Cyber Management Alliance's Amar Singh, himself a global CISO, had the pleasure recently to talk to Taiye Lambo, former CISO for Atlanta, about his early career in IT, moving from Nigeria to London, and then onto Atlanta, and the way he has crossed over from full time positions to an entrepreneur, and back again. Taiye also gave us his views on certifications, why knowledge is important and his love of mentorship.
Taiye has been involved in IT for approximately 30 years. His biggest inspiration was his father who was forced by circumstance to become head of the household at the tender age of 10 years; but he rose to become a highly respected professor. He was not academically inclined as a young child but would rather break things to put them back together again; but the patience of his parents won out and Taiye did his degree in Electrical Engineering in Nigeria, before moving to England at the age of 21 years where he completed his Masters in Business Information Systems.
His first job was as an IT Manager for a mailing house and this role became the foundation for his future career. A few years from there and Taiye found himself in information security at a time when few people knew what it really meant. Living in London exposed him to a range of consulting projects for top companies and government agencies. Taiye then went on to start his own cyber security organisation – Cyber Cops Europe – which took part in ethical hacking. However this wasn’t enough; he felt that he wasn’t maximising his opportunities so he, and his young family, decided to move to Atlanta.
The move to Atlanta was principally for two reasons; at the time, Atlanta was the mecca for black professionals, which was a big plus, and secondly, the weather was far better than in London! So, they packed up their many bags and with a second mortgage, and crossed the water. Within a few months, Taiye found that he was working with the state on projects that were based around the ISO standard, the British ISO standard and one of my skills set, and he also founded a training programme, training many practitioners in the industry.
Taiye’s most recent role was working for the city of Atlanta as their first CISO, responsible for forty departments from the worlds’ busiest airport to the Atlanta police department and their watershed services. Starting out with a team of just two people, by the time he left there were eight to nine people o the team and a budget is in place. For me, the role was my chance to give back to Atlanta because this is truly the land of opportunities. Having started in security companies and worked with the big names of the industry, and discovered that it is a very good place for security talent, as well as for the minority.
More than anything, Taiye recommends finding yourself a mentor, someone to talk to who is going to guide you, challenge you, inspire you. When Taiye started out in IT he didn’t have any mentors; he considered himself to be a trail blazer, but he was often the token minority. But Taiye also says that’s it’s important that ethnic minorities people must put themselves forward as mentors. And it is also important to encourage women into the cyber security industry; they are highly under-represented in this industry.
“I tell them to pave the way forward, help them find a way forward and push the message that you can do it…”
What are your absolute must have’s for a role in cyber security?
Taiye has several critera – they have to be teachable, they have to be hungry, they have to be open and, importantly, they have to have a critical mind set. Information security and cyber security requires you to think about the bad actors; you have to learn to think the way they think. In his first job, Taiye had to hack into a firewall for a customer; so, it was ethical hacking for Taiye, he had to think like a criminal in order to do the job.
“Although I wasn’t commting a crime, the customer was paying and it was a legitimate project and I had my get out of jail free card, I still had to think like a criminal…”
Although Taiye has many certifications, and he believes it’s what got him the jobs in the early days because it’s a good differentiator, he says that certifications without the experience, the knowledge, are not worth it for him as a CIO.
“It’s ok if you don’t have the experience as long as you have the knowledge; you can learn the experience. But having certifications for the sake of it just isn’t worth it to me as a CIO.”
Taiye focuses more on a person’s knowledge; what level is their knowledge, their unique perspective, that they can bring to the table? So, he’d like to see more knowledge-based certifications rather than the ones that just teach you how to pass an exam. He believes certifications need to take a different approach, an approach that changes the mindset, a more risk-based approach, a business approach to information security rather than a technical approach.
“In all honesty, we’re losing the battle but I think we can catch up. What to me is commonsense isn’t commonly practiced.”
Taking a more people process approach is a start, says Taiye, who goes on to explain that many of the recent major breaches have occurred due to a weakness in the people chain; the human firewall was exploited. It’s the same thing over and over again’ sophisticated attacks often started with a phishing email.
View our exclusive Insights With Cyber Leaders interview with Taiye Lambo, former CISO for Atlanta, here.
For more information on Cyber Management Alliance, their GCHQ Certified CIPR training and other courses, webinars, Wisdom of Crowds live and virtual events, and their Insights with Cyber Leaders series of executive interviews, contact us today.