In my last interview, I had the pleasure of speaking with Senior Security Analyst and Brakeing Down Security podcast host Amanda Berlin. Defensive security and blue teams are cool, and it’s about time that the area gets the recognition it deserves.
This time, I spoke with Sorene Assefa. She’s the founder of Cyber Czar, a cybersecurity firm based in South Africa.
Kim Crawley: What is your cybersecurity role?
Sorene Assefa: I am the founder and Managing Director of Cyber Czar, an organization focused on creating a culture of cybersecurity in South Africa, advocating the advancement of women in the tech sector, and working towards empowering young African women to play an active role in the field of cybersecurity.
KC: Please tell me a bit about what Cyber Czar has been doing lately.
SA: Cyber Czar is an emerging and vibrant firm. Our slogan is ”ignite a culture of cybersecurity,” which follows a multidimensional and multidisciplinary approach.
We have a number of services and initiatives designed to build an ecosystem around South Africa’s cybersecurity
Here are some of our current initiatives and projects:
- Cyber Aware aims to drive behavioral change among all stakeholders, so that they adopt simple, secure online behaviors that help protect themselves from cyber criminals.
- Privacy Aware aims to empower individuals and enable businesses to respect privacy, safeguard data and build trust.
Despite the growing demand and tremendous opportunities in the job market, cybersecurity remains an area where there is a significant shortage of skilled professionals regionally, nationally and internationally. Even worse, women’s representation in this male-dominated field is alarmingly low.
Cyber Czar thus aims to guide, inspire and raise awareness about the importance of women’s partaking in cybersecurity careers by providing training and creating networking platforms and mentorship programs.
More than half of all civil servants provide services to the public directly. It’s important to create an understanding of their roles and responsibilities in cybersecurity. Cyber Czar aims to prepare and train civil servants on the need for vigilance and awareness, about the data they share, the digital footprint that everyone now has.
Cybersecurity is our shared responsibility, and Cyber Czar stresses the Importance of a multi-stakeholder approach to address cybersecurity challenges. We have forged a strong partnership with the National Cybersecurity Alliance (NCSA), which is the public-private partnership working with the Department of Homeland Security (DHS), NGOs, and major private sector players to promote cybersecurity awareness.
KC: Wow, that’s amazing! Well, how did you get started in cybersecurity in the first place? What drew you to the field?
SA: I have always been fascinated by mathematical studies and technology. Having a flair for the subjects, I pursued my educational qualification for a Degree in Computer Science. During my BSc Honours Class, I was fortunate to be exposed to Information Security Governance and Computer Forensics classes, which intrigued me much that I decided to further my studies in Information Security. Some time later, I earned my MSc in Computer Science after majoring in Information Security.
In addition, I had an opportunity to join the UN Specialized Agency – the International Telecommunication Union (ITU), HQs, in Geneva, Switzerland, where I served as an Information Systems Officer and Technology Analyst for the Office of the Secretary General. I worked on Emerging Technologies, specifically on Digital Object (DO) Architecture Integration, Internet Governance and Cybersecurity. Substantial parts of my work focused on assisting member states, mainly developing countries, to build their cybersecurity capabilities (CIRT) and ultimately create a culture of cybersecurity.
KC: That’s impressive. Through your various academic and professional pursuits, have you ever felt that you had to push back against sexism?
SA: During my higher academic life, I felt I was sometimes treated as the odd one out, for being a young girl studying Computer Sciences in a university who enjoys advanced concepts such as compiler construction and assembly programming. In my opinion, the hardest part is not getting the necessary educational qualification and professional certification but entering into the job market, getting decision-making positions, or even just serving as a professional in cybersecurity.
Cybersecurity has traditionally been a male-dominated field. Even if no company sets out to discriminate women, though there have been improvements recently, there is still apparent and noticeable systemic discrimination in the industry, such as pay gaps, biases, lack of career progressions, stereotypes and myths around gender.
KC: What do you think the biggest problems in cybersecurity are these days?
SA: The biggest challenge of cybersecurity is its innovative, cross-border and evolving nature where new threats appear at an alarming rate every day.
Moreover, there is an overwhelming growth in high volume data and business systems, and thus there is the need for automated decision-making, as well putting in place security systems to protect these businesses. Acquiring the budget needed for a proper and comprehensive cybersecurity program is another challenge.
The shortage of skilled cybersecurity personnel that can respond to emerging needs of the cybersecurity industry is also a huge challenge.
Cyber initiatives are not strategy-driven. Most organizations do not have formal training programs on cybersecurity and monitoring employee behavior.
Viewing cybersecurity merely in technical terms instead of considering all its multidimensional features limits us from putting in place the necessary policy and legal frameworks. As the saying goes, “We are as strong as the weakest link.” People are often cited as the weakest link in the cybersecurity chain. The lack of awareness and of educating people about their roles and responsibilities for helping to create a secure environment are other issues that for the most part get neglected.
Cybersecurity is a global problem and thus needs a global solution. No one government or company can solve the issue of cybersecurity alone. There needs to be a collective effort. Cybersecurity is thus a shared responsibility where governments around the world or industries need to collaborate to make a significant impact.
KC: It was great chatting with you. Thank you, Sorene!
About the Author: Kim Crawley spent years working in general tier two consumer tech support, most of which as a representative of Windstream, a secondary American ISP. Malware-related tickets intrigued her, and her knowledge grew from fixing malware problems on thousands of client PCs. Her curiosity led her to research malware as a hobby, which grew into an interest in all things information security related. By 2011, she was already ghostwriting study material for the InfoSec Institute’s CISSP and CEH certification exam preparation programs. Ever since, she’s contributed articles on a variety of information security topics to CIO, CSO, Computerworld, SC Magazine, and 2600 Magazine.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.