Advancing Behavioral Cybersecurity: The Trailblazing Journey of Oluwafemi Osho

In the rapidly evolving landscape of behavioral cybersecurity, Oluwafemi Osho stands out as a leading and influential figure. His journey in this specialized area of cybersecurity is marked by innovative approaches and significant contributions that address the intersection of human behavior and cyber threats.

Osho’s work in behavioral cybersecurity is particularly relevant in today’s digital age, where security challenges are not just about technology but also about understanding and influencing human behavior. He observes, “Even though human actions and decisions can significantly impact cybersecurity, this aspect has often been overlooked in traditional cybersecurity measures.”

Cybersecurity Journey Begins

His path into cybersecurity began in 2009 with an appointment as the IT/Systems head at Platinum Mortgage Bank (PMB) Limited in Abuja. This opportunity arose following the completion of his bachelor’s programme in mathematics/computer science from the Federal University of Technology, Minna. At that time, he was pursuing a master’s in mathematics at the same institution.

While he was instrumental in developing many initiatives to enhance the bank’s security architecture, his most memorable achievement was developing its IT policy and strategy.

“At PMB, I proposed and executed many projects. For example, I introduced a novel method for updating antivirus software on the bank’s computers. However, my outstanding achievement was formulating the bank’s IT policy and strategy. I knew IT policy and strategy were foundational to a bank’s security, regulatory compliance, operational efficiency, innovation, and customer satisfaction,” explains Osho.

Transitioning to Academics for More Impact

Osho’s quest to impact security behavioral change on a larger scale made him transition in 2010 to an academic position at the Department of Cyber Security Science, Federal University of Technology, Minna. At the University, he taught undergraduate and postgraduate students various courses.

On the research front, Osho undertook multiple groundbreaking studies in the different areas of behavioral cybersecurity. He expatiates, “In my academic research endeavors, I have concentrated on exploring user perceptions and awareness regarding security across various information technology domains. Additionally, my research has delved into understanding user experience concerning cyber threats; investigating tactics, techniques, and procedures (TTPs) employed by cyber adversaries; and examining the legal, policy, and governance dimensions of cybersecurity, among other aspects.”

“Some notable accomplishment in my research endeavors were conducting the first-of-its-kind peer-reviewed examination of Nigeria’s Cybersecurity Policy and Strategy. Furthermore, I was part of two research projects—I led one—that conducted forensic analyses on the mobile banking applications used by Nigerian banks at the time. Our research uncovered that none of these banking applications eliminated sensitive data when relegated to the background,” he added.

Extending Professional Proficiency and Network

Osho attained the Certified Ethical Hacker (C|EH) credential from the EC Council to enhance his technical proficiency. To expand his professional network and further contribute to behavioral cybersecurity research, he became affiliated with national and international organizations focused on security. These include the Cybersecurity Experts Association of Nigeria (CSEAN) and the Global Commission on the Stability of Cyberspace (GCSC) Research Advisory Group (RAG). Osho is also a Nigerian School on Internet Governance (NSIG) fellow.

His contributions to GCSC include a research project on protecting the Internet’s core funded by the Commission. His work identified Internet components critical to its functioning and the various threats against and behaviors inimical to its stability and security.

At CSEAN, Osho is part of the Research and Development team. He led the team on the 2022 National Cyber Threat Landscape and 2023 National Cyber Threat Forecast. He spearheads the efforts on the ongoing 2023 and 2024 editions of the threat landscape and forecast, respectively.

A New Devotion

Over the years, Osho has devoted significant attention to young users, one of the most at-risk groups in the digital space. According to him,

“For instance, in Nigeria, home to one of the world’s largest young internet populations, reports highlight the country’s shortcomings in privacy and safety frameworks and regulations, as well as school digital citizenship education. A study by Project Open Eyes reveals that most of the 12 to 17-year-old participants engage in online behaviors that expose them to various threats, such as profiling, online grooming, online profiling, and cyberbullying. These findings underscore the urgent need for enhanced online safety measures for young internet users.”

To bridge the security gaps, Osho has initiated cybersecurity enlightenment programmes at the secondary school level and promoted awareness in youth forums. He reveals, “I conducted an online safety awareness campaign at a secondary school in Minna. Students were informed about various online threats and educated on protecting themselves from the threats.”

New Challenges, Same Goals

In 2019, he felt the need to advance his education and hone his research and communication skills. He moved to Missouri University of Science and Technology (MST) in the United States, where he earned an M.S. in Technical Communication.

Osho is presently pursuing a Ph.D. in Human-Centered Computing at Clemson University in South Carolina under the supervision of Dr. Bart Knijnenburg. His research projects are supported by National Science Foundation (NSF) grants.

One of the projects he is working on involves developing instructional modules to impart AI-centric cybersecurity concepts and best practices to middle school students.

He elaborates, “The initiative is driven by the growing integration of AI into online and digital systems, which has heightened the potential for security and privacy risks. In addition to helping adolescents take ownership of their digital identities, this project enhances their fundamental understanding of the underlying concepts and security principles underpinning AI and cybersecurity technologies.”

Due to his contribution to the AI-cybersecurity education and other related projects, Osho was selected in 2023 by the State of South Carolina (SC) to join the State’s AI Design Team. The Team was created to develop educational resources that will equip South Carolina students with relevant AI skills for the future.

“We are developing curricula and course modules to acquaint high school students with AI-related career and training opportunities, aligning with the SC AI Pathway. This effort aims to equip students with insights and practical experiences in the dynamic field of AI,” he explains.

The Future is AI and Cybersecurity

Osho is convinced that artificial intelligence will grow in sophistication and increasingly permeate future technologies, leading to new cyber threats.

“I absolutely believe that the growth and sophistication of artificial intelligence will profoundly impact future technologies. As AI systems become more complex and growingly integrated into various aspects of our lives, they will inevitably create novel threats,” he predicts.

Consequently, he recommends, “Thus, as we embrace AI’s benefits, we must also proactively develop robust cybersecurity strategies that include not only technological solutions but also focus on educating users. It’s crucial to foster a culture of security awareness and security-conscious behaviors where users are equipped to prevent, recognize, and respond to AI-driven threats.”

Osho’s ambition is to remain at the forefront of equipping users: “Looking ahead, my goal is to continue to play an active role in research, advocacy, awareness, and education endeavors to create a safer, more empowering online environment, especially for young internet users. Through these efforts, I aim to empower them to manage their digital identity more responsibly and online relationships more effectively.”