Saira Hassan is the Chief Security Officer, leading our organisation’s efforts to protect critical assets and data in an ever-evolving threat landscape. She is responsible for defining and implementing our comprehensive cyber security strategy, overseeing threat detection and response, and ensuring compliance with global security standards. Her focus is on fostering a security-conscious culture and leveraging innovative technology to maintain a resilient and proactive defence posture. When asked about the biggest challenge her team faces, Saira emphasised the need for continuous education against increasingly sophisticated social engineering attacks, stating, 

‘Technology is only part of the solution; our people are our first and most important line of defence.’

Read the full interview below 

What inspired you to pursue a career in information security, and how did that path lead you to Zodia Markets?

I was presented with an opportunity to do a rotation in the Cyber Security department as part of a GraduateTechnology Leadership Program at an investment bank. I felt an immediate spark – that this was a career that I could be passionate about!  I had a strong conviction that the Cyber Security industry was headed towards exponential growth, though few could have predicted the sheer scale of its global expansion, soaring from an estimated $3 billion then, to an estimated $245 billion today. 

I gained some invaluable experience in the Investment and Retail Banking sector. These regulated organisations invested heavily in their Cyber Security programs, focusing on control breadth and maturity. By this point, I knew what ‘good’ looked like within a regulated organisation.  When the Zodia Markets opportunity arose, I felt that this was an opportunity where I could leverage the skills and knowledge I had gained in the traditional finance space, and extend it to this new and exciting industry where Cyber Security is an absolute business imperative. It was a chance to leverage established industry practices, and provided a rare opportunity to build Security early on in the design and implementation phase. 

Cybersecurity is mission-critical for digital assets. What are the biggest security priorities you focus on as CISO?

Private key security and transaction authorisation are mission-critical in the digital asset space to protect against a loss of funds scenario. Our focus has always been on ensuring that multi layer protections are in place and effective. This can include the use of HSMs, MPC, air gapped controls, and to ensure robust operational segregation – to ensure no single point of compromise can lead to asset loss. Zodia Markets does not itself hold assets and so we assess vendor and custodian controls continuously and design compensating controls for external dependencies. 

My overarching priority is building a security-first culture – one where every team, from Trading to Development, understands that protecting our institution is a shared mission. Technology is vital, but culture and process makes it resilient. 

How does information security in digital assets differ from traditional finance — where are the risks similar, and where are they entirely new?

Information security in digital assets and traditional finance shares foundational goals – protecting data, defending against insider threats and phishing, and managing third-party and compliance risks. Both sectors face constantly evolving threats and require robust cybersecurity programs to detect, protect, and respond to incidents – ideally with a focus on prevention. 

However, digital assets introduce fundamentally different risk dynamics. Built on blockchain technology – which is cryptographically secure, immutable, and transparent – transaction monitoring in crypto can be more sophisticated than in traditional finance. But while the blockchain itself is secure by design, vulnerabilities often arise in the layers built on top of it: hot wallets, smart contracts, and private key management. These introduce risks unique to the crypto ecosystem and require different approaches such as smart contract audits, air gapped systems, Multi Party Computation (MPC) for private keys and Multi-Signature controls for transaction approvals by quorum. 

Security failures in crypto can be immediate and irreversible – which requires a fundamentally different mindset and architecture.

The threat landscape evolves daily. How do you stay ahead of new risks and ensure the business is resilient?

Threat intelligence is a full-time day job – and an essential one. Every day brings new compromises, zero-day exploits, and advanced tactics targeting even the most well-defended organisations. The threat landscape is constantly shifting, so staying ahead of emerging risks requires ongoing effort and vigilance.

At Zodia Markets, we consume intelligence from a range of trusted sources – including open-source intelligence, various feeds,  and regulatory advisories. These insights are reviewed and used to support horizon scanning and risk-informed decision-making.

One of the advantages we have is our strong heritage from the traditional banking sector. Financial institutions have developed some of the most mature threat intelligence capabilities globally – and many of these teams are now extending their focus to include crypto-specific risks. Through our connection with Standard Chartered, we benefit from this level of maturity and the broader intelligence-sharing ecosystem that supports it.

Of course, no organisation is immune to threats, we aim to stay informed, resilient, and ready to adapt as the threat landscape evolves.

What advice would you give to other women looking to build a career in information security or technology leadership?

Female leadership in cybersecurity is still rare, and while progress is being made, it’s clear there’s still work to do. I’m encouraged to see more women entering the field – particularly in audit and assurance roles, which often serve as strong entry points into the industry. We’re also seeing some incredible pockets of female talent in highly technical roles like penetration testing and red teaming, which is fantastic to see. At the senior leadership level, the landscape is less balanced. 

Cybersecurity is a high-pressure environment – the stakes are high, the pace is fast, and the threat landscape is constantly evolving. That reality can make it difficult for women to remain in the field long term, especially without flexible pathways or the right support systems in place.

In the past, I’ve engaged with school-age students to raise awareness early. Many young people, don’t realise the breadth of opportunities in cybersecurity. They can’t always connect what they’re learning in school to a meaningful role in the field. The truth is, you don’t need to be a coding expert to make a real impact. Cybersecurity is a vast domain, and there’s space for analysts, architects, risk managers, and many more skill sets.

I also think we need to have an honest conversations about how women can align their career choices with personal life stages – without feeling like they have to drop out altogether. For example, frontline roles like security operations or incident response might not be ideal while raising a young family, but slower-paced, more strategic roles like Identity & Access Management, architecture, or risk management can offer a better balance whilst still providing breadth and depth of experience. I’d love to see more women thinking strategically about their long-term place in the industry – and organisations doing more to support those transitions.

Ultimately, women bring diverse perspectives, empathy and critical thinking that are essential for tackling the complex challenges in cyber. We just need to make sure the pathways to leadership are visible, supported, and sustainable.
My advice is to apply some research time into this field. If you think that you can make a difference, seek out a mentor to help guide you. There are some fantastic resources available such as the New2Cyber scheme by SANS.org that can help you get started. One thing is guaranteed if you pursue a career in Cyber Security – you are signing up to a lifetime of learning!

Looking ahead, what do you see as the biggest shifts coming in cybersecurity — particularly in the context of digital assets?

The landscape is being redefined by the rapid adoption of Generative and Agentic AI. It’s no longer just about human users accessing data; it’s about autonomous agents. This demands a strategic review focusing on controls and automation.

We are seeing this formalised through regulation like the EU AI Act, which forces organisations to map their AI usage. Another shift is around the rise of Non-Human Identity (NHI). Securing the ‘identity’ of an AI agent is now just as critical as securing a human employee. 

As we move assets on-chain, we face a unique paradox; Blockchain is immutable, but the cryptography protecting it is temporary. This creates a risk for any long lived digital assets like a 10 years government bond or tokenised real estate. Threat actors are executing ‘Harvest Now Decrypto Later (HNDL) campaigns. They are scraping and storing encrypted blockchain data today, intending to decrypt it the moment Quantum computing matures. If we secure a 20 year asset with today’s encryption, we are effectively baking in a future data breach. 

The industry is pivoting from static security to Crypto-Agility. This includes a rush to upgrade infrastructure with Post Quantum Cryptography (PQC) standards. The goal is to ensure that an asset minted today is quantum proof, securing not just the transaction ledger, but the physical value it represents. 

Looking ahead, the organisations that thrive in this space will be those that treat cybersecurity as a strategic enabler – not just a control function. In digital assets, trust is everything – and security is the foundation of that trust.