Casper Eloff, Head of Corporate Security, The Mosaic Company
Casper Eloff leads global corporate security at The Mosaic Company, overseeing programs across North America, Latin America, the Middle East, and Africa. With over 25 years in military, private, and corporate security including service in South African Special Forces and the French Foreign Legion, he brings operational depth and programmatic leadership. In an exclusive interview with CIO Review, he discusses emerging threats, regional variations, and strategies for resilient security programs.
Can you share your career journey and the key experiences that influenced your philosophy and led you to your role at The Mosaic Company?
Reflecting on my career is a privilege. Corporate security now spans borders and sectors, and the ability to anticipate and mitigate risks is essential. My foundation in Special Forces taught me to act before threats materialize, a mandate I carried into the private sector. In 2008 I began as a PSD Team Leader for a USAID project in Afghanistan’s Sheberghan gas fields, training locals to protect critical infrastructure amid insurgency. I then established a Security Tactical Operations Centre in Nigeria, integrating government forces and training hundreds of security personnel.
In 2011 I joined Rio Tinto’s Simandou Project in Guinea, advancing to Country Project Security Manager and confronting unrest, fraud, piracy, and large protests. By 2013 I managed security for Fluor’s $8 billion Umm Wu’al Project in Saudi Arabia, and later served as Global Corporate Security Manager at Samsung Engineering, shaping programs across eighty countries. Since 2020 at The Mosaic Company we have delivered initiatives like PIAM systems, touchless access, and mobile credentialing, solutions where technology and human insight intersect to protect people and assets without compromising operations.
From your experience, how do security challenges differ across regions like the Middle East, Africa, and LATAM, and how does that shape how you scale corporate programs globally?
Regional risk profiles vary widely and require tailored approaches. In the Middle East, geopolitical tensions and insurgent-era risks have evolved into threats such as drone strikes and cyber-enabled operations tied to conflicts in the region. Supply chain exposure and shifting government posture compound these risks, making cultural diplomacy and trusted local engagement essential.
In Africa, from Guinea to Nigeria, threats include civil unrest, theft, looting, piracy, kidnappings, protests, and strikes. Weak governance and economic inequality magnify vulnerabilities. Rapidly evolving demonstrations demand community engagement, local intelligence, and rehearsed rapid-response plans.
In Latin America risks are country-specific. Brazil faces high organized crime-related violence in certain regions, with groups like PCC and Comando Vermelho driving homicides, robberies, carjackings, and kidnappings. Financial and cyber-enabled fraud is on the rise. In countries such as Peru, community relations, union disputes, and workforce unrest pose the primary operational threats.
To scale globally, I apply a Centralized–Decentralization model: standardize core policies, SOPs, and technology stacks while allowing regional teams to adapt tactics. Unified platforms like mobile credentialing, CCTV, PIAM, and integrations with systems like SAP and Workday provide consistency and enable local flexibility.
What are the most significant barriers to shifting organizations from reactive security postures to proactive, enterprise-wide risk management?
Cultural and structural barriers top the list. Change is slow at scale, like turning an aircraft carrier. Security is frequently viewed as a cost center and sits fragmented across Facilities, EHS, or IT, leading to inconsistent responses. Hybrid threats that blend physical and cyber elements are often underestimated, and organizational fear of disruption limits audits and corrective action.
Addressing these barriers requires executive sponsorship, cross-functional collaboration, and measurable ROI on security investments. Cross-training and integrated incident playbooks help break silos. Proactive security means embedding risk management into business processes so vulnerabilities become strategic improvements rather than afterthoughts.
How do you identify and build strategic partnerships with governments, local agencies, and private stakeholders to safeguard assets and enable business continuity?
Partnerships depend on trust and mutual value. I start with established networks like OSAC and diplomatic channels where appropriate. Vetted local referrals, joint training, and exercises build operational trust. In Guinea I coordinated with host-country security during unrest; in Peru I worked with State Department representatives on crisis planning.
Formal agreements such as MOUs, regular audits, and embedding local partners within Emergency Operations Centers create clarity and shared responsibility. Joint planning and information sharing ensure partners are operational contributors rather than external contractors.
When comparing industries such as oil and gas, mining, and agribusiness with IT or construction, what shifts in security models and adoption strategies stand out most?
Industry risk drives model choice. Oil, gas, and mining emphasize physical protection such as perimeters, PSDs, supply chain controls aligned with standards like ISO 28000, and often require coordination with armed forces and emergency authorities. Construction presents transient-site challenges that demand consistent oversight and ethics enforcement. IT prioritizes cyber resilience but increasingly requires physical-digital convergence.
A clear trend across sectors is the fusion of human-led intelligence and technology. PIAM, remote monitoring, and analytics provide visibility; human judgment and community engagement enable contextual response. Mining and agribusiness have been slower to adopt in remote operations, but integrating remote tech with local teams yields the most resilient outcomes.
What advice would you give to future commercial and security leaders who want to build meaningful careers at the intersection of business growth, technology, and resilience?
Versatility and curiosity are fundamental. Be adaptable, culturally literate, and, where possible, multilingual. Build networks through organizations such as OSAC, DSAC, The Security Institute, ISMI, and ASIS. Practical experience matters; accept hardship or remote assignments early to develop resilience and decision-making under pressure. Certifications such as CSMP, CPP, and PSP strengthen credibility.
For senior leaders, prioritize convergence by bridging physical and cyber security through integrated risk assessments and aligned technology investments. Lead with integrity, as ethical leadership builds trust, which is the foundation of continuity. Balance teamwork with personal grit; anticipate threats, innovate responsibly, and cultivate resilience in people and systems.
Successful programs combine modern technologies with disciplined human processes and continuous training to keep pace with evolving threats. We measure effectiveness with clear, data-driven metrics and regular scenario-based testing. Sharing lessons across regions and between cyber and physical teams accelerates learning. Small investments in community programs often yield outsized reductions in operational friction and long-term risk. Leaders who prioritize transparency and accountability find it easier to secure executive support and sustain long-term programs and funding.
Protecting assets is necessary, but enabling secure growth is the ultimate objective.