Meet the ex-Para making our online behaviour secure

Oz Alashe is a former soldier who now runs CybSafe, a company with a cloud platform for improving secure behaviour

If the current skirmishes in cybersecurity are frequently referred to as a war, battle or other some other military term then Oz Alashe, the CEO and co-founder of cloud security startup company CybSafe, has a suitable past.

Alashe was a ‘Para’, part of the British Army’s crack Parachute Regiment that support UK’s Special Forces, and he served in Afghanistan, Northern Ireland, Sierra Leone and other trouble spots. He rose to become a Lieutenant Colonel and was honoured for his bravery by being made a Member of the British Empire (MBE).

Later he became a security expert with Torchlight Group, where he specialised in helping firms understand the dangers of threats that target weaknesses in human behaviour. That’s a timely knowledge to possess as social engineering, spoofing, phishing and other techniques are used to trick or fool people into behaving in dangerous ways: clicking on URLs, downloading materials or providing sensitive information in good faith.

CybSafe provides a cloud training platform that employs various forms of content with data analytics for users to recognise and change their dangerous behaviours. It’s already certified by GCHQ, the UK’s intelligence and security group that is the equivalent of the US’s NSA.

This is an interesting and differentiated approach. Most security firms today still focus on tools and defences that either anticipate and block security issues or clear up after the inevitable mess. Much lip service is applied to the human factor, far less done about it.

Alashe learned about digital security on the job in the Army but says he never hankered after getting involved in the security business.

“If I’m honest I wasn’t thinking about it - when you’re serving you’re wholly immersed in it,” he says. But the notion of a platform that engages users, studies their behaviour and suggests risks and improvements came to him a couple of years ago and since then CybSafe has been collecting early customers and valuable certification logos.

Alashe says that while there are obviously lessons to be learned from military life, it’s too corny to say that CybSafe is about making firms have military-class security.

“It’s less about military-grade and more about national security-grade and how it can be applied,” he says. Applying a human-centric approach is crucial because “if security doesn’t work for people, it doesn’t work at all”.

Too often, Alashe says, companies undertake cybersecurity training on a token corporate governance requirement basis that doesn’t get users engaged or enthused. He sees CybSafe’s mission as being to “put an end to tick-box security training” that’s widespread today, with a platform that is enhanced by the involvement of educationalists and behavioural psychologists as well as techies.

CybSafe zeroes in on “information you shouldn’t share, and scams”. The company will simulate attacks to check changes in behaviour, use phishing emails, SMS test messages, social engineering and more to see what people do when they receive lures or are under pressure.

Having been at the sharp end of security, Alashe sees the trade-offs that must be made in privacy versus security, saying that while data privacy and protection is hugely important we have to be “careful what we wish for”.

But what’s most important is to focus on everyday useful critical information and encourage people “to learn and not be afraid to learn”. If CybSafe helps to create an environment where people think and act smarter, it will be a case of mission accomplished.


Also read:
Infosec must learn prep lessons from military