, regardless of how much focus and investment goes into cybersecurity, there are no guarantees.”
But here are some practical tips to improve your organization’s cybersecurity outlook:
- Regularly Update Software and Systems: Ensure that all software and systems are up-to-date with the latest security patches. This helps protect against known vulnerabilities.
- Implement Strong Password Policies: Encourage the use of strong, unique passwords and consider implementing multi-factor authentication (MFA) to add an extra layer of security.
- Educate Employees: Conduct regular training sessions to educate employees about cybersecurity best practices, such as recognizing phishing emails and avoiding suspicious links.
- Back Up Data: Regularly back up important data and ensure that backups are stored securely. This can help mitigate the impact of ransomware attacks.
- Monitor Network Activity: Implement tools to monitor network activity and detect any unusual behavior that could indicate a security breach.
- Develop an Incident Response Plan: Have a clear incident response plan in place so that your organization can quickly and effectively respond to any security incidents.
By following these tips and staying vigilant, organizations can better protect themselves against the ever-evolving landscape of cybersecurity threats.
Curious about what types of cybersecurity training learners are pursuing in 2024?