Aerospace and Defense Review

SunExpress

Ayo Adebayo, Head of Information & Cyber Security

Shaping Cyber Resilience across Aviation's Digital Frontier

Shaping Cyber Resilience across Aviation's Digital Frontier

Ayo Adebayo

Ayo Adebayo leads Information & Cyber Security at SunExpress, overseeing cyber risk governance, data protection, incident response, and third-party oversight. With over 30 years in cybersecurity and enterprise risk, he melds technical depth with business insight, elevating security from a cost center to a strategic enabler of innovation, compliance, and trust in the airline industry.

Integrating Cyber Strategy into Business Operations

As Head of Information and Cyber Security at SunExpress, I lead the strategic and operational agenda to protect the airline’s digital assets, ensure regulatory compliance, and drive business-aligned risk management. My remit includes governance of cyber including management of risk, security architecture, data security, cyber incident response, and third-party risk oversight.

A key focus of my role is engaging senior leadership and executive management in cyber risk discussions to ensure informed decision-making. With over three decades of experience, I bring a holistic view that balances technical depth with business pragmatism, enabling information and cyber security to serve not just as a safeguard, but as a value enabler.

At its core, a successful strategy fosters collaboration between information and cyber security, IT, and business teams, creating a culture where security is embedded in decision-making, not bolted on as an afterthought.

For cybersecurity strategy to be effective, it needs to be adaptive, intelligence-led, data driven and outcome-oriented.

Core elements include:

• Risk-based governance aligned with business objectives

• Zero Trust principles embedded across identity, data, and infrastructure

• Proactive threat detection and response capabilities

• Secure-by-design approach to digital transformation initiatives

• Robust third-party and supply chain risk programs

• Regulatory compliance and data sovereignty controls

Seek to embed cybersecurity in your business growth narrative. Too often, security is positioned as a cost or compliance constraint, rather than a differentiator.

“Cybersecurity is no longer just an IT issue, it’s a business continuity imperative.”

My advice:

• Have information and cyber security involved from the innovation design stage

• Align risk tolerance and risk statements with business ambition and objectives

• Measure and communicate the impact cyber security is providing particularly in terms of business resilience, customer trust, and regulatory assurance

Security leaders must speak the language of business value, while IT leaders must internalize the value of secure architecture. That synergy is the foundation of digital trust.

Cultivating High-Reliability Teams & Threat Detection

The environment is key – leaders need to create a progressive and supportive environment where analysts can challenge assumptions, report anomalies, and escalate early. This lends itself to cyber teams being able to operate like high-reliability organizations—adaptable, responsive, and constantly learning.

Key practices include:

• Fusion of threat intelligence with detection engineering to ensure controls evolve with the threat landscape

• Automation through SOAR platforms to reduce response latency and improve analyst capacity

• Tabletop exercises and red teaming to validate playbooks and response posture

• Cross-functional cyber resilience drills to foster readiness across technology, legal, and operational teams

• Ongoing training and development programs that keep teams current on the latest tools, techniques, and threat actor behaviors, while encouraging certification and continuous learning

Insider threats require a nuanced approach, blending behavioral science with security telemetry. Techniques include:

• User and Entity Behavior Analytics (UEBA) to detect anomalies in context of baseline behavior

• Privileged access behavior monitoring with temporal and geospatial analysis

• Integration of HR and IT data to correlate patterns (e.g., disgruntled exits, role changes)

• Strategic DLP implementation with focus on data egress and shadow IT usage

Equally vital is promoting a culture of ethical responsibility, where staff understand the implications of their digital actions and feel confident reporting concerns.

Leveraging Responsible Technology for Future Resilience

AI and ML are transformative—when responsibly applied. They can amplify human capability in cybersecurity operations by:

• Surfacing unknown threats through pattern recognition and anomaly detection

• Correlating high-volume events to provide analysts with actionable insights

• Accelerating incident triage and contextual enrichment

• Forecasting risk trends using historical data and predictive analytics

However, AI must be explainable, auditable, and used with human oversight. In my experience, the most effective models are those co-designed with analysts, where technology enhances—not replaces—human judgment.

Cybersecurity is no longer just an IT issue, it’s a business continuity imperative. At SunExpress, we are cultivating a shared security culture that empowers employees, strengthens customer confidence, and supports our growth trajectory. I believe our role as security leaders is evolving: not only to defend against threats, but to shape the trust layer of the digital economy. That’s a responsibility I carry with purpose and pride.

The articles from these contributors are based on their personal expertise and viewpoints, and do not necessarily reflect the opinions of their employers or affiliated organizations.
Copyright © 2026 Aerospace and Defense Review All Rights Reserved | HOME | NEWS | SITEMAP | NEWSLETER | SUBSCRIBE | ABOUT US | Editorial Policy | Feedback Policy | follow on linkedin