Cybersecurity leadership is often discussed in terms of frameworks, compliance, and technical solutions, but rarely through the perspective of the people navigating the complex, day-to-day realities of defending organizations. CISO Diaries seeks to fill that gap by exploring the routines, habits, and decision-making strategies of today’s leading CISOs. From balancing operational priorities to embedding security culture and responding to emerging threats, this series offers a behind-the-scenes look at how security leaders keep businesses safe while enabling growth and innovation.
About the Interviewee: Kossi DOH
Kossi DOH is the CISO and Lead Red Team at Cyber Defense Africa, where he drives the strategic and operational direction of the organization’s cybersecurity program. With a background in telecommunications engineering and over six years in cyber defense, Kossi brings deep technical expertise in network systems, computer security, and threat management. He is known for a business-minded approach that balances protection, compliance, and innovation, embedding security into operations and digital transformation initiatives. Passionate about building awareness and fostering a security-first culture, Kossi mentors his team to anticipate threats, implement practical solutions, and stay ahead in an evolving cyber landscape.
How do you usually explain what you do to someone outside of cybersecurity?
My work consists more often to put all possible solution either human, technical, or managerial, in place to protect our cyberspace, just like someone put in place controls to protect their house and the surrounding area.
What does a “routine” workday look like for you, if such a thing exists?
A routine day is one in which I have to communicate the risk to our information system to management, raise awareness among my colleagues, or revise our policies.
What part of your role takes the most mental energy right now?
Reviewing audit report and make sure all the recommendations are implemented before any compliance audit.
What’s one security habit or routine you personally never skip? (Work or personal.)
Use a unique complex password or multifactor when possible.
What does your own personal security setup look like? (Password manager, MFA, backups, devices, at a high level.)
All of the above. I add training and awareness of staff.
What book, podcast, or resource has influenced how you think about leadership or security? (Doesn’t have to be technical.)
Success through a positive mental attitude by Napoleon Hill.
What’s a lesson you learned the hard way in your career?
Always follow the change request and always make it approved, even when you have done that operation a million times.
What keeps you up at night right now, from a security perspective?
The lack of maturity I perceive from a lot of companies. It seems like they are unaware of the danger of exploitation.
How do you measure whether your security program is actually working?
We check the number of incidents we recorded in the previous month and the level of staff maturity.
What advice would you give to someone stepping into their first CISO role today?
Read, read, and read. A CISO must be a continuous student.
What do you think will matter less in security five to ten years from now?
The use of passwords will matter less in security if quantum computers are used. 2FA will be used more often, and best practices and cyber hygiene will be the norm.
Looking ahead 10 years, what do you believe security teams will spend most of their time on that they don’t today?
Fighting against AI-generated attacks.