Inside TIER: Meet Kwadjo, our Head of Product Security
November 18, 2022
TIER runs on one mission: Changing Mobility For Good 🌍 There are countless of dedicated people from across the globe who contribute to our vision. In the new Inside TIER interview series, we will give you a glimpse into who sits behind our operations and what drives them and their teams.
In this edition, we sit down with Kwadjo Nyante (he/him/his), our Head of Product Security.
TIER: Hi Kwadjo! Let’s start off with you telling us something about yourself that we don’t know?
Well, I am originally from Ghana and I’ve been in Europe for about 6 years now. I traveled a lot and briefly lived in several European countries. I lived in Enschede - Netherlands while studying MSc. Cyber Security & Privacy, then Budapest, Hungary while studying MSc. Advanced Cryptography, then working in Amsterdam, lived briefly in Nice, France, now Berlin.
In every new environment, I found myself, I tried to immerse myself as fully as I could no matter how contrasting the culture is to the Ghanaian culture I grew up knowing.
One particular thing that most people don’t know about me is that I am a Lead guitarist in the TIER Music Band - The RockeTIERs. So once upon a time, I’m going about my regular work at TIER when suddenly the CTO / Co-Founder (Matthias Laug) reached out to a number of us. The message went like this - “Hey, I want to start a music band for the company”. My first thought was - “A 1000 times yes! I’ve been playing electric guitar, preparing for this all my life! Let’s do it!” So the lineup was:
Matthias Laug → CTO / Co-Founder → Alter ego (Band founder / Lead Singer / Pianist / Trumpet / Also some hidden music skills we may not know about... Still studying him.)
Vincent Priem → Senior Expert Engineer → Alter ego (Chief Bass Guitar Officer or as we call him in the band - “Slap the bass”)
Daniil Pavliuchkov → Head of Product → Alter ego (Chief Drumming Officer or as we call him in the band - “Mr. BPM”)
Mathieu Schmidt → Engineering Lead → Alter ego (Lead Composer / Singer/ Chief Rhythm Guitar Officer / He really is like a mad scientist who experiments with all sorts of music and instruments. Very versatile.)
Myself (Kwadjo Nyante) → Head of Product Security → Alter ego (Chief Lead Guitar Officer / sometimes singer. Bandmates call me “Mr. Delay”. I would have loved an epic name like “the conqueror”, “Lion of Africa”, or something like this but I really love the delayed sound effects in my guitar solos a bit too much so I guess “Mr. Delay” is well deserved 😂
For over 3 months, this Band practiced in secret; every Wednesday evening in preparation to play for the company. After our practice sessions, we often talked at bars sharing dreams of another life where we become a famous music band touring the world and playing across the globe with millions of fans. In these moments, there was no hierarchy or work. Music was the ultimate equalizer. The relationship we formed in the band transcends work because at the end of it all we were just regular guys working hard and pursuing happiness.
Anyway, the day finally came to play for the company and it was amazing! Check out this video from our last performance at TIER HQ!
Tell us a little bit about your role at TIER and what your day to day looks like?
My team at TIER are responsible for ensuring that the products (especially mobile apps), services, and associated processes shipped to our customers are delivered with the acceptable levels of cyber security by all standards. We focus on security by design, privacy by design, GDPR & ISO27001 Compliance and sometimes specific process fraud prevention.
Most of my day revolves around pursuing these goals. Focusing on preparing and adjusting the long-term strategy, risk assessments in the presence of events like mergers, acquisitions, scaling up, and always balancing it with the resources available. I am also heavily involved in tactical operations such as penetration testing, awareness training, vendor assessments, incident management, change management, threat modeling and initiative reviews, etc.
What is the best part of working at TIER?
Cyber Security, Privacy, and Compliance is an extremely dynamic field. Nothing is ever boring. Ranging from new hacking attempts, exposed vulnerabilities discovered in the wild (e.g. Log4J), latest business requirements that need to be secured, there is always something new happening. Never a boring day! Combining such an exhilarating job with talented and intelligent people, it is just awesome!
Apart from my regular work, I am also the spokesperson for the Safe Space committee. A group of employees dedicated to Diversity, Equity, and Inclusion for employees. The Safe space provides an avenue for employees to deal with work-related issues, cultural issues, etc. usually when the employee just doesn’t know who to turn to. We are like one huge listening ear that covers the entire company. Having an opportunity to impact the culture of the company has been a very fulfilling part of my work at TIER.
Our mission is to change mobility for good, which centers around sustainability. What role does that play in your work and life?
For me, sustainability means promoting longevity. This means ensuring that the human race and life, in general, survive long-term. But even beyond that, it also means promoting the longevity of the core values that make us human. It does not just ensure that we survive but ensures that we deserve to survive.
In my work and life, I try to focus on spreading as many of the core human values I learned growing up in Ghana as possible. Values such as loving and looking out for one another, responsibility, kindness, etc. I bring this to every environment I find myself in.
I also try to be conscious of the impact my actions have on the environment. I walk as much as I can, I am mindful of the food I eat and the clothes I wear, and whenever the opportunity arises, I create awareness of sustainability and the impact mobility has on it.
Why is Product Security important, especially for TIER?
Security means ensuring that information:
Comes from an authentic source (trust-worthy / authenticity),
Is always received or retrieved in its original form (integrity),
Is intelligible or understandable only by desired entities (confidentiality),
Is available whenever requested (availability).
With this in mind, it is clear that this topic affects everyone at TIER. Any TIER information or process that has an interface to the company is a likely target for cyber attacks, even if these employees do not directly work in the security team. Everyone has a defensive responsibility if they hold / work with any TIER asset.
Having a secure environment / product and services also ensures that TIER:
Maintains its good business reputation,
Enhances the trust customers have for our ability to protect their data when they use our services,
Increases revenue growth in terms of winning more tenders due to its ability to provide a high quality secure product/ service,
Prevent avoidable fines due to misalignments with legal frameworks such as GDPR.
So cyber security really works like insurance giving any business a way to prevent avoidable financial losses by outsourcing the financial impact. But even better than insurance, a security team works actively to actually increase revenue and reduce the potential losses that may occur as the business scales up.
What is something that you and the Product Security team have worked on that you are most proud of?
Every day we go without a cyber security breach is a day that makes me and the team extremely proud.
More tangibly, I am especially proud of the creation of the Security Ambassador initiative. A huge part of the security dream is to evolve this initiative into a cyber security culture that spreads like wildfire in the company. When I started at TIER, one way I thought about doing this was to appoint at least one person from each team as a dedicated Security Ambassador. At present, we have 70 Security Ambassadors throughout the company. This initiative has built a better defense position and redundancy, rather than just a few isolated people in a Security team dealing with security.
I am also very proud of all the effort our team put together in achieving ISO27001 compliance and all our efforts towards the pursuit of the ISO27001 certification.
What advice would you give your younger self?
Hahahah! This is a classic time-travel issue. What if the advice to my younger self actually ends up making me worse in the future (which is today 😂)?
On a more serious note, though, assuming there are no time-paradox issues, I would tell my younger self the following: “Life is really like a chess game: It’s not about making the best move in every position. It’s about making a consistent series of good moves. Just stay happy, your time will come”.
“And oh, buy Bitcoin!”
Want to work with Kwadjo and his team? Check out our job openings here: https://about.tier.app/jobs