Opeyemi Onifade, CISA, CISM, CGEIT, COBIT 5 Certified Assessor, COBIT 5 Certified Implementer, CISSP, CompTIA Cloud Essentials, ISO 20000 Prac, ISO 27001 LA, ITIL-F, SCJP, ITBMC, PRINCE2 PMP, provides business leadership and execution at Afenoid Enterprise Limited. Afenoid Enterprise offers solutions in business technology optimisation, management systems consulting (ISO 27001, 20000 and 22301) and competence development programmes in IT governance and management. Prior to becoming the founding director and practice leader at Afenoid Enterprise, he held leadership positions as chief information security officer at Galaxy Backbone Limited, senior consultant and regional manager at Digital Jewels Limited, and pioneer country/regional information security officer with the Group Security Office of Ecobank Transnational Incorporated. Onifade’s passion is to help top management and boards define and implement technology directions and processes, and manage the risk of technology adoption in order to foster the productive capacities of their businesses.
What are your three goals for 2015?
What is your favorite blog?
Personalmba.com
What’s on your desk right now?
How has social media impacted you professionally?
LinkedIn has been very useful in broadening my contacts and marketing our services.
What is your number one piece of advice for other GEIT professionals?
Seek to earn at least one credential relevant to each of the COBIT 5 domains.
What are your favorite benefits of your ISACA membership?
The rich exposure to emerging technologies, vast body of knowledge and kind-hearted professionals.
As a governance of enterprise (GEIT) professional, how do you believe your background in information security and audit has supported and guided your career to date?
I became interested in information security as a result of an undergraduate project related to smart cards. The project work led to my research in java card, which led to my first professional certification, Sun Certified Java Programmer. I soon realized that I did not want to pursue a career as a programmer but was still interested in information security. I was able to secure employment with a consultancy firm in Lagos, Nigeria, as a senior analyst in its information systems and e-business practice. My manager at the time was a Certified Information Systems Auditor (CISA) and Certified Information Systems Security Professional (CISSP), and I set a goal to pass the two exams within a year of my employment. I accomplished my goal and gained the necessary experience to be certified. I left the consultancy to join an international bank, where I became the pioneer information security officer. My experience in that bank spurred my interest in corporate governance, risk management and business management. I became very interested in the ISACA body of knowledge and, in the process, took and passed the Certified Information Security Manager (CISM) exam to strengthen my role at the bank. Then, I began to miss consulting and left to join a start-up consultancy that was passionate about raising awareness in information security and IT governance. It was the only firm in the country offering COBIT 4.1 training. The extensive exposure to COBIT 4.1 helped me to consolidate my competencies for GEIT. I sat for Certified in the Governance of Enterprise IT (CGEIT) in 2010, and I was an early adopter of COBIT 5. I also became the first COBIT 5 Certified Assessor on my continent.
What do you see as the biggest risk factors being addressed by GEIT professionals? How can businesses protect themselves?
I like to describe waste as anything that adds cost without adding value. I think the biggest risk factors being addressed by GEIT professionals, especially in my country, include the likelihood of IT not delivering what is promised and rogue and hidden IT expenses. Another risk factor is the increasing exposure to cyberthreats as a result of technology adoption without sufficient risk analysis and adequate risk controls.
How do you see the role of GEIT changing in the long term?
I believe that with the deepening of the pervasiveness of IT, IT will no longer be seen as a function, a unit or a department but as a preeminent organizational capability. In the long term, I believe what will count is not what IT delivers but what the business is able to deliver as a result of what IT delivers. I perceive a conceptual evolution whereby IT projects will not just become IT-related projects but business projects. When that time comes, IT governance will not need to be integrated into corporate governance; a distinction will not be reasonable.
How have the certifications you have attained advanced or enhanced your career? What certifications do you look for when hiring new members of your team?
My certifications have not only given me a voice, they have earned me the right to be heard. I believe that certifications are important, because they show one’s interest in self-improvement. Our work requires proven knowledge and experience in the COBIT 5 process domains including strategy, risk, security and service management. I am always eager to consider a CGEIT holder.
What has been, or do you anticipate being, the biggest compliance challenge in 2015? How will you face it?
I think the biggest compliance challenge, especially for the developing economies, will be cybersecurity-related. In my country, for instance, there is a cybersecurity bill that is about to be signed into law. Our government also recently published a cybersecurity strategy. We are responding by developing capabilities and resources to help the market comply.