The Human Side of Cybersecurity: Lessons From Yahoo’s Director of Security GRC
As organizations face growing cyber risk and regulatory pressure, security leaders are being asked to do more than protect systems: They must enable the business. In this episode of the Executive Guidance podcast, Steven Asifo, Director of Security GRC at Yahoo, joins Zohra Ibrahimi, Toptal’s Information Security Practice Lead, to discuss how clarity, communication, and culture are redefining modern security leadership.
As organizations face growing cyber risk and regulatory pressure, security leaders are being asked to do more than protect systems: They must enable the business. In this episode of the Executive Guidance podcast, Steven Asifo, Director of Security GRC at Yahoo, joins Zohra Ibrahimi, Toptal’s Information Security Practice Lead, to discuss how clarity, communication, and culture are redefining modern security leadership.
Speakers
This episode’s host, Zohra Ibrahimi, is the Information Security Practice Lead at Toptal. Zohra has over 15 years of experience leading cybersecurity, risk, and compliance initiatives across Fortune 500 companies and highly regulated industries, helping organizations align security strategy with business objectives.
Previously At
Steven Asifo is the Director of Security Governance, Risk, and Compliance at Yahoo. Known for bringing clarity and humanity to complex security topics, Steven blends deep GRC expertise with an engaging communication style, helping organizations make security approachable, relevant, and actionable for everyone.
Modern security leadership is no longer about jargon or checklists: it’s about trust, alignment, and people. Steven Asifo joins Zohra Ibrahimi to share how Yahoo approaches governance, risk, and compliance in a way that supports AI and innovation while protecting the business.
Drawing on his background in both cybersecurity and public speaking, Steven explains why making security engaging, and understandable, is essential to driving adoption, reducing risk, and building resilient organizations.
Topics explored include:
-
Why cybersecurity is 80% human and 20% technology
-
How to translate security and GRC into language business leaders actually understand
-
Why effective security programs prioritize clarity over complexity
-
The role of culture and communication in risk management
-
What modern security leadership looks like in highly regulated, AI-enabled environments
About the host
Zohra is a seasoned cybersecurity and risk executive with more than 15 years of experience leading enterprise risk management, cybersecurity strategy, IT governance, and regulatory compliance initiatives across Fortune 500 companies and global organizations. As Toptal’s Information Security Practice Lead, she takes a strategic, business-aligned approach—building scalable, results-driven security programs that not only protect critical assets but also enable business growth.


