With over 16 years of experience in cybersecurity, governance, privacy, and technology leadership, Olayinka Naa Dzama has become a powerful voice in shaping secure digital ecosystems across Africa and the Middle East. Starting her career in IT and quickly advancing into cybersecurity, she has built deep expertise navigating complex regulatory landscapes and championing inclusive, resilient digital strategies.
As a CCISO-certified Information Security Specialist, she leads cybersecurity governance, privacy, and risk efforts across 35+ countries in the Middle East and Africa. Her additional role as President of WiCyS West Africa reinforces her mission to build capacity, promote diversity, and drive impactful change in the region’s digital future.
Cybersecurity must be both strategic and contextually relevant to truly make an impact. – Olayinka Naa Dzama
Q&A with Olayinka Naa Dzama
Q: an you share your journey from your early IT and teaching background to becoming a cybersecurity and privacy expert working across Africa and the Middle East?
A: My journey into cybersecurity started with a strong foundation in IT and a passion for teaching, which I pursued on the side to share knowledge and empower others. As I gained more experience, I became increasingly drawn to the critical role of governance, risk management, IT audit and data protection.
I pursued specialized training in cybersecurity with the great help of my mentor, C.K. Bruce, with a focus on Governance, Risk, and Compliance. Today, I serve as an Information Security Specialist at Ericsson, where I support security governance, privacy, and risk mitigation efforts across Middle East and Africa.
In addition to my corporate role, I lead as the President of Women in Cybersecurity (WiCyS) West Africa, where I advocate for diversity, capacity building, and awareness in the digital space. My mission is to help build secure, inclusive, and resilient digital environments across the continent.
Q: What first drew you to governance, privacy, and risk within cybersecurity, and how has your perspective evolved over the last 16+ years?
A: What drew me to governance, privacy, and risk in cybersecurity was the influence of my mentor, C.K. Bruce, who helped me see the bigger picture beyond just technical controls. I became passionate about how policies, compliance, and ethical data handling shape trust in digital systems.
Over the past 16+ years, my perspective has evolved from seeing GRC as a support function to recognizing it as a critical business enabler. Working across Africa and the Middle East has reinforced my belief that cybersecurity must be both strategic and contextually relevant to truly make an impact.
“My mission is to help build secure, inclusive, and resilient digital environments across the continent“
Q: In your current role at Ericsson, you manage information security and privacy across a wide region. What are the biggest regulatory or geopolitical challenges you’re navigating today?
A: In my current role at Ericsson, one of the biggest challenges is navigating varying regulatory landscapes across multiple countries in Africa and the Middle East. Each region has its own privacy laws, cybersecurity mandates, and data localization requirements with some well-established, others still evolving. Ensuring compliance while maintaining operational consistency is a constant balancing act.
Geopolitically, the rise in cyber threats driven by regional tensions, as well as the push for digital sovereignty, adds complexity to how data is handled and protected. We must remain agile adapting to shifting regulations while ensuring that privacy and security controls align with both global standards and local expectations.
It’s a dynamic space, but it also offers a unique opportunity to build context-aware security frameworks that are both resilient and respectful of regional nuances.
Her mantra: “When women are empowered, entire communities are strengthened.”
Q: How do you approach privacy impact assessments and risk assessments in multinational environments with varying compliance demands?
A: In multinational settings, I approach Privacy and Risk Assessments by aligning with global standards like ISO 27001 and GDPR, while adapting to local regulation and laws. I take a risk-based, context-aware approach, engaging with local teams to ensure compliance is both practical and effective.
The goal is to integrate privacy and security early, manage risks proactively, and maintain agility as laws and threats evolve.
Q: Which global standards or frameworks, like ISO 27001, NIST 800-53, or ISO 27032, have had the biggest impact on how you work and lead?
A: ISO 27001 has had the most significant impact on how I work and lead. Its structured approach to establishing, implementing, and maintaining an Information Security Management System (ISMS) has shaped how I view security as a continuous, organization-wide responsibility.
In addition, NIST 800-53 has influenced my understanding of risk-based controls and how to apply them in complex environments, while ISO 27032 has been valuable in addressing cybersecurity in the broader context of digital collaboration and internet threats.
Together, these frameworks guide how I drive compliance, build trust, and lead cross-functional teams across diverse regions with clarity and consistency.
Q: As someone who contributes to ISACA and EC-Council communities, what trends or practices are you most focused on sharing with your peers and mentees?
A: In my contributions to the ISACA and EC-Council communities, I focus on sharing insights around governance, privacy, and risk management.
I’m particularly passionate about trends like Zero Trust architecture, data protection by design, and AI-driven threat detection. I also emphasize the importance of cybersecurity awareness, ethics, and building resilience in low-resource environments.
With my mentees, I stress the value of certifications, continuous learning, and real-world application, encouraging them to see cybersecurity as both a technical and strategic career path.
Q: You’ve helped implement cybersecurity at national levels and taught many others, how do you bridge the gap between policy and real-world execution?
A: Bridging the gap between policy and real-world execution starts with simplifying complex frameworks into actionable steps that stakeholders at all levels can understand and apply. I focus on contextualizing global best practices to fit local realities, whether it’s resource constraints, cultural dynamics, or maturity levels.
I prioritize capacity building, cross-sector collaboration, and clear communication to ensure that policies don’t just stay on paper but are embedded into daily operations. Whether working with national agencies or mentoring individuals, my goal is to make cybersecurity both practical and sustainable.
Q: As a visible woman leader in cybersecurity, what do you believe is needed to support more women rising into strategic roles like yours across Africa?
A: To see more women rise into strategic cybersecurity roles across Africa, we need a deliberate ecosystem of support, starting with early exposure, mentorship, and sponsorship. It’s not just about training women in technical skills but also equipping them to lead, influence policy, and sit at decision-making tables.
We must also address structural barriers by promoting inclusive hiring, flexible work environments, and visible role models who show what’s possible. I strongly believe in creating safe spaces for women to grow, fail, and rise again because when women are empowered, entire communities are strengthened.
Q: What are you most excited about for the future of cybersecurity in Africa and what role do you hope to play in shaping it?
R: I’m most excited about Africa’s growing digital transformation and the opportunity to build cybersecurity into the foundation, not as an afterthought. As governments, startups, and industries embrace tech, there’s a critical moment to shape a security-first mindset across the continent.
I hope to continue playing a role in strengthening governance, building local capacity, and mentoring the next generation of cybersecurity leaders especially women.
Interested in more African cyber leaders?
Connect with CxOTrail or submit your story today: editorial@cxotrail.com
