What is the heartbeat of a secure digital organization? It’s not just the firewalls or the encryption keys; it’s the people, the culture, and the strategic vision that pulses through its systems. El Bachir El Alaoui understands this truth—and has made it his mission to bring this pulse to life through strategic leadership and technical expertise. What sparked El Bachir’s curiosity about cybersecurity was simply a deep interest in technology in general, particularly electronic devices, and how they work.
He always aimed for an impactful job and the satisfaction of making a real difference by helping to protect individuals and organizations from cyberattacks and by safeguarding sensitive information. El Bachir invested his time in developing his skills in various IT functions, i.e. systems, infrastructure and software development. Then, he turned to a more focused career in cybersecurity as a consultant and a project manager. And a few years ago, he grabbed the opportunity to join ENGIE as a Cybersecurity and Infrastructure Manager and, after 3 years, he was promoted to Chief Information Security Officer.
As we dive deeper into the industry fundamentals, we see that there are many responsibilities, particularly in the cybersecurity sector. Today, cybersecurity covers not only IT (Information Technology), but also OT (Operational Technology) to protect industrial assets. However, while emphasizing the key responsibilities, El Bachir shares, “The main ones are Governance, by developing and implementing comprehensive security policies, procedures and standards that align with the organization’s business goals; Operations, by identifying, assessing, and mitigating security risks to protect our organization’s offices and industrial assets in the region; Compliance, by ensuring ENGIE meets regulatory requirements and industry standards; Security Architecture, by planning and implementing IT and OT infrastructure and solutions that follow best security practices; and Awareness, by developing a cybersecurity culture through employee awareness-raising and training.”
Progressing with a Vision
To stay ahead of emerging cybersecurity threats, El Bachir implements several key strategies. He starts by conducting regular security audits and assessments to identify potential vulnerabilities and to ensure compliance. Continuous monitoring is also a cornerstone of his approach, allowing his team to detect anomalies and potential breaches as soon as they arise.
El Bachir invests heavily in advanced threat detection technologies, utilizing AI and machine learning to enhance the speed and accuracy of threat detection. Additionally, he ensures that employees receive ongoing training in cybersecurity best practices, helping them stay vigilant and maintain strong cyber hygiene habits across the organization.
In El Bachir’s perspective, cybersecurity is an advancing field, thus he tries to maintain a dynamic leadership style by fostering trust, collaboration and engagement of team members. He ensures that communication flows effectively between the team and remains clear and transparent, and he tries to adjust the leadership approach to the team’s context and needs.
However, he believes that he is fortunate to work with a team of leading cybersecurity professionals who already have a strong cybersecurity culture and for an organization that has integrated cybersecurity into its corporate priorities, alongside health, safety and ethics. He expresses, “Demonstrating a commitment to security, encouraging an open dialogue about team members’ issues and concerns, promoting a collaborative environment to solve security challenges and recognizing and celebrating their (and our) achievements, help to reinforce the importance of this culture.”
Vocation in Spotlight
While shedding light on professional milestones and recognitions throughout his tenure, El Bachir highlights his promotion to the current leadership position of Chief Information Security Officer as a defining moment. He views it as a significant acknowledgment of his expertise, dedication, and the consistent value he has brought to the organization over the years.
However, in his past career as a project manager, he successfully led and contributed to impactful initiatives—one of which notably enhanced a well-known. NGO’s capacity to deliver essential health services and education to children in need across Africa. In his opinion, celebrating key work anniversaries, such as five or ten years with the same organization, is more than a formality; it’s a meaningful milestone that reflects dedication, growth, and a lasting contribution to a shared mission.
The Advancing World of Cybersecurity
El Bachir recalls the days when the implementation of cybersecurity initially focused on securing networks and ensuring data integrity. However, with the rise of sophisticated attacks, such as ransomware or supply chain attacks, it has since evolved to offer more comprehensive security solutions.
Today, the growth of cloud computing and the use of AI have also introduced new security challenges, requiring more robust and complex solutions to protect infrastructure, applications and data.
Curating Strategies for Addressing Challenges
While closely observing the leading industrial sectors, El Bachir opines that the energy sector is facing many cybersecurity challenges, some of which have existed for a long time and will remain, such as phishing attacks or the use of outdated or obsolete systems. The interconnected nature of this sector also poses a major risk and means that vulnerabilities in the supply chain can have widespread impacts.
As per the fundamentals, one that is fairly new is the acceleration in the integration of IT and cloud solutions with the industrial infrastructure, which increases the attack surface and the complexity of cybersecurity measures.
Addressing these challenges requires a comprehensive approach, including regular security assessments, employee training, advanced threat detection, and robust incident response plans. Another pressing and major challenge is empowering women in the cybersecurity field to address the industry’s talent shortage and enhance diversity. In El Bachir’s view, tackling these multifaceted challenges demands technical resilience and a collective commitment to inclusivity, innovation, and continuous adaptation in the advancing business arena.
He believes that, much like in other sectors, the core challenges remain consistent—the key difference lies in the accelerating pace of change. To stay ahead, he actively engages in conferences and webinars, follows trusted cybersecurity publications, networks with industry peers, and subscribes to expert-led newsletters.
Additionally, he highlights the advantage of being part of a large organization, where valuable insights and guidance are regularly exchanged between internal cybersecurity teams and trusted partners.
Maintaining a Healthy Work-Life Balance
In the world of cybersecurity, the clock never truly stops ticking. Threats evolve rapidly and emerge at all hours, often with little warning. As part of a global organization spanning multiple time zones—including an 11-hour gap between the African and Australian offices—this 24/7 vigilance is both a challenge and a necessity. Operating in such a dispersed environment has taught El Bachir the importance of structure and discipline. He won’t claim to have reinvented the wheel when it comes to work life balance, but he understood that maintaining it requires intentional effort and practical strategies.
For El Bachir, it starts with setting clear boundaries. When the lines between work and personal life begin to blur—especially in cybersecurity, where urgency often demands attention—those boundaries become even more critical. He makes it a point to define his working hours and his personal time clearly, and he adheres to that structure as consistently as possible.
Equally important is the strength of his team. His ideology reflects that effective delegation is not just about offloading tasks—it’s about empowering people, building trust, and creating a culture where responsibilities are shared and success is collective.
Technology also plays a pivotal role. Thus, wherever possible, he relies on smart automation and collaborative platforms to streamline workflows. From real-time alerts to integrated response systems, these tools help to stay ahead of threats without burning out. Balancing a high-stakes profession with personal well-being is never easy, but it’s achievable. “It’s less about perfection and more about consistency—knowing your limits, trusting your team, and leveraging the right tools to stay sharp, stay present, and stay resilient,” shares El Bachir
Word to the Wise
While offering a piece of advice to the budding aspirants willing to venture into the field of cybersecurity, El Bachir highlights, “To start a journey, we have to choose a path.” He further elaborates that in the vast world of cybersecurity and digital transformation, the journey often begins with finding that spark of interest. There are so many niches to explore, but it’s essential to start with the one that excites you most. Dive into the fundamentals—the core cybersecurity principles, the key concepts of digital transformation—and build your foundation. Remember, the beauty of this field is that there’s always room to pivot later, exploring new roles and discovering fresh challenges within the same domain.
He explains, “Theory alone won’t take you far. The real magic happens when you roll up your sleeves and get hands-on experience. Whether through internships, entry-level roles, job shadowing, or volunteering, each opportunity helps sharpen your skills and build your confidence. This is where learning really comes to life.”
Through years of significant knowledge and expertise, El Bachir implies that aspirants should not forget the power of certification. It’s more than just a piece of paper—it’s a validation of expertise that can elevate credibility and open doors to new opportunities. Lastly, remember that technical prowess is only part of the equation.
Last but most important, he adds, “To truly thrive in any role, especially in such a dynamic field, you need to nurture your soft skills. Effective communication, problem-solving, adaptability, attention to detail, and teamwork aren’t just nice-to-haves—they’re the glue that holds everything together and propels you forward on your journey to success.”
Thriving towards New Horizons of Success
Looking ahead, El Bachir is focused on three key goals that will guide his cybersecurity strategy in the next couple of years. “For this year and the next,” he shares, “I’ve set three main objectives centered around resilience, excellence in cyber operations, and building a strong cybersecurity culture within the organization.”
Now, he’s committed to excellence in cyber operations. This includes refining how the team monitors and reports cyber threats. By making these processes more efficient, El Bachir hopes to improve the speed and accuracy of threat detection. Automating some of the detection and response processes is also a major focus, so the team can stay one step ahead of evolving threats without being overwhelmed.
The Second priority is resilience—specifically improving the organization’s incident response capabilities across both IT and OT systems. El Bachir knows that being able to respond quickly and effectively to any cyber threat is crucial, so he’s working on strengthening this area to ensure business continuity, no matter the situation.
Finally, El Bachir places a strong emphasis on building a cybersecurity culture within the organization. “It’s not just about having the right tools,” he says. “It’s about making sure every single person in the company understands their role in cybersecurity.” That’s why he’s investing in ongoing training to help employees not only stay informed about the latest threats but also build better cybersecurity habits in their everyday work.
Looking to the future, El Bachir’s approach to resilience, excellence in cyber operations, and a culture of security sets the stage for a strong and adaptable cybersecurity framework. With these priorities in place, he’s confident the organization will not only be able to defend against threats but also thrive in an increasingly complex digital landscape.
