Podcasts41-minute episode

The Human Side of Cybersecurity: Lessons From Yahoo’s Director of Security GRC

As organizations face growing cyber risk and regulatory pressure, security leaders are being asked to do more than protect systems: They must enable the business. In this episode of the Executive Guidance podcast, Steven Asifo, Director of Security GRC at Yahoo, joins Zohra Ibrahimi, Toptal’s Information Security Practice Lead, to discuss how clarity, communication, and culture are redefining modern security leadership.

Last updated: Jan 13, 2026

As organizations face growing cyber risk and regulatory pressure, security leaders are being asked to do more than protect systems: They must enable the business. In this episode of the Executive Guidance podcast, Steven Asifo, Director of Security GRC at Yahoo, joins Zohra Ibrahimi, Toptal’s Information Security Practice Lead, to discuss how clarity, communication, and culture are redefining modern security leadership.

Last updated: Jan 13, 2026

Speakers

Zohra Ibrahimi
Information Security Practice Lead
15 Years of Experience

This episode’s host, Zohra Ibrahimi, is the Information Security Practice Lead at Toptal. Zohra has over 15 years of experience leading cybersecurity, risk, and compliance initiatives across Fortune 500 companies and highly regulated industries, helping organizations align security strategy with business objectives.

Previously At

Grant Thornton
Steven Asifo
Director, Security GRC
15 Years of Experience

Steven Asifo is the Director of Security Governance, Risk, and Compliance at Yahoo. Known for bringing clarity and humanity to complex security topics, Steven blends deep GRC expertise with an engaging communication style, helping organizations make security approachable, relevant, and actionable for everyone.

Yahoo!
Share

Modern security leadership is no longer about jargon or checklists: it’s about trust, alignment, and people. Steven Asifo joins Zohra Ibrahimi to share how Yahoo approaches governance, risk, and compliance in a way that supports AI and innovation while protecting the business.

Drawing on his background in both cybersecurity and public speaking, Steven explains why making security engaging, and understandable, is essential to driving adoption, reducing risk, and building resilient organizations.

Topics explored include:

  • Why cybersecurity is 80% human and 20% technology

  • How to translate security and GRC into language business leaders actually understand

  • Why effective security programs prioritize clarity over complexity

  • The role of culture and communication in risk management

  • What modern security leadership looks like in highly regulated, AI-enabled environments

Zohra Ibrahimi

Zohra Ibrahimi

Information Security Practice Lead
15 Years of Experience
About the host

Zohra is a seasoned cybersecurity and risk executive with more than 15 years of experience leading enterprise risk management, cybersecurity strategy, IT governance, and regulatory compliance initiatives across Fortune 500 companies and global organizations. As Toptal’s Information Security Practice Lead, she takes a strategic, business-aligned approach—building scalable, results-driven security programs that not only protect critical assets but also enable business growth.

PREVIOUSLY AT
Grant Thornton

World-class articles, delivered weekly.

By entering your email, you are agreeing to our privacy policy.

World-class articles, delivered weekly.

By entering your email, you are agreeing to our privacy policy.

Join the Toptal® community.