Words by- Josephine Agbonkhese

A distinguished independent cyber-security consultant whose expertise and leadership have made significant impacts across critical sectors, Debola Israel-Bolarinwa, Principal Consultant, Strategic Resource & Information Limited, isn’t your regular kind of woman.

Her extensive experience spans leading enterprise-level security projects, managing cyber risk, and ensuring robust third-party supplier due diligence, compliance, and assurance.

This quiet enigma, who turns 57 this July, has played a pivotal role in the United Kingdom, contributing to government think-tanks and steering groups to strengthen the cyber-security posture of critical national infrastructure and energy organisations, while driving innovative approaches to third-party cyber supplier assurance.

With an impressive array of qualifications—including a BSc in Applied Chemistry from Coventry University, UK, bagged in 1989; an MBA from the University of Nottingham bagged in 1991, as well as IT certifications such as CISSP, CISM, CISA, CRISC, CGEIT, Prince2, and CSM (Scrum)—Debola brings a wealth of knowledge and a dynamic, results-driven approach to her work.

In this interview with Allure in Lagos, she speaks of her work in the ever-evolving field of cyber-security, goals, relieves childhood memories of her late father Alhaji Kafaru Oluwole Tinubu, and much more.

What endeared you to cyber-security?

Honestly, it’s the fact that we need to pay keen attention to cyber. I did foresee all the things happening now with Artificial Intelligence, A and all, just as a few other people would have seen those things.

You delved into this field seven years ago. What background prepared you for it?

My background generally is in management consultancy, organisational development and performance enhancement. From there, I moved on to manage projects and programmes. Gradually, that led me into Information Technology.
Generally, a good project manager should be able to project-manage in any field. As a management consultant, I worked in various settings and organisations. My job also required me to replicate interventions in these organisations’ various offices globally because I tended to work with mainly big organisations and national government in the UK where I’m based. That means, a lot of times when I have to put out interventions, I’m doing so also in their various offices maybe in Geneva, London or anywhere else in the world. I actually managed multi-sites projects, and that was really good for me in terms of the experience. Moving on from there, in my bid to know a little about everything, I gradually moved into IT as mentioned earlier. But I ventured officially into cyber-security seven years ago.

At a point, I moved with my husband and children to Nigeria just to help my children know more about home. We spent nine years here before returning again to the UK. In those nine years, I ran a management consultancy and organisational development firm here. I also partnered organisations and government bodies, as well as consulted for state governments during that period.

Tell us your experience working in the UK as a cyber-security expert, especially with your work with the UK government national think-tank?

With cyber-security, what you tend to find is that people embrace it in a very academic way. So, if I meet the Managing Director of a company, you hear him ask things like: What do we need to do for cyber-security and how much is it going to cost us? The difficulty with cyber-security is practicalising it. Cyber-security is supposed to be part of the fabric of an organisation, the same way we breathe to survive. Cyber-security, in today’s world, isn’t something you attach. It has to be part of the fabric of every organisation. For the national think tank, the focus was on Third Party Supplier Cyber-security Management.

How critical is such discourse to managing cyber-security systems?

The truth is, right now, a lot of security breaches come through Third Party Suppliers because cybercriminals will not come through your company since they know that you’re secure. But they will come in through someone who has got access to your company. These are organisations we usually have to give usernames and passwords for access to our systems to do the work they have to do; such as when they have to take your organisation into the cloud. So, these fraudulent people will hack their systems, get your passwords through them, and get into your system. So, majority of breaches come from Third Party Suppliers.
Just like insurance, every organisation and government’s cyber defense has to be topnotch. We need to take things seriously because there’s a lot of cyber espionage going on around the world. So, it’s important that people, organisations and nations are aware of these things and begin to take steps to protect their systems. When planning your organisation or whatever plans you’re carrying out, cyber should be given priority. Otherwise, so much will be at risk.

How does it feel to be a woman in that space?

Wherever I go, I tend to focus on my work. I try not to get distracted by anything or gender, and this is how I have raised my children as well; wherever you go, don’t play the black card or the women card. Do your thing and do it well, and you will be recognised for your work and impact.
What you find with men is usually the mindset that a lady (a pretty face so to speak) has joined them. They usually don’t expect you to make real impact until you begin to disrupt the status quo. The biggest challenges I have had in the course of my work, however, have been through women.

How can organisations protect themselves from Third Party cyber-security breach?

When planning your organisation, in the same way you plan HR, Accounts and all, you should plan cyber. You don’t leave things to chance. More organisations should be cyber aware. CEOs need to be fully aware and be well-grounded on how to take the right steps.

One of the problems we have is that we lack a maintenance culture. So, we just carry on with what we met on ground when we go into any space. Then also, we are not good at applying. We go to school, get the certificates but do not know how to apply. It’s a win-win situation if we get cyber right from the start.

So, what’s your call to national and organisational leaders?
You need not only be aware but should understand how to take ownership of your cyberspace. It needs to be part of your regular strategy report. You have strategy reports on finance, HR and other things but do not report on cyber; but we all know how cyber, like AI, is affecting everybody right now.

What was growing up like and where did you grow up?

I’m a Lagosian; I grew up in Lagos. I had a mother who, like me, was like the mother hen. So, I was very well looked after and very shielded as a child. I grew up a very practical, non-materialistic person. Now, as an adult, I still do spend a lot of time at home; I don’t do parties. When I got to the UK as a secondary school student, I was in boarding house. So, things didn’t really change. Exposure really came when I got into the university.

So, who would you credit for shaping your life?

On a natural level, I would say my mother, grandmother and my father. My father, Alhaji Kafaru Oluwole Tinubu, was my friend and hero, and we had a great relationship. He’s been gone for 21 years but I still miss talking to him. He was a lawyer and policeman. He was Commissioner of Police in Lagos State.

How would you describe your personality?

I’ve also always been my own person. I’ve never really followed trends. Whether in the way I dress, think or whatever. I’ve also always been someone who kind of reverse engineer. I think end to beginning. I ask myself what I want to achieve in the end, and then I figure out how to get there before beginning anything.

Any high point?
My children.
What will you tell parents struggling with raising children in this internet age…

Parents must strive to understand what is going on and decide whether they need to be part of it or not. But what we notice about a lot of parents is that they just follow trends without trying to understand them. You can set up parental guidance on your children’s devices but that’s if you as a parent understand it. I don’t subscribe to children having phones at a young age. Even if they have to, it doesn’t have to be a smart phone. Most parents don’t even really understand the devices they give to their children. They just give to them because other parents are doing so.

You come across as a bookworm. What book are you reading now?

Right now, I am writing a book. But I fear that it may not be ready until the end of the year. In terms of books I’m reading right now, they’re actually text books on cyber-security because I’m currently sitting for some examination.

How are you giving back?

I live a life of service because I always love to serve society. On a personal level, I have adopted children. I pay school fees at all levels, look after families and cater to vulnerable pregnant women as much as I can.

How do you relax?

I love to relax with my family. I also love to travel. I love to do puzzles too.

How would you describe your style?

My style is classic, simple and personal. I don’t follow trends. I don’t go buying something because it’s what people are wearing. I like to look good but I don’t like to dress like a masquerade. In fact, the less I look like other people, the more I feel comfortable.

Whose style would you like to steal?

I think the people I would say I admire are probably old and maybe dead. Like I said, my style is very classic. Okay, let me use design house. In terms of design house, I love Chanel a lot and that’s because its designs are just simple and classic. They’re not loud. For me, I judge a designer based on the finishing and structure. You cut me a dress and it’s sharp and classy! That’s what endears me.