Mr Sarwat Nafei

Job: PhD student

Faculty: Business and Law

School/department: Leicester Castle Business School

Address: De Montfort University, The Gateway, Leicester, LE1 9BH

T: N/A



Personal profile

Sarwat is a Cybersecurity expert with 20 years of experience in the information technology field. He held many executive positions at the fortune 500 corporations and the big4 firms (i.e Deloitte, EY, &KPMG) lately he was the Vice President for National Cybersecurity CGI-Canada (one of the largest Multinational IT corporations). He also served at the cybersecurity committee of the International Telecom Union a UN organization. 

With a degree in Electrical Engineering, MBA, and a Phd researcher at Leicester Business school; he also hold multiple industry certification including, a certified information system security professional (CISSP), certified information system auditor (CISA), PSEC System Engineer and was the head of the International Association of Privacy Professionals chapter (IAPP).

He has multiple publications at a prestigious academic journals, i.e. JMO, Academy of Management and presented at many security conferences for government and the industry.

He has always had a passion for education and taught at well ranked universities i.e York university, American university and others. In his capacity as a program director and professor he was developing courses, exams and teaching Cybersecurity, IT management, IT Audit, for undergrads as well as for graduate programs and EMBA.

Publications and outputs

Academy of Management proceedings

Research interests/expertise

Current research on cybersecurity revolves around the technical aspects of its implementation. While a developing body of work around firm digitization, digital strategy, and digital entrepreneurship exists, the field of strategic management has remained silent on the development and implementation of cybersecurity strategy. At best, we can extrapolate from research on strategy-making some guidance for practitioners, but, cybersecurity strategy does not fit into typical definitions of corporate, competitive, or functional-level strategy. Cybersecurity strategy crosses functions, business units, and entire firms. In my extensive search; I have spotted a gap in empirical studies; that is linking both sides, the technical understanding of the cybersecurity issue, with the organization management and business capabilities. This research will expand on what current research offers to action and what
directions must be followed next from an action perspective.

Areas of teaching

Management and Cybersecurity


B.Sc. in Electrical Engineering, MBA, post-grad studies in strategic management from Manchester university

Conference attendance

This research have been accepted as an 'early stage research' at at the Academy of Management conference 2020

PhD project


Cybersecurity Strategy and Strategic Decision-making: An Examination from Dynamic Capability and Judgment-based View Perspectives


This research aims to explore the creation and implementation of cybersecurity strategy in organizations and to better understand how strategic decision-making and the exercise of judgment occurs in this context. The aim is ultimately to better understand how effective cybersecurity strategies are made, develop a framework for this and to be able to then better advise organizations on cybersecurity strategy-making.

Name of supervisor(s)

Professor Paul Hughes