AI Governance and Vishing Threats Drive New Cybersecurity Skill Demands in Nigeria

*TL;DR: AI governance and AI‑enabled vishing are now top cybersecurity concerns, pushing Nigerian firms to seek incident‑response, threat‑hunting and OT security skills, plus certifications such as OSCP, CISSP and CISM.*

Context Nigeria’s tech sector is grappling with two converging trends. First, AI adoption is accelerating, bringing both efficiency gains and novel attack surfaces. Second, attackers are leveraging AI to craft convincing voice‑phishing (vishing) and email phishing attacks, increasing the cost of human error. Leaders from Rent the Runway and Tata Consultancy Services (TCS) outlined how these pressures are reshaping security priorities.

Key Facts - Rent the Runway’s chief information and security officer, Rehan Jaddi, announced a company‑wide AI governance and risk‑management framework. The program defines risk tolerance, sets ethical AI policies, and mandates security controls for the entire AI lifecycle, from model training to deployment. - Jennifer Scott, head of cybersecurity delivery at TCS’s Letterkenny centre, warned that AI‑driven vishing and phishing amplify human error. She stressed that user education remains the most effective defense against high‑cost compromises. - TCS reports a surge in demand for incident‑management, threat‑hunting and digital‑forensics expertise. Operational technology (OT) security—protecting industrial control systems—is also rising. The firm cites OSCP, CISSP and CISM certifications as the most sought‑after credentials. - Rent the Runway’s hiring focus now spans three skill clusters: AI/ML security (protecting machine‑learning models), cloud and application security (including container security and identity‑access management), and risk communication (translating technical risk to business terms).

What It Means For Nigerian organizations, the dual pressure of AI risk and AI‑enhanced social engineering means security teams must evolve quickly. Governance frameworks like Rent the Runway’s provide a template: define acceptable AI risk, embed security testing into model pipelines, and align AI policies with broader corporate risk appetite. Simultaneously, the rise of AI‑crafted vishing attacks forces a shift from purely technical controls to continuous user awareness programs. Simulated AI‑generated calls and emails can expose gaps before real attackers exploit them. Talent pipelines must adapt. Recruiters should prioritize candidates with hands‑on incident response, threat hunting and OT experience, and encourage certification in OSCP (offensive security), CISSP (information systems security) and CISM (information security management). Employers can accelerate skill growth by offering internal labs that mimic AI‑driven attack scenarios and by integrating risk‑communication training into security curricula.

Mitigations - Deploy AI governance: document model provenance, enforce data‑quality checks, and run adversarial testing against ML models. - Harden voice‑authentication: require multi‑factor verification for high‑value transactions and monitor call‑pattern anomalies using AI‑based analytics. - Launch regular AI‑vishing simulations: measure click‑through and call‑back rates, then tailor training. - Invest in threat‑hunting platforms that surface AI‑generated phishing payloads and OT anomalies. - Align hiring with certifications: OSCP for penetration testing, CISSP for policy design, CISM for risk management.

Looking Ahead Watch for Nigeria’s first industry‑wide AI security standards and for the emergence of AI‑driven threat‑intel feeds that could automate vishing detection.