Omorinsola Goriola is a cybersecurity professional with a mission: helping organizations stay one step ahead of cyber threats. As the Red Team Lead at Deloitte West Africa, he leads efforts in vulnerability assessments, penetration testing, social engineering simulations, and enterprise-wide cyber awareness—from the boardroom to frontline staff. His work spans key sectors, including banking, telecommunications, and oil & gas, where he helps businesses uncover vulnerabilities before attackers do.
With over nine years of experience and certifications like CISSP, CISM, and CEH, Omorinsola brings both depth and perspective to cyber defense strategy. He’s also a contributor to the Nigeria Cyber Security Outlook, offering insights into the evolving threat landscape and shaping national conversations on resilience and readiness.
Passionate about building future talent, Omorinsola dedicates time to mentoring young cybersecurity professionals across Africa, equipping the next generation with the skills and mindset to protect what matters most in an increasingly digital world
In a digital world fraught with evolving cyber threats, Nigeria’s cybersecurity landscape is gradually gaining momentum. We sat down with a seasoned cybersecurity professional, who has been in the industry since 2013, to discuss his journey, the state of cybersecurity in Nigeria, and the way forward. His story is one of early curiosity, persistence, and a mission to demystify cybersecurity for all.
Can you tell us about your journey into cybersecurity? What inspired you to pursue this path, and what were the early days like?
A: Thank you very much. I like to think about my cybersecurity journey starting from my university days. I was in my third year studying Computer Science at Covenant University. During that time, we were required to do a six-month industrial training program called SIWES. I got an opportunity to intern at a company focused on application development, which also had a networking division.
Although my initial role was as an application developer, I was curious about what the networking team was doing. I began asking questions and shadowing them during my free time. That sparked my interest in understanding how computer systems connect and communicate securely. When I returned to school for my final year, I became more intentional about deepening my knowledge in that area.
During my NYSC year, I focused heavily on gaining certifications. I started with Cisco certifications in networking and later moved into cybersecurity-focused modules like the CCNA Security. That was when my passion for cybersecurity truly began to form. I loved the fact that it combined technical depth with a sense of purpose—protecting data, systems, and people from harm.
After NYSC, I applied to several roles, and thankfully I got my first job at a cybersecurity firm. That was around 2013/2014. Since then, I’ve worked in various capacities within the field, from security solutions deployment to penetration testing and risk assessment to compliance and training. The field keeps evolving, and that’s part of what makes it exciting. It has been a journey of continuous learning, and I’m glad I took that leap of curiosity back during my university internship.
Did you face any challenges accessing cybersecurity knowledge or opportunities while studying in Nigeria?
A: Yes, though it was a mixed experience. In university, we only had one course that briefly covered cybersecurity, which wasn’t enough to deeply understand the field. Practical exposure and hands-on labs were limited.
However, we had a partnership with New Horizons, a global IT training provider, which allowed us to pursue certifications. That helped bridge the gap to some extent.
I also relied heavily on YouTube and peer networks to learn. Resources were limited compared to today, so you had to be resourceful and connected to keep learning. Today’s landscape offers more accessibility, but back then, it took persistence and the right community to grow.
Was there a defining moment in your career that changed your perception of cybersecurity’s role in society?
A: Yes, during a cybersecurity review for a major financial institution. I registered on their mobile platform, and shortly after, I got a phishing call. The caller knew my BVN, account details, and even described my profile picture. It was convincing.
Fortunately, I knew the review processes and recognized the call as a scam. But it struck me—what if someone else received that call without my background? They might’ve fallen for it.
That moment changed how I viewed cybersecurity. It’s not just about systems and infrastructure—it’s about protecting people. Since then, I’ve become more focused on advocacy and awareness, ensuring more Nigerians can recognize and avoid these threats.
Are local businesses and users prepared for the cyber risks that come with digital growth?
A: Some Nigerian businesses are gradually catching up with cybersecurity demands, particularly financial institutions. Because they are subject to regulatory compliance, they have invested significantly in protecting their platforms. Many of them now have internal security teams and regularly educate users through SMS alerts, ATM screen messages, and posters about avoiding fraud or phishing attempts.
However, the story is different for industries like manufacturing, retail, and logistics. Many of these businesses still operate under the assumption that they are not high-value targets, which is a dangerous misconception. As these sectors continue to digitize operations, their exposure to cyber risks increases, but their security investments often lag behind.
At the user level, there’s a push to raise awareness, especially from banks, but the reach is limited. A market trader may not be able to interpret security warnings displayed on an ATM or in a mobile app. We need more inclusive education methods that reach people in local languages and through community engagement. Right now, efforts are concentrated in urban and semi-urban areas, leaving out vast populations that are equally vulnerable.
So, while there is progress, especially in regulated sectors, there is still a significant gap in both business and public readiness to face cyber risks that come with digital growth.
How does Nigeria’s cybersecurity infrastructure compare to global standards?
A: Nigeria’s cybersecurity infrastructure reflects a mix of commendable progress and areas that require significant improvement. In the financial sector, for example, institutions are among the most advanced in terms of cybersecurity maturity. This is largely due to the regulatory oversight of the Central Bank of Nigeria and adherence to global frameworks such as the Payment Card Industry Data Security Standard (PCI DSS), ISO/IEC 27001, and other relevant compliance mandates. In this domain, Nigeria is holding its ground and, in some cases, closely aligned with international standards.
However, the situation is quite different in other sectors—particularly health, utilities, and education. These industries often operate without the same level of regulatory enforcement, and as a result, cybersecurity is not given the necessary attention. From my experience working with member firms in other countries within the same organization, the contrast is striking. There are significant differences in operational maturity, incident response readiness, and overall investment in cybersecurity infrastructure.
Another critical area of concern is enforcement. While Nigeria has made strides by establishing regulatory frameworks like the Cybercrimes Act and the Nigeria Data Protection Regulation (NDPR), the implementation and enforcement of these laws remain inconsistent. Without a strong culture of compliance and accountability, the gap between Nigeria and more advanced cybersecurity ecosystems will persist.
Can you speak to any notable cyberattacks or threats in Nigeria that changed how businesses or the government approach security?
A: One event that comes to mind is during the #EndSARS movement in 2020. Some hacktivist groups claimed responsibility for infiltrating government platforms and leaking information. That event was eye-opening for many stakeholders, particularly within the government and financial institutions. It created a heightened awareness of how socio-political movements could be accompanied by cyber warfare.
Unfortunately, in Nigeria, we don’t often get public disclosure of cyber incidents. Many companies prefer to handle breaches quietly due to reputational risks. This secrecy is a setback because we lose the opportunity to learn from each other’s mistakes. In more mature ecosystems, organizations are encouraged—or even mandated—to report breaches, which creates transparency and allows industry-wide improvement.
Going forward, we need to adopt a more open and educational stance on cyber incidents. Transparency, when managed properly, does not weaken a business—it strengthens the entire ecosystem.
What role does the Nigerian government play in shaping cybersecurity laws, and are current regulations sufficient to tackle modern threats?
A: The Nigerian government has taken meaningful steps to establish a legal and regulatory framework for cybersecurity. The Cybercrimes Act of 2015 is a foundational document that defines what constitutes cybercrime and the penalties associated with them. Then there’s the Nigeria Data Protection Regulation (NDPR), which offers guidance on how personal data should be collected, processed, and stored.
For the banking sector, the Central Bank of Nigeria has rolled out a cybersecurity framework that mandates financial institutions to implement risk-based security controls. These are commendable developments.
However, where we fall short is enforcement. It’s one thing to have regulations and another for organizations to comply. Currently, compliance is not uniformly monitored, especially outside the banking sector. Additionally, many small and medium-sized enterprises are unaware of their obligations.
To truly tackle modern threats, we need regular updates to these laws to reflect evolving technologies and risks. More importantly, government agencies should be equipped to monitor compliance and offer support for implementation.
Are Nigerian law enforcement agencies equipped to investigate and prosecute cybercrimes effectively?
A: We do have specialized units like the EFCC and the Nigerian Police Force’s Cybercrime Unit. These bodies have made efforts to tackle issues like internet fraud, cyberstalking, and financial scams. However, the scale of cybercrime in Nigeria far exceeds the current capabilities of these agencies.
One major gap is training. Investigating cybercrime requires deep technical knowledge—understanding digital forensics, tracing IP addresses, collecting admissible digital evidence, and more. Without ongoing training and access to modern tools, even the most willing officers will struggle to keep up.
We also need more personnel. Given how widespread cybercrime has become, a few departments in Abuja or Lagos are not enough. We need to decentralize these capabilities and integrate them into state-level strategies. International collaboration and partnerships with private sector experts would also go a long way in improving outcomes.
How can Nigeria close the cybersecurity talent gap, and what advice do you have for young people interested in the field?
A: The most sustainable way to close the cybersecurity talent gap is to introduce cybersecurity education early. It should be integrated into secondary school curricula and offered as a full-fledged discipline at the undergraduate and postgraduate levels—not just a module within Computer Science. Dedicated lab work, internships, and hands-on projects must become standard components of these programs.
Another effective approach, which we practice in my current organization, is to establish cybersecurity academies within companies. These academies can serve as structured entry points for recent graduates with a passion for cybersecurity. Participants spend about a year in practical, cyber-focused roles and emerge with real-world experience. At the end of the program, they can be absorbed into the organization or go on to work in other firms. This kind of model allows companies to nurture talent while giving young professionals a realistic, hands-on introduction to the field.
For young people, my advice is to start now—wherever you are. Learn the fundamentals like confidentiality, integrity, and availability. Understand common threats, vulnerabilities, and basic risk management principles. You don’t need a job to start learning. Platforms like YouTube and other free online resources are readily available.
Finally, find mentors and join communities. Many professionals myself included, are open to guiding newcomers. Participate in cybersecurity groups, attend webinars, ask questions, and stay curious. The field thrives on practical knowledge and passion, and those who take initiative will go far.
Do you think universities and tech institutions in Nigeria are doing enough to prepare students for real-world cyber threats?
A: Not quite. Most institutions include cybersecurity as a single course or a module within a larger IT program. But one course over four years isn’t enough to build the knowledge or practical skills required to secure real-world systems.
What we need are full-fledged cybersecurity degree programs. Beyond theory, we need practice—labs, case studies, internships, red team/blue team exercises, and interaction with industry practitioners.
There is potential. The talent exists. What we need is a structured path to channel it effectively. Educational reform that reflects the urgency and complexity of today’s threat landscape is long overdue.
How are global shifts in cybersecurity defense, like AI and zero-trust, impacting Nigerian organizations?
A: One of the most notable shifts is the rise of artificial intelligence and automation. Globally, AI is being used to detect anomalies, automate threat responses, and even predict potential vulnerabilities. Nigerian organizations are starting to adopt some of these tools, but the adoption is still at an early stage.
The challenge is balancing innovation with security. Many firms want to use the latest tools but lack the frameworks to govern them properly. AI without governance can become a risk. That’s why it’s important for organizations to not just adopt technologies but also put in place policies, training, and ethical standards for their use.
We’re also seeing interest in zero-trust architecture—where trust is never assumed and verification is continuous. It’s a sound model, especially for distributed teams and cloud-first companies, but it requires cultural and technical shifts. Nigerian companies that get ahead on these trends will find themselves more secure and more competitive.
What advice would you give to businesses and individuals in Nigeria who want to be more cyber-resilient in 2022 and beyond?
A: Embrace cybersecurity as a culture. It’s not just a department’s job or the responsibility of the IT team. Every employee, from the cleaner to the CEO, has a role to play.
Start with the basics. Secure your devices. Use strong passwords. Keep your systems updated. For businesses, ensure your staff are trained and aware. Conduct regular risk assessments and invest in automation where possible to minimize human error.
Also, implement governance frameworks for any new technology you adopt. Innovation without governance is a risk multiplier. If we can build cybersecurity into our everyday habits, we’ll be far more resilient as a society.
What’s a myth about cybersecurity you wish more people would stop believing?
A: That cybersecurity is just about hacking. When people hear “cybersecurity,” they immediately think of someone in a hoodie trying to break into systems. While ethical hacking is important, it’s just one domain.
Cybersecurity includes network security, application security, cloud security, governance, compliance, risk management, identity and access management, and more. It’s a broad field, and every business—regardless of size—needs to understand its relevance.
What’s your proudest moment so far as a cybersecurity professional?
A: There have been many proud moments. One of the most fulfilling was earning my CISSP and CISA certifications early in my career. These are globally recognized and highly respected, and achieving them opened doors to new opportunities and networks.
Another highlight has been mentoring young professionals and seeing them succeed—whether by earning certifications, landing jobs, or launching cybersecurity communities. Knowing that you played a role in someone else’s growth is incredibly rewarding.
