Modern security leadership means adaptability, and, let’s be honest, a bit of nerve.
And when it comes to navigating this balance with both strategy and style, Winifred Ndukwe is setting a standard.
With a career spanning finance, risk management, and corporate security, Winifred knows that resilience isn’t just a department—it’s a mindset. She’s seen firsthand how security has evolved from a back-office function to a boardroom priority, and she’s on a mission to ensure organizations don’t just react to threats but get ahead of them. As a Committee Member for BCI Women in Resilience, she’s also championing leadership at every level, pushing for inclusivity, and mentoring the next generation of security pros.
In this Gamechangers in Resilience interview, Winifred talks about the unexpected realities of security leadership, the fine line between business agility and security controls, and why AI-driven threats mean we all need to step up our game.
Buckle up—it’s a conversation you won’t want to miss.
Q: Tell us a little about your journey to leading security and resilience.
Winifred: My background is in finance, IT Resilience and risk management, which gave me a strong foundation in understanding business risks and how to manage them. Over time, I transitioned into cybersecurity, where I now oversee security implementation, compliance, and effectiveness across multiple regions.
My multidisciplinary background gives me an edge in understanding risks and controls from various business perspectives.
Q: Was there anything surprising about the reality of the job compared to your expectations?
Winifred: Absolutely. In theory, security looks structured—policies, frameworks, and clear best practices. Technically, you expect to have well-defined processes: monitor threats, respond to incidents, and continuously improve defenses.
In reality, it’s fast-paced, unpredictable, and full of tough decisions. One of the biggest shifts was realizing that security isn’t a standard 9-to-5 role. Incidents don’t follow business hours, so you have to be adaptable and ready to respond at any time. And because threats evolve constantly, staying ahead requires continuous learning and quick responses.
Finally, security is just as much about people as it is about technology. Policies and controls only work if people actually follow them, so influencing behavior and building a strong security culture is just as critical as deploying the right tools. I’m passionate about this and always take opportunities to discuss how people can protect themselves in their daily lives.
Q: How have conversations about security evolved in recent years?
Winifred: A few years ago, security was mostly an afterthought—something executives discussed only after an incident or a background function within IT.
Now, it has moved to the forefront, driven by factors like AI, supply chain risks, geopolitical instability, and regulatory changes. Boards and executives are now actively engaged in security discussions, which is a positive shift. The biggest change is that security is no longer seen as just a cost center or an IT sidekick but as an investment and a business enabler.
Q: What patterns have you noticed in the dynamics between security, the business, and customers?
Winifred: Like any relationship, each party has its own interests. Security teams want strong controls. Businesses want speed and efficiency. Customers want seamless, secure experiences. The challenge is making all of that work together.
The best security strategies don’t force the business to choose between security and growth. Instead, we have to see how we align security with business goals, making it a value driver rather than a roadblock.
Q: With evolving policies and controls, how do you see the tension between security and employee expectations playing out?
Winifred: Employees want flexibility—remote work, personal devices, and easy access to tools. But these same conveniences introduce new security challenges, making threats more sophisticated than ever. That’s where the tension lies.
If security controls are too restrictive, people find workarounds.
If they’re too loose, the organization is exposed to risks.
The key is designing security policies that fit how people actually work rather than forcing them into rigid structures.
The future of security will be about adaptability—securing a dynamic, hybrid workforce without making security feel like a burden. Clear, non-technical communication with stakeholders is also essential so they understand security’s importance and work with us rather than around us.
Q: Deepfakes and AI-generated content—how do we use AI responsibly from a security perspective?
Winifred: Indeed, I’ve spoken about this before, and it’s a topic I always like to discuss as we can see that AI-generated content can be highly convincing and dangerous when used maliciously. AI is a gamechanger for everyone—for both good and bad.
In security, it’s no different. It can be a powerful tool for threat detection, automation, and efficiency, but it also makes attacks like deepfakes and AI-generated scams more convincing. The key to using AI responsibly is ensuring we are able to monitor AI-driven threats, implement strict validation processes, and educate everyone about emerging risks through leveraging the opportunities AI brings to securing the business, as well as having clear governance and risk management frameworks in place.
Q: What is the hardest part of security leadership right now?
Winifred: One of the biggest challenges is the talent gap. There simply aren’t enough skilled security professionals to meet the demand, which puts a strain on existing teams.
We need to rethink how we bring people into the field—by upskilling internal employees, mentoring junior talent, and creating structured pathways for career changers.
For those considering a career in security, there has never been a better time. The industry needs people with diverse backgrounds and perspectives. If you’re curious, adaptable, and ready for a challenge, security has a place for you.
Q: What advice would you give to first-time security leaders?
Winifred: First, simplify complexity. Your job is to make security understandable and actionable for non-security stakeholders. Learn to translate security into business language that resonates with different audiences.
Second, build strong relationships. Security doesn’t work in a silo—you need to collaborate with business leaders, IT, legal, and other teams. It’s all about teamwork and alignment.
Finally, stay flexible. The threats you face today will look different next year, so adaptability is a must. Stay curious, be willing to pivot, and always be prepared for the unexpected.
Q: What separates the best leaders today?
Winifred: I would say the best leaders often combine smart decision-making with a deep understanding of people.
It’s not just about making the right calls but also about empowering others through those decisions.
They also have resilience—the ability to stay calm and focused, even when things don’t go as planned. The real test of leadership is how you handle challenges and setbacks, not just the easy wins.
Communication makes a huge difference as well. Being able to communicate in a way that resonates with everyone, from the top executives to the teams on the ground, is what helps keep things aligned and moving forward. It’s about sharing the ‘why’ behind decisions and making sure everyone feels a part of the journey.
And of course, empathy. They listen, they care, they make decisions with the well-being of their teams in mind and understand that people are the heart of any business.
Q: What is the leadership playbook you are writing for yourself?
Winifred: My leadership playbook is about balancing vision and action. It’s easy to get caught up in big-picture thinking, but real leadership is about turning ideas into tangible results. That means staying grounded in day-to-day challenges while keeping long-term goals in focus.
It also revolves around leading with empathy—understanding that leadership is as much about people as it is about business outcomes. I enjoy staying connected on an individual level, understanding people’s needs, and guiding them through challenges with both strength and care.
Finally, continuous learning is a key part of my approach. No matter how much you know, there’s always room to grow, and that is a major factor for me.
