While some leaders build walls of defence and set territorial boundaries, others create systems that are fluid, intelligent, and deeply intuitive, not only to defend but also to adapt, anticipate, collaborate, co-create, and evolve. Thus, the most effective cybersecurity approaches in the modern threat environment are not those that require spotlight, but the practitioners that operate behind the scenes to build resilient organisations that endure during challenging times. Strategic security practices are not reactive, but intelligent, proactive, and architecturally embedded. It is about integrating the cyber defence vision into the organisational DNA, powering the digital ecosystem, operational imperatives, and digital transformation.

This is the philosophy that defines Dr. Harrison Nnaji. His cross-sector experience, spanning circa 20 years and encompassing fields such as banking, telecoms, OEMs, and multifaceted integration settings, makes him one of the most visionary information security leaders on the continent. Possessing an academic arsenal comprising four (4) master’s degrees, a Ph.D. in Management, Leadership, and Organisational Strategy, a second Ph.D. in Offensive Engineering, and a background in Electrical and Electronics Engineering, Dr. Nnaji combines technical expertise with the vision and wherewithal of an executive.

His contribution is precise, clear and has a long-range impact, whether it is in defending the digital ecosystem of several enterprise-grade organisations, supporting the breeding and grooming of the cybersecurity experts of the future, or in working with national and regional stakeholders to shape policies and frameworks. With his global thought leadership, industry acumen, and diplomacy, Dr. Nnaji is not simply securing the data, but rather building the future of cybersecurity practices in Africa in a purpose-driven and undeniable fashion.

Elevating FirstBank’s Digital Security and Operational Efficiency

The core mission of FirstBank’s cybersecurity program is to consistently and continuously secure and protect the Bank’s digital infrastructure, customer trust, operational integrity, and the digital transformation aspirations of the Bank, while maximally supporting and promoting operational efficiencies. This mission is currently guided by a knitted and evolving cybersecurity strategic cycle and evolutionary practices. Harrison mentions, “The strategic vision is to continue to evolutionarily elevate and sustainably improve FirstBank’s cybersecurity maturity to support its ambition of becoming one of Africa’s top 10 banks and Nigeria’s most profitable, enduring, and economically impactful financial institution.”

Strategic Integration and Autonomous Defence at FirstBank

Resilience and agility, under Harrison’s leadership, are realised through the strategic integration of technology, people, and processes into the depth and breadth of organisational practices and imperatives, including the implementation of AI-powered threat detection, cloud and infrastructure security, and autonomous security operations. These advanced capabilities facilitate rapid threat detection, containment, and response, while ensuring the continuity and reliability of banking services. A risk-based methodology, aligned with NIST, ISO27001, and applicable regulatory standards, has enabled the Bank to uphold and advance its cyber-defence objectives through the evolving strategic cycle, reflecting the maturity and strength of its cybersecurity posture and long-term vision.

Security as a Shared Responsibility

Executive leadership, under Harrison’s guidance, plays a pivotal role in embedding a security-first culture. As CISO, he collaborates closely with strategic business units, support functions, the Executive Management team, and the Board to ensure cybersecurity is seamlessly integrated into both the business strategy and operational imperatives. He states, “This top-down and bottom-up commitment has fostered a cyber-aware workforce and a collaborative environment where security is everyone’s responsibility, from frontline staff, through executive management, to Board members.”

Protecting Digital Progress

Under Harrison’s leadership, cybersecurity strategies are closely aligned with FirstBank’s digital transformation agenda, business objectives, and operational priorities. “Each cybersecurity strategic cycle reinforces secure digital channels, improves operational maturity, and advances the adaptability and embedment of emerging technologies, ensuring that innovation remains aligned with business, security, and compliance expectations,” highlights Harrison. This strategic alignment enables the Bank to deliver cutting-edge financial services while maintaining adaptable security, regulatory compliance, and effective protection against cyber threats and digital fraud.

Advancing Customer Trust

Riding on the strategic directions of the Bank, Harrison has led the advancement into a realm where customers can be further protected by the Bank, even when they knowingly or unknowingly compromise their digital transaction credentials. He asserts, “We are also adopting and deploying AI-powered digital fraud management systems that can iteratively detect changes in the behavioural patterns of customers’ transactions and take prompt and proactive steps to restrict, minimise, and prevent financial losses.” This approach is delivering significant benefits, and customers have responded with appreciative satisfaction. In addition, several other innovative capabilities and technologies have been implemented within the digital ecosystem, enabling the Bank to remain focused on its strategic aspirations while creating optimal value for the staff, customers, and shareholders.

Driving Cyber Resilience in Digital Banking

Balancing regulatory compliance, customer data protection, and the need to provide seamless digital banking experiences, Harrison drives a comprehensive cybersecurity strategy that ensures compliance with the Cybercrime Act 2015, Central Bank guidelines and frameworks, GDPR, NDPR, and other relevant standards and requirements across the geographies of operation. Compliance, data security, and product functionality are all considered and integrated from the design stage, enabling the harmonious coordination of all prevailing requirements to deliver products and services that are functional, compliant, secure, and user-friendly. This evolutionary approach has continued to mature over time, promptly recognising and reflecting the changes in customer needs and preferences, economic and regulatory landscapes, and advancement in technological opportunities.

Evolving Security Engineering and Intelligence

The most pressing threats include social engineering, ransomware, third-party risks, supply chain risks, phishing, account takeover, insider threats, and AI-driven attacks. Under Harrison’s leadership, FirstBank promptly detects and mitigates these risks through a strategy referred to as defence-in-depth, zero-trust, layered and coordinated security defence. This is achieved through enhanced threat intelligence reports, advanced and evolving security engineering, and operational efficiencies, including targeted security awareness and 24/7 monitoring. These proactive measures help to enable strong defence and mitigation capabilities against both established and emerging threats.

Proactive Risk Containment

Enterprise risk management, under Harrison’s direction, is structured around the information and cybersecurity risk framework, which defines governance requirements across three lines of defence—ownership, oversight, and assurance. Incident response plans are integrated with threat detection and forensic capabilities, escalation, and communication mechanisms, enabling rapid detection, containment, mitigation, and recovery. This approach ensures that risks are managed effectively, and incidents are detected and addressed promptly.

Securing the Supply Chain

Third-party and vendor risks, under Harrison’s oversight, are assessed through a rigorous and evolving process that includes a third-party onboarding framework, on-site evaluations, feedback escalation, and strategic collaboration. He points out, “the coordinated approach ensures that external entities maintain and support the recommended security standards as FirstBank’s expected operations, reducing and promptly managing the exposure to vulnerabilities introduced through partnerships.” At FirstBank, the risk management approach has also evolved from third-party risk to addressing multi-tier supplier risks, mandating deeper engagement into the value chain to ensure every entity supporting the Bank’s services and products adopts recommended cybersecurity best practices, which are revalidated on-demand and at least annually.

Building a Cyber-Aware Culture

Under Harrison’s leadership, FirstBank has continued to implement multi-pronged security awareness initiatives, including cybersecurity awareness programmes for all employees, third parties, partners, customers, and Board members, as well as career webinars and training sessions on emerging threats and technologies. “Cybersecurity expectations are also codified in the employee handbook, contracts, Master Services Agreements, Service Level Agreements, and safe use policies,” mentioned Harrison. These efforts ensure that cybersecurity knowledge permeates every level of the organisation, partner, and customer ecosystem, empowering both technical and non-technical personnel with the appropriate knowledge and awareness to recognise and respond to potential threats effectively and sustainably.

Harrison’s Contributions to Standards and Policy

Engagement with external stakeholders, led by Harrison, includes active participation in professional bodies such as ISSAN (Information Security Society of Africa – Nigeria), CSEAN (Cyber Security Experts Association of Nigeria), CCISONFI (Committee of Chief Information Security Officers of Nigerian Financial Institutions), ISACA – Nigeria, ISC2 (International Information System Security Certification Consortium), PCI SSC, and BSI; collaboration with regulators, and contributions to national and regional cybersecurity standards. Beyond global involvement in numerous opinion- and direction-shaping conferences and forums, the FirstBank Group CISO is also a member of several advisory bodies that influence the digital and cybersecurity ecosystems. These interactions serve to elevate awareness, shape policy, groom practitioners, and promote a unified approach to cybersecurity practices across the financial sector and the broader economy.

Mentoring Tomorrow’s Cyber Leaders

The legacy envisioned under Harrison’s leadership is one of transformation, collaboration, co-creation, coopetition, resilience, and an unwavering empowerment drive for the cybersecurity workforce to aspire higher and achieve greater goals. He shares, “Through leadership strides at FirstBank, the goal is to continue to set higher benchmarks in cybersecurity maturity, mentor future leaders & practitioners, and contribute meaningfully to Nigeria’s and Africa’s cybersecurity landscape while optimally promoting digitalisation and digital transformations.” This vision includes fostering a culture of embedded security and heightened innovation, ultimately shaping the future of digital trust in financial services for the overall benefit of mankind.