Decoding the female trailblazers in cybersecurity

What you need to know:

  • Most Science, Technology, Engineering, and Mathematics (STEM) professions still suffer from a lack of women in their ranks, even after decades of equal gender rights initiatives.
  • The demand for cybersecurity is high globally; in Kenya, most females in the profession are self-taught through online platforms, as no local institutions teach the same.

A 2013 study states that women represented only 11 per cent of the worldwide cybersecurity workforce. In another 2019 research article, Cybercrime Magazine concluded that women made up about 20 per cent of the global infosec payrolls, an encouraging improvement but still shy of the 50 per cent range that would represent parity.

Most Science, Technology, Engineering, and Mathematics (STEM) professions still suffer from a lack of women in their ranks, even after decades of equal gender rights initiatives. Today, there are a number of successful women in cybersecurity, a field that has been predominantly a man’s domain.

The demand for cybersecurity is high globally. In Kenya, most females in the profession are self-taught through online platforms, as no local institutions teach the same. We speak to four successful Kenyan women engaged in the profession.

Aprielle Oichoe

Ms Aprielle Oichoe, MD at Infosphere, a cybersecurity consulting firm, and ISACA Kenya Chapter research director.

Photo credit: Photo | Pool

The leading cybersecurity expert found herself in the field by chance. Growing up, she always wanted to study aeronautical engineering. However, just before she could join university, one of her lungs collapsed and she was admitted to hospital for six weeks.

During her stay there, her doctor said her condition would not let her survive in the industry. Back home, her mum told her to consider a career in medicine or law. But Ms Oichoe’s heart was in dealing with machines, not people.

She eventually joined African Nazarene University for a computer science course. When she was in Third Year, the university brought one Dr Biggar who was working with NASA, to lecture a unit on building distributed systems.

At the beginning of the course, he gave a disclaimer that anybody who’d fail three consecutive continuous assessment tests (CATs) in the unit would have to drop it. After a series of lectures and three CATs, the lecturer one day asked Ms Oichoe to see him after class. She was worried about what he would say.

Dr Biggar had noted a consistency in her thinking and advised her to get into cybersecurity, which was at the time a foreign concept in Kenya.  She had performed extremely well in the second CAT.

Dr Biggar walked her through the journey to understanding the field. In 2010, she joined the University of Bradford in the UK for a Master of Cybersecurity. On coming back home, she secured a job at an IT firm, one of the only IT security firms in Kenya at the time. The company, however, folded operations in Kenya after a few years, leaving Ms Oichoe a number of clients who would still need cybersecurity services.

That is how Infosphere Limited, an information security consulting company, was born, with Ms Oichoe as the managing director. She is also the research and special programmes director at Africa Cyber Defence Forum and a co-founder of SheLegend. Both firms are cybersecurity mentorship initiatives geared at building the skillset needed to get more girls and women into the field.

Apart from that, she is the president of Women in Cybersecurity East Africa Affiliate. As a woman in this field, she has had to deal with many gender stereotypes. One incident she recalls is when a man offered to buy off her company because, in his words, she wouldn’t manage it. She, however, chose to prove naysayers wrong.

She says the field is exciting and encourages more women to join as there is a global shortage of cybersecurity experts. She observes that although there are not enough local institutions offering the course, online courses are available.

In 2018, she got admitted to the University of Oxford for a PhD in Cybersecurity. She currently holds various cybersecurity certifications in risk, audit, penetration testing, data protection and data analytics. 

She is currently an outsourced data protection officer and security engineer/architect where she helps organisations design and implement cybersecurity programs, strategies and controls. She also tests for security vulnerabilities in systems and identifies compliance gaps while offering advisory on how to effectively mitigate security risks. 

Evelyn Kilel

Ms Evelyn Kilel, a cybersecurity engineer at Safaricom PLC and co-founder at SheHacksKe.

Photo credit: Photo | Pool

Evelyn Chepkirui Kilel is a principal cybersecurity engineer at Safaricom PLC where she majorly undertakes security testing of the products going to market and periodic security reviews, vulnerability assessments and penetration tests across the company’s systems/infrastructure.

She is also a co-founder of SheHacksKE, a community of more than 1,000 women, which seeks to educate students and women on cybersecurity and bridge the gender gap in the cybersecurity ecosystem.

The Kabarak University graduate is pretty much self-taught in the field. She holds a Bachelor of Computer Science, Software Engineering from the institution where she graduated in 2016.

She has also pursued professional certifications, including IBM Security Intelligence Analyst, IBM Business Intelligence Analyst, IBM Application Security Specialist and CCNA Routing and Switching.

Her interest in cybersecurity developed through one of her professors (the late Prof Kefa Rabah) who was great in cryptography. IBM MEA University once visited their university and trained them in cybersecurity and application security using AppScan and SIEM management using QRADAR.

Through significant exposure and experience, she has honed her IT security governance skills over the years. She can assist organisations implement security controls such as ISO 27001.

She is also proficient in DevSecOPs usage, a technique that ensures security for micro-services and Cloud Infrastructure in use.

“Safaricom is an exciting place to work at,” says the one of two ladies in her undergraduate class.

“The management is keen on gender balance in the workforce and in my field, tech as it may be, we have a balance of both men and women, something other organisations should emulate.”

In 2020, CyberInAfrica recognised Ms Kilel among the top 50 women in cybersecurity in Africa. She did her internship at Safaricom PLC before joining EY (formerly Ernst & Young) as a cybersecurity consultant. She later secured a job at Safaricom where she currently works.

She has also undertaken voluntary roles with Kenya Web Designers as a software development engineer; at Google as a Google Developer groups lead, Nakuru region, lead organiser for Women Techmakers Kabarak University Chapter, and Kabarak University IHUB as an organiser and strategic planner.

To women aspiring to join the industry, Ms Kilel says there are many online resources to expand knowledge in the technology and cybersecurity field. She says having mentors is also key. Pro bono work, she adds, is also important for anyone starting out in the tech world.

Judy Ngure

Cybersecurity engineer Judy Ngure.

Photo credit: Dennis Onsongo | Nation Media Group

The 27-year-old Muthiga Girls High School alumnus was among the 2020 top 50 women in cybersecurity across Africa. She was also named the female hacker of the year in 2020. Ms Ngure says she loves what she does and would never trade it for anything.

She is the lead cybersecurity engineer at Africa’s Talking and sits on the global advisory board as a member. She is also the founder of Women of Cybersecurity, a safe space for under-represented individuals to network, form a community, learn, and have fun.

Interestingly, she first interacted with a computer in 2013 when she joined KCA University for a course in information and technology. She was particularly amused by Microsoft Excel and how it would help her solve mathematics problems.

It is from here that she developed an interest in creating software that could help people solve problems. She focused on becoming a developer, writing codes and building web applications.

After graduating from university, she got an internship at a local organisation. One time, the firm organised cybersecurity awareness training during which one of the trainers hacked into a web application she was working on, bringing it down.

This was the beginning of her journey in cybersecurity. She just could not understand how the guy easily hacked into her project without her giving him any information.

She spent the next three days trying to figure out how to recover it. In the process, she learnt about cybersecurity and developed a liking for it. She then turned to YouTube for more lessons in the field, and reached out to people, already established in the field, for mentorship.

Regarding the stereotypes that come with being a female techie, Ms Ngure says she ensures she delivers on her assignments. She also admits to paying no attention to people who try to talk her down.

She continues to learn through online programmes and says one never stops learning in this industry.

Ms Ngure, however, feels that cybersecurity in Kenya does not pay as much it does in other African countries, noting that the country needs to invest more in talent than certification. She is currently pursuing a Master of Security and Diplomacy at Tel Aviv University.

Dianah Waithanji

Software and cybersecurity engineer Dianah Waithanji.

Photo credit: Photo | Pool

As a young girl, Dianah Waithanji always wanted to be a lawyer. She also loved watching movies and was always fascinated by hackers. The infringement of privacy that came with hacking, however, bothered her and little by little her love for computers developed.

When it was time to select a university course, she found herself selecting an IT course. She wanted to study this and protect people’s privacy from being infringed. Her brother also encouraged her to take up the course.

It was not until 2017 when in her Fourth Year at the University of Eldoret that she came across a unit called Information Security. Consequently, she was doing her CPA course, which had an auditing unit. These two units drew her attention.

The 25-year-old, who is pursuing a Master of Software Engineering at Jomo Kenyatta University of Agriculture and Technology then started doing free online cybersecurity courses.

She logged into LinkedIn and looked for Information Security professionals in Kenya.

“Luckily, I found helpful individuals who walked the journey with me and encouraged me to join communities, something that has been quite helpful in my career growth,” she says.

Notably, though, she hardly came across any female expert while searching for these professionals online. The field continues to be nominated by men, she observes.

Ms Waithanji, who is currently in Germany undertaking the AFRIKA KOMMT! Programme, an initiative of the German industry for future leaders from Africa, says she has had to navigate some stereotypes in the industry.

She recalls when she was starting out, her male colleagues never took her seriously unless she showed up with one of them to fix a problem on the machines. That, however, never put her down.

So far, she has bagged some awards, including Cyber Leadership Program Skills Embodiment 2020, Cybersecurity Woman Barrier Breaker of the Year 2020, Top 35 under 35 in Kenya 2020, Top 50 Women in CyberSecurity Africa 2020, Opportunity Desk Impact 30 under 30 Changemakers in Africa, and the Zuri Awards-STEM category nominee 2020.

She has also founded Wahandisi La Femme, an initiative that mentors high schoolgirls at the grassroots into technology and engineering. The skills taught include technical skills and life skills, with an aim of coming up with innovative solutions to solve global problems.

She believes all a woman needs is empowerment, then they can take the cybersecurity industry by storm.