cybersecurity - Afrikan Heroes

Women Account for Only 20% of the Cybersecurity Workforce

July 18, 2020

The Great Lockdown has opened the door to existing inequalities within the ICT industry especially in the area of cybersecurity. A new report released by Cybersecurity Ventures shows that women represent around 20% of the global cybersecurity workforce, and this is coming just two years after Frost & Sullivan pointed a menacing finger at the 1.8 million vacant cybersecurity seats by 2020 and the dearth of skills and people within an incredibly critical industry. There is a lack of female representation within this industry and a lack of actual skills needed to populate the growing number of requirements from organisations facing a rising cyber threat.

The answer, according to Anna Collard, MD of KnowBe4 Africa, is to encourage women to cross-skill and expand into cybersecurity roles and to make the industry more welcoming as a whole. “Cybersecurity isn’t just ones and zeros, it’s the people factor, it understands the nuances of business and the value of technology and being capable of managing multiple threads at the same time,” she adds, noting that “It can be project and people management, ethical hacking, coding as well as the ability to problem solve at speed. The industry is incredibly nuanced and this is what needs to be communicated to the next generation of cybersecurity professionals regardless of gender or education.”

This is not to say that women can’t dig themselves deep into technology, they obviously can. But Collard points out that cybersecurity has been made to feel more complicated than it actually is. Anyone can walk into this industry; all they need is a hunger for continuous learning. “Women need to see that taking on a role within cybersecurity is exciting, challenging and interesting. I certainly didn’t realise how varied and dynamic this space was until I fell into it, by accident. I studied International Economics and now I am the Managing Director of a company that’s dedicated to cybersecurity awareness training and development.”

Collard’s road from a student in Munich, learning about economics, interning in Singapore to the founder of a cybersecurity firm in South Africa wasn’t straight, but it was led by opportunity, mentorship and grit. People in the industry recognising the value that she added and how her skills could translate into cybersecurity. And this is key to changing the chromosome dynamic in this industry – providing women with the opportunity to expand their skills and explore new areas that previously they didn’t think were in their remit.

“I firmly believe in two things – mentorship and online resources,” says Collard. “Mentorship is critical to giving people, not just women, the confidence they need to explore this industry and the variety that it offers. Even more importantly, you can teach yourself whatever you need to know using online resources. I think that if a woman can teach herself how to make smoky eyes on YouTube, she can easily learn how to do anything in security. Anything.”

Collard has a point. Many professionals supplement their industry understanding with courses and research provided online. In fact, continuous professional development and a relentless curiosity are two key qualities that define a successful cybersecurity professional, no matter where they stand in the field.

“When I first started out, I did feel inferior to some of my male colleagues who had heavy tech backgrounds,” concludes Collard. “Then, I tapped into them as a resource and used their vast understanding and insight to help me upskilling myself. With their guidance and my own creative tendencies, I was able to see the bigger picture and develop a cybersecurity career that has seen me grow, and sell, my own cybersecurity business. This is an incredibly interesting and diverse industry where anyone open to learning can find a foothold, we just need to show them how.”

To fill the growing gaps in cybersecurity skills development and to improve gender diversity, the industry needs to demystify its perceived complexity and scrub away the sense that this is a male-dominated domain. This approach will not only help improve the imbalances in gender diversity but it will ignite an interest in the industry as a whole, filling in those gaping skill holes with much-needed talent from across all areas of business and market.

Kelechi Deca

Kelechi Deca has over two decades of media experience, he has traveled to over 77 countries reporting on multilateral development institutions, international business, trade, travels, culture, and diplomacy. He is also a petrol head with in-depth knowledge of automobiles and the auto industry

The Greatest Cybersecurity Threat of All

July 5, 2020

By Steve Jump

It is common knowledge that there are too few information security professionals to meet the demands of business. Estimates are that for every qualified information security practitioner on the market in 2020, there will be at least three vacant positions for them to choose from.

Steve Jump outgoing head of corporate information security governance at Telkom — ***Steve Jump, outgoing head of corporate information security governance at Telkom***

Information security as a choice of specialisation is now a hot topic because it pays really well — quite possibly the highest starting and career salaries in the IT professions. The lucrative salary, however, can come at quite a personal cost.

That earning opportunity is attracting a lot of otherwise normally IT-capable people into considering security as a specialised discipline. Companies are paying more to attract and retain these skills. In spite of these lucrative opportunities, why is it that so many experienced security professionals are leaving their current employers?

Although burnout is common in high-pressure industries, the pressures that security professionals are exposed to can take this to a new and disturbing level

IT has always been a high-stress profession, but information and cybersecurity specialists and executives are currently seen as the most likely subjects to experience burnout. Although burnout is common in many high-tech, high-pressure industries, the pressures that security professionals are exposed to can take this to a new and disturbing level.

One reason for this is too few security specialists, as everyone who is able to deliver a competent cybersecurity function will be overworked — nothing new there in the IT space. But, apart from the brutal and merciless 24×7 “fix it now” ethos common to IT, cybersecurity practitioners have another equally challenging problem to contend with.

Cybersecurity in principle is about detecting and defending your company from active attacks by cybercriminals. It is an unending, intense and technically demanding process. This continual and aggressive attack, however, triggers an equally intense response in the best security practitioners; where their understanding and dedication can lead them to take a strong personal and emotional position in defence of their companies.

Underappreciated, overworked

Often overworked, underappreciated, frequently blamed for that one failure out of a hundred unacknowledged successes, rarely appreciated by the very business that they protect; these emotionally engaged front-line cyber warriors, whether at a network technical level, security operations executive, or at CISO level, can easily fall prey to a level of PTSD that can lead to serious burnout.

The very dedication that can make these professionals such an asset can become their Achilles’ heel, the best of the best do take cybersecurity extremely personally. This professionalism is their secret power. But no one has an infinite reserve of power, and even as highly paid as these professionals are, their employers frequently fail to invest in their emotional and physical well-being.

Cybersecurity is an adversarial environment. It requires suspicion, intuition, intelligence, research and dedication to function well within this space. Due to its confrontational ethos, it also requires stress management techniques that rarely exist outside of the military, and almost never in a corporate environment.

The first signs of trouble within your security team can appear in the least expected places. Any cybersecurity manager will have seen this happen, but may not have fully understood the causes. If your job requires that you suspect everything, trust no one until verified, and assume imminent attack at every corner, then as your stress increases your ability to leave this suspicion at the office begins to fail. The level of security intensity required at work as a cybersecurity professional is completely toxic to personal and family relationships. The first signs of trouble are broken relationships and divorces.

Some 90% of security professionals at a CISO level report that they suffer moderate to high levels of stress; 60% report that they have trouble switching off and cannot easily disconnect their business stress from their personal lives.

Given the investment, and dependence, that many organisations have on a functioning and reliable cybersecurity team it is surprising that so few have any formal stress or counselling programmes for their “most valuable players”. Many companies would state that they have available counselling, but then confirm that it is voluntary. Under voluntary participation conditions, even if top-level counselling were available, there is stigma attached to it and most would decline – even the wise few that recognise the symptoms of PTSD.

If you want to have skilled cybersecurity executives it makes sense to start this level of support with your most junior recruits

If these cyber warriors – those that fight for you in cyberspace – were employed in any other adversarial profession (for example in the police, army, or even in a football team) they would have mandatory counselling sessions. No choice means no stigma.

Might it be time to consider this in business? If your business really needs the skill and diligence of these highly-expensive-to-recruit and highly-expensive-to-retain professionals, then should it not also ensure that it provides them with the counselling, support and stress protection commensurate with that value? This is not an executive level problem; if you want to have skilled cybersecurity executives it makes sense to start this level of support with your most junior recruits.

The secondary cost of the loss of these professionals is perhaps even more disturbing: they do not just withdraw from security. Their experience of burnout is more brutal than most, and the need to recover themselves means that they often change career and are not willing to share or teach their hard-earned cybersecurity experience to the already under-supplied next generation.

Steve Jump is outgoing head of corporate information security governance at Telkom

Kelechi Deca

How to Find Investors for Your Startup

August 3, 2019

Andrew Rinaldi, the co-founder of the all-in-one, SaaS-delivered cybersecurity platform Defendify, knows all too well what it takes to obtain startup funding. Rinaldi and Defendify recently secured $1.6 million in pre-seed funding to help get their business up and running. Defendify secured the money from private investors with participation from the Maine Technology Institute and early-stage cybersecurity industry investor 3dot6 Ventures. In this interview with Chad Brooks, he shares his deep wealth of experience.

Q: How do you know when it is time to raise funds?

A: Really, it’s just math. Through business planning — which, yes, we all have to do — you figure out what you’ll need to get started and grow. And with that comes identifying the funding required to make that a reality.

If you don’t have the requisite funding readily available, it’s time to look to other people. As things progress, your position will absolutely change over and over, but creating some early projections and forecasting — even if rough — paints the picture.

Q: How do you know you are ready for an investor, versus just asking family and friends for money?

A: You’ll need to extend the conversation to new resources just as soon as you’ve exhausted friends’ and family dollars, or if they’re simply aren’t any friends and family options for you.

The other primary driver for going beyond friends and family is for access to new opportunities and resources. Some call it “smart money,” where whoever is helping fund your cause also brings their expertise, networks and often vast resources to the table. That, together with the short- and long-term financial impact, can be a major catalyst for your business and is the perfect time to think beyond friends and family. [Are you actively seeking financing options for your business? Check out our reviews and best picks of business loans.]

How to find the right investor for your startup

Q: How do you find potential investors?

A: It’s all about networking. Start with family and friends, then move to your professional network. Who do they know that might be interested? … Through the course of that outreach and sharing your story over and over, you are then introduced to more and more people beyond your network, who I call your extended network, and eventually, find prospective investors that might align. Yes, you can conduct cold outreach as well, and we all do, but it’s the power of your network — and extended network — that nets you the most effective relationships.Q: How do you find potential investors?

Q: How do you know if an investor is right for you and your business?

A: There has to be alignment, and I would suggest that starts with your core values. It’s not all that different than how you might seek employees or partners that believe in you and your vision. They can’t just have a basic business or financial goals — they have to have a mindset and operate in a way that works for you and with you.

I’ll also say it’s really important to pay attention to your gut. Sometimes you just know innately if an investor is a good fit or not, and that absolutely should be taken into consideration.

Q: What should your proposal to an investor include?

A: I would say to look at a proposal to an investor more like you would a marriage than a business. Yes, you have to go through the practical motions and economics that make for a good fit, but in the end, it’s mostly about having a healthy, mutually beneficial relationship that can stand the test of time. If you can’t overcome adversity and subjectivity and ride through the trials and tribulations together, you won’t be successful — no matter how good an idea or product you might have.

Q: Once you secure an investment, what role does the investor play in your business?

A: It all depends on who the investor is. Some will be totally hands-off and just check in casually, perhaps no more than chatting at the backyard barbecue or over a coffee or beer. That’s commonly where family and friends fall. Others will want to dig in more regularly or even participate as operators, not only to understand how the business is progressing but to see where they can help.

The good news is, everyone with a vested interest genuinely wants to help. Building a business from the ground up requires all the help you can get. It may come in many different forms — financial, networking opportunities, new customers and partnerships, constructive criticism, or candid advice. Whatever the case, it’s always worth listening (and remember, you don’t have to do everything everyone asks of you). These are people who want you to succeed, believe in you, and care about you. One thing is for sure — you’re in it together.

Q: What are the benefits of getting funds from an investor versus taking out a traditional business loan?

A: Traditional business loans aren’t usually an option for early-stage startups. While some lenders promote working with startups, it’s rare they actually do. I recommend exploring nontraditional loan opportunities.

For example, we have an amazing relationship with the Maine Technology Institute, which fuels innovation by providing technology development loans with preferable terms to early-stage companies. Their goal isn’t to run up the bill with interest or lock you in for the day you go public, [but] rather see you through to success and generate local jobs and economic impact. Those kinds of opportunities are well worth pursuing and often more fruitful.

The primary benefit of funds from investors is availability. Investors are willing to bet on you, especially early on, in ways the banks or lenders will not and may not for many years to come. And once convinced to invest, they can move quickly to infuse capital into the business, which can be a huge benefit.

That includes the potential for follow-on funding when you need additional dollars. Now, that doesn’t mean investor funds are simply readily available out there in the world. Actually, it’s just the opposite. Raising funds from investors is a full-time job on top of your full-time job of building and running the business.

Rapid-fire questions

Q: What piece of technology could you not live without?

A: The most important thing about running and scaling a healthy business is effective communication. Slack is a great tool for everything from regular check-ins to timely company updates and even sharing a funny story or joke. Slack doesn’t replace in-person communication or meetings — nothing can — but it can help promote ongoing chatter, transparency, and visibility while minimizing interruptions and interference.

Q: What is the best piece of career advice you have ever been given?

A: Many years ago, when I was building my first business, one of my longtime mentors introduced me to the notion that I should stop working “in the business” and start working “on the business.” I hadn’t ever thought of things that way, but once I did, it changed my whole perspective.

Now it seems so obvious; however, the truth is we all get caught up “in the business” to varying degrees. This advice not only resonated when I first heard it but is something I come back to each and every day.

Q: What’s the best book or blog you’ve read this year?

A: I really enjoyed One Bullet Away by Nathaniel Fick (who happens to also now be a leading cybersecurity executive). On one hand, [it’s] an intense and detailed journey taking you through the harsh realities of war and military life, [and] at the same time a tremendous and thoughtful story about leadership and accountability.

Next up? Looking forward to the July release of The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats, co-authored by one of the key advisors here at Defendify, Robert Knake, industry thought leader and former White House cybersecurity director.

Q: What’s the biggest risk you’ve taken professionally? Did it pay off?

A: Moving to Portland, Maine. Building my past business in Boston for many years, my wife and I would occasionally escape the city for weekend trips north. I’ve had the good fortune of traveling extensively in my life and couldn’t believe all that Portland and Maine had to offer, and just a couple of hours away. So, when I looked beyond the amazing restaurants, fascinating culture, great schools and outdoor life, I was pleasantly surprised to discover a sprouting startup, tech and creative community.

It’s no secret Maine hasn’t historically been considered a center for business impact. So, betting on Portland was a huge risk. But it’s paid off big. You’d be absolutely amazed at the people and resources that are around. Turns out it’s not all lobsters and potatoes.

There are a ton of very smart and uber-successful people in Maine, including a rapid influx of talent migrating away from the ever-increasing cost of living in big cities like Boston and New York. If anyone out there is considering taking the same risk and seeing how Maine can pay off, I’m more than happy to share the secret.

Charles Rapulu Udoh

Charles Rapulu Udoh is a Lagos-based Lawyer with special focus on Business Law, Intellectual Property Rights, Entertainment and Technology Law. He is also an award-winning writer. Working for notable organizations so far has exposed him to some of industry best practices in business, finance strategies, law, dispute resolution, and data analytics both in Nigeria and across the world.

Afrikan Heroes

Tag: cybersecurity