Dedication has defined Phillimon Zongo’s career. His path, from an initial interest in leadership and technology to his current roles as a virtual CISO at a number of organizations and Co-Founder and CEO at the Cyber Leadership Institute, is marked by his willingness to learn and apply himself across technical and soft skills.
Zongo defines the start of his cybersecurity career as taking place in 2014, when he first recognized a shift in high-level conversation around the topic. “I realized around 2014 that cybersecurity was starting to dominate discussion in boardrooms and had zoomed to the top of every corporate risk profile. Instead of spreading myself thinly across every technology and risk aspect, I decided to go deep into cybersecurity, and it’s a decision that I never regretted,” he says.
Zongo’s career started in his home country, Zimbabwe. Soon after graduation, he joined Utande, an internet service provider that served large Zimbabwean enterprises as an IT networking intern. However, the instability that caused the Zimbabwean economic crisis led Zongo to pursue a career outside of the country. “I knew I needed to leave the country and plant myself on fertile ground,” Zongo recalls.
He saved up to take the Certified Information Systems Auditor (CISA) exam, passed and soon thereafter joined Deloitte in Harare, Zimbabwe, as an IT Auditor. The combination of his CISA qualification and big-four experience opened up international opportunities for Zongo. In the summer of 2007, he landed in Sydney, Australia, with only $300 in his pocket to chase a new dream. “I was full of hope and enthusiasm — I was joining PwC as a senior consultant.”
From there, his career progressed further, holding IT risk and audit positions at PwC, Dimension Data and AMP. It was in these technology management roles where Zongo defined his approach to leadership and communication. “I realized that in as much as cyber had become one of the most critical business risks, a majority of decision-makers found the subject too complex and ambiguous,” he says. “So, I decided to sharpen my business writing skills. I knew that if I was able to articulate critical technology risk meters in the language that senior business leaders were able to understand, it would differentiate me from my peers.”
Zongo has found success in cultivating a balance of technical and people skills in cybersecurity executive roles. “The more I learned, I found that my technology, risk and governance skillsets were equally as important as my board communication and influencing skills.”
He’s found both skillsets vital to his work as a virtual CISO (vCISO) across a number of respected Australian organizations. In his vCISO roles, Zongo helps define high-level cybersecurity roadmaps, engages with senior stakeholders, build high-performing teams, runs tabletop exercises across the executive team, and presents cybersecurity posture to internal and external stakeholders.
He also serves as Co-Founder and CEO of the Cyber Leadership Institute, which aims to meet a lesser-discussed aspect of the cybersecurity skills gap. “Everyone was talking about the cyber skills shortage, and it surprised us that no one was really tackling the cyber skills shortage from the top.” To fill that void, Zongo helped create the organization, which focuses on upskilling and training future cybersecurity leaders with an emphasis on soft skills — communication, organizational influence and collaboration. “We’re aiming to create a diverse, global movement of cyber leaders who think critically and collaborate to drive positive change within their environments and help accelerate the creation of a safer digital space for the next generation,” Zongo says.
One of the most important focuses of the Institute’s leadership training, and cybersecurity management in general, is organizational communication — both with internal departments and the C-suite, says Zongo. To clearly communicate cybersecurity risk in the boardroom, “my recommendation is to minimize technical jargon and communicate cyber risk with clarity and persuasion,” he relates. “For example, when you say 40% of our digital assets have critical vulnerabilities, what does that mean to a CEO? You need to articulate that in the language of the business and provide indications that the board can relate to.”
Once cybersecurity executives have communicated risk to the board, it’s important to gain their buy-in in the mitigation tactics put in place across the organization, he says. “Cybersecurity is a team sport, and success is only guaranteed when CISOs do one thing: slow down, shut up and listen.” Zongo brings this strategy into his vCISO work, saying that his first responsibility as a new face in the organization is to engage senior stakeholders. “I approach them with a blank piece of paper, and I ask them open-ended questions. ‘What would you prioritize if you were in my shoes? What are your most important business goals? And how can my team help you accelerate the attainment of those goals?’ Once senior business stakeholders feel that they have had significant input into your strategy, and you build a shared sense of purpose, they are likely to throw their full weight behind your cybersecurity strategy and help its execution.”
That top-level buy-in is critical to further enterprise cybersecurity success, and it combines the collaboration, communication and influence skills needed to excel in the field, according to Zongo. He realized early in his career the power of sharing his story both in communicating cyber risk, but also in sharing leadership lessons learned throughout his career. Zongo has published a number of thought-leadership articles across Forbes, ISACA, Strategic Risk, New Zealand Business Herald and Financial Standard, helping business and cybersecurity leaders hone in on important themes in the cyber risk and resilience field. A frequent speaker at conferences and author of two books, a memoir and a cyber resilience guide, Zongo prioritizes sharing information with other cybersecurity professionals and aspiring leaders.
“It is very important for cybersecurity leaders to share our stories. For me, it was very important because I used to look around the room and see no one who looked like me. When they say representation matters, I know it firsthand. By sharing our stories, we’re able to become the role models that we never had.”
Zongo’s experience as an African cybersecurity leader living and working abroad informs his passion for expanding the cybersecurity leadership talent pool with the work he accomplishes at the Cyber Leadership Institute. “From the outset, we’ve been determined to accelerate diverse talent, especially around gender diversity. No matter our gender, we all need to work together to accelerate women into leadership positions,” he says. “By propelling a dozen women into key cyber leadership positions, that has a multiplier effect, because those people are now able to bring their diverse perspectives and rewrite their hiring policies to push more women into the frontlines of cybersecurity and cyber leadership.”
Reflecting on his own career, Zongo says he’s never stopped learning. “It’s a constant quest for self-improvement — pursuing perfection, while at the same time knowing that perfection is never an attainable state.” That search for knowledge and self-expansion has led him to achieve goals he never imagined, including writing and leading on a global scale. “This is all about the long game. The life that I’ve lived has taught me to wait — patience is a very powerful virtue. It took me eight years of writing every day for me to start writing for Forbes.”
Now, Zongo says he’s focused on growing the leadership initiatives at the Cyber Leadership Institute and expanding his own communication skillset. From sharing thought-leadership articles in international publications to propelling new talent to the forefront of cybersecurity, the impact of his career is felt around the globe.