MEET THE CYBER SECURITY TEAM

TILEWA OLORUNNISOLA

Tilewa Olorunnisola
Information Security Management

I have around 13 years of experience in technology. My early years were as a project manager and then over the past five years I have focused specifically on helping organisations improve their security posture. My journey into information security began when I took a course in information security auditing after university, which sparked my interest. Although it was challenging to dive directly into auditing, I eventually transitioned into implementing information security standards like ISO 27001, which is all about establishing the governance structures, processes, and technologies that support an organisation’s security objectives.

During my time as a project manager, I noticed that many of the issues within projects were not due to the projects themselves but were rooted in the organisation’s culture and processes. I realised that by addressing these problems, especially in terms of security, we could prevent many issues before they even arise, thereby protecting the organisation’s reputation and financial stability.

I work within the consulting department at Redcentric, where my focus is on helping our customers – primarily small and medium-sized businesses – establish and maintain strong security operations. Many of these organisations need the expertise of a Chief Information Security Officer (CISO) but cannot afford to hire one full-time. That’s where our Virtual CISO service comes in. It allows businesses to hire a CISO on a contractual or pay-as-you-use basis, helping them establish strategies and programs for cyber resilience or comply with standards like Cyber Essentials or ISO 27001 – without the need for a full-time resource.

When a customer approaches us, often with a specific project in mind, we start by understanding the organisation’s needs and the type of data involved. For example, if they are developing an application that will handle sensitive data, we identify the types of data ­– whether it’s government-sensitive, personally identifiable, or business-sensitive – and assess potential threats. We then define the necessary security requirements, considering factors like access, integration and cloud security. We also plan for crisis scenarios, ensuring strong backups and restore capabilities to meet business expectations in case of an incident.

One recent engagement was with a managed procurement service provider. It needed to comply with the ISO 27001 information security standard, so we began by conducting a gap assessment. This allowed us to identify what they already had in place and what needed improvement. We then developed a roadmap to help them align with the standard, established necessary processes, and guided them through the audit. The results were outstanding – no major or minor non-conformities, and just one observation. The external auditor even commented that it was one of the best implementations he had seen.

Another project involved working with a solution provider in the healthcare sector, where we helped them build an application to manage sensitive data for the NHS. Due to the sensitive nature of the work, details of the project are confidential, but it was another instance where we ensured stringent security measures were in place to protect critical data.

The biggest challenge is the ever-evolving threat landscape. Security incidents are no longer an “if” but a “when,” which means organisations must have the right strategy in place to respond effectively. However, this also presents an opportunity to embed security into the culture of an organisation from the ground up. When security is integrated into every level of an organisation, from processes to technology to people, it not only protects the organisation but also builds trust with customers and the public.

Click into some of our key team members to find out more about them

Tom Holloway

Head of Cyber Security

Read more

Luke Stevenson

Product and Portfolio Manager – Cyber Security

Read more

redcentric

Redcentric

0800 983 2522 sayhello@redcentricplc.com