Published on: October 15, 2024
In a recent SafetyDetectives interview, Craig Rosewarne, CEO and Founder of Wolfpack Information Risk, shared insights into his journey of establishing one of Africa’s leading cybersecurity firms. With over 13 years of experience running Wolfpack, Craig discussed how his background in global consulting and community-building helped shape the company’s unique approach to cybersecurity. Wolfpack stands out for its commitment to blending corporate security solutions with a strong community focus, offering tailored services that address national security issues, while also providing pro bono assistance to vulnerable organizations.
Wolfpack’s innovative strategies combine cutting-edge technology, such as AI-driven platforms and virtual CISO services, to provide affordable cybersecurity solutions for companies of all sizes. In the interview, Craig emphasized the importance of staying ahead of emerging cyber threats and integrating hands-on, localized cybersecurity awareness programs that resonate with communities across Africa. By continuously adapting to the fast-evolving tech landscape, Wolfpack is poised to help clients navigate future challenges in cybersecurity.
Can you share a bit about your background and what led you to your current role at Wolfpack?
I started Wolfpack 13 years ago. Before that, I was with Deloitte and did some work in different parts of the globe. In 2003, I did some contracting work in Saudi Arabia. When I returned to South Africa, I was looking to join a security group or forum, but there wasn’t really anything available. So in 2005, I started talking to people and eventually established a nonprofit company called the Information Security Group of Africa.
It grew quickly to about 3,000 members, with chapters in Johannesburg, Cape Town, Durban, Kenya, and Nigeria—some of which are still active today. The goal wasn’t to generate money but to bring the community together. While running that, I was also working as a director at Deloitte, and it became difficult to juggle both responsibilities along with family life. That’s when I came up with the idea of creating a company with a strong community focus—hence, the name Wolfpack. The concept is that a wolf on its own isn’t the strongest animal, but together, in a pack, they look after each other.
I pitched this idea to a partner at Deloitte, but they said it didn’t fit their model. So, I decided to leave Deloitte and start the business on my own—and that was 13 years ago.
What unique challenges does Wolfpack address in the cybersecurity landscape that set it apart from other firms?
One of our key differentiators is the community element that’s built into the company. It’s challenging to do things for free and make it sustainable, but we’ve managed to create a balance. We have three focus areas:
- Company – Business Solutions: This is our bread and butter, where we work with organizations of all sizes on security consulting, training, and awareness.
- Country – National Security Projects: We address national challenges and have completed about a dozen projects, such as national training programs or developing cybersecurity frameworks for governments. We’ve worked with governments across Africa, and even some foreign governments who fund or sponsor initiatives on the continent.
- Community – Support for Vulnerable Sectors: For the past eight years, we’ve focused on proactive awareness and pro bono victim assistance for vulnerable communities. If a nonprofit or individual gets hit by a cyberattack, we offer free assistance to help them recover. We also raise awareness by sharing lessons learned through talks and training materials. We assist in taking down scam sites and report financial fraud to banks as well.
How does Wolfpack tailor its cybersecurity and risk management strategies to fit organizations of different industries and sizes?
It’s definitely a challenge, especially for smaller organizations. Initially, we focused more on consulting, but even though we were better priced than the Big Five firms, our services weren’t always affordable for smaller clients. Over the past few years, we’ve been leveraging platforms—like virtual CISO services and awareness platforms—to help reduce costs.
We’ve built a model where a senior consultant provides oversight, while junior analysts handle much of the work. This allows us to offer services to smaller clients at a more affordable rate. A combination of AI tools, senior oversight, and junior analysts doing the bulk of the work has made cybersecurity more accessible to organizations of various sizes.
Can you explain the role and benefits of a virtual CISO (vCISO) for companies lacking in-house cybersecurity expertise?
We’re currently running a big marketing campaign around the virtual CISO and virtual security team concept. Large companies generally have a CISO or an information security officer in place, but small and medium-sized businesses (SMBs) often don’t. The problem is that cybercriminals don’t discriminate—SMBs face the same risks as large corporations.
A virtual CISO offers these smaller companies access to cybersecurity expertise they couldn’t otherwise afford. They don’t necessarily need a full-time person, but they can get a slice of someone’s time. When there’s trouble or a need for additional hours, we can step in and provide more support. It’s an affordable and flexible way for SMBs to manage their cybersecurity risks.
How does Wolfpack integrate cybersecurity awareness and training into its overall strategy for clients?
We’ve been running awareness and training programs for a long time. In the past, we offered public training, but it was difficult to manage. Now, we focus on tailored training programs for specific industries or larger clients.
We have our own creative team that develops custom content based on client needs. We only recently partnered with a commercial awareness platform provider and always complement our offerings with local content relevant to the client’s country and legislation. This makes the training more relatable and effective.
Our key differentiator is our community focus. We have strong threat intelligence on crimes and scams, and we integrate this into our training programs. We also focus on protecting employees, which gets a lot of buy-in because it impacts them personally—whether it’s their family’s safety or their own finances. Our training sessions are hands-on and interactive, showing people how to detect scams and use tools to protect themselves.
I’ve also just published a book on cybercrime self-defense, covering 46 different scams. We use that as a blueprint for our training modules.
What future trends do you anticipate in cybersecurity, and how is Wolfpack Risk preparing to meet these challenges?
One thing that’s inevitable is that companies will continue to adopt more technology. Even 10 years ago, clients struggled with basic cyber hygiene, and now they’re facing mobile, cloud, and AI. The tech landscape is evolving rapidly, and cybercriminals are getting more sophisticated.
We’re seeing increased compliance pressures, like the Malabo Convention on Cybersecurity and Privacy in Africa. Third-party risk is also a growing concern—larger companies are demanding to know how their partners are securing their data.
AI is a huge opportunity but also introduces new risks. We’re already seeing fraudsters use AI tools like FraudGPT or AI-based password hacking tools. It’s creating a new wave of attacks, and we’re closely monitoring these developments.
At Wolfpack, we help clients navigate these tech trends and make sense of how to adopt new technologies safely. As the landscape evolves, we continue to adapt, helping clients balance the risks and opportunities that come with emerging technologies.
For more information, you can contact – Tania Diesel, Marketing Operations Manager at Wolfpack.