Remarkable stories; The Journey II
His Story
The first part; https://vkfrost.com/remarkable-stories-the-journey/ was fascinating, the ladies had authentic heartfelt stories of how this beautiful bumpy journey has been.
For the Love I have for my brothers, I believe in equity for everyone. Dear Readers, this is the Gents version.
PS: I did not do justice to these stories because I had to redact them. This was Mind Blowing!!
Cephas Okal — Chairman CISO Alliances Kenya
“A Tech passion that begun way back, the first time I saw a computer was 1996, the old CRT monitors. And was fascinated with the solitaire game of how the shuffling worked on the backend. I was sure tech will be my path and took up computer studies in High-school.
Later on, in Campus I met Google XDA Developers who were in Kenya for a coding bootcamp on how to simplify SDKs on IDEs. During the bootcamp one of the team members mentioned the IT space is wide and not just based on programing, there’s networking and much more. They handed our booklets on CCNA and an Ideos phone (Everyone knows what it meant to own an Ideos). The CCNA booklet made me grow into an entire career path in Networks. Fast-forward into 2009, during my Attachment my key pick was networks and got an opportunity in a telco. During my second attachment on of our clients had a challenge and I was able to resolve it(it’s called streets creds) and I fully begun working in my last year of campus.
My enjoyable Networks journey has involved building an entire NOC from scratch, Integrated a NOC & SOC, upskill core networks skills by going to Silicon Valley among others. In 2015, I moved to Enterprise IT and joined the corporate world where my cybersecurity interest kicked since as part of ICT there was need to understand IT360. My cybersecurity path was easier as I had background in Systems and Networks.
Several years later and I am passionate to performing my tasks and being a better cybersecurity leader in the country by understanding a nd collaborating with different key personnel.
Some of the challenges I experienced is breaking the barrier that security is not an after thought and demystifying the difference between Information Technology vs Operational Technology. Reducing the silos and lack of adequate cybersecurity skills in the industry.
My biggest advise to anyone in the industry or starting out would be to understand the fundamentals of IT and OT (Networks, Systems and a little bit of Dev). Seeking out mentorship and putting in the work to learn everything you can. Finally be an out of the box thinker. Consider all possible outcomes.
Michael Ikua— Lead Penetration Tester.
“I was extremely fortunate to use technology at a young age, I first used a mobile phone in 2000 when Safaricom launched in Kenya and my Dad had bought one. The phone was really big and came with an antenna. I started using computers as early as 2002 when I was in class 2, basically making shapes and coloring nothing crazy like writing viruses haha but still, it was a computer with a keyboard and mouse, those that had a trackball. The monitor was a cathode ray tube. After a few years, we got a computer at home but it was mostly for playing games Dangerous Dave and the like mostly 2D game
Using computers became common for me but for the longest time I mostly did basic things up until when I was in high school when I took up computer studies and learnt more about computers as well as working with MS Office (what people liked to call computer packages). We even did some programming, I doubt it would count as programming in today’s definition.
Fast forward to University where I was doing an engineering course, that didn’t cover a lot of computer related units but still covered networking and programming in C and C++. With my background in interacting with computers and tech, it wasn’t hard to understand programming and networking. To date those are probably the only units that have benefitted me after my 5 years in Uni.
I still didn’t know what Cyber Security was and what it meant until 2017 in my 5th year when I attended Nairobi Tech Week where they had a panel talking about Cyber Security. They did some demonstrations on hacking and even mentioned that they get paid to hack things. This was my genesis in Cyber Security the field. I later on attended AfricaHackon in 2017 and my mind was again blown away by all the presentations and amazing things the professionals were doing in their cybersecurity careers. I attended more events and finally decided cybersecurity will suit best as my career. Self-study was the best I could do to gain the skills, I took up learning Linux, playing CTFs and went all in to learn all I could. I really wanted to be a hacker (still do).
All I can say now is that I am happy with my decision to switch to Cyber Security 5/6 years ago. To those interested in Cyber Security, my advise would be learn the tech behind it. Know your operating systems, networking, services etc.”
Allan Muthuri — Channel Manager, Cybersecurity.
“You can’t connect the dots looking forward; you can only connect them looking backwards. So, you have to trust that the dots will somehow connect in your future journey” — Steve Jobs
My Journey in IT began when I enrolled for my degree in Bachelor’s in technology on what would be the plan “B” from where I saw it but ended up being one of the best journeys to date for me. I started in I.T Support and I believe this was a good foundation as the whole organization depended on me for every IT Solution needed.
I then transitioned into Cyber Security and here I remember my hiring manager saying, “Allan I took a chance on you, be sure to take one on yourself”. Cyber Security takes me out of what is the norm, I face a lot of resistance from within because sometimes I’d feel like I don’t have what it takes. From this, I always believe one needs to develop a mentality of always giving it your best and realizing that is all that matters.
To think that life will be a straight line would be to think that everything needs to fall into place just how you imagine. Fastforward I then transitioned into Presales, which is a totally different ball game as this is more about showing value to the customer before the solution is in place. I moved from post-sale to presale. While at it, I needed to show different parties of the useful nature of the products and how it stays key to their future strategy and goal. This role is more business than it is technical, its not the easiest of changes but its one important one as its helped me appreciate the business aspect to IT where in the end all that matters is does it bring better efficiency & value to the end customer.
Transitions are hard, let no one lie to you. But the belief that it shall all make sense in the final run is what has kept me going. The hard work I put in for all the stages I go through is all that matters, and consistency is what keeps me going even when it gets so tough.
My advice to anyone willing to venture into Cyber Security & generally IT is be willing to be a lifelong learner and when it scares you the most GO FOR IT! Your Mentor/Manager/Coach might be the best thing that would ever happen to you because they will always see what you wouldn’t have imagined or believed in yourself.
Joseph Gitonga — Information Security Engineer
“ My interest in cybersecurity was piqued in my 5th year of study, when
by chance I took an elective unit on Network Security and Cryptography
which I found very interesting. From that point on, I gradually developed
more and more interest in Infosec and lost interest in Telecom
Engineering, which was what I was studying at the university. The
cybersecurity field has proven to be a captivating journey and a wide
collection of experiences. I have had the opportunity to work in various
areas, ranging from SOC to Security Engineering to Offensive Security to
Risk, and my current role in Audit. However, on a near-daily basis I still
feel I have a lot more to learn and that I have barely scratched the surface
in this field.
The most important thing I have learnt is to celebrate the smallest of wins.
This gives me the energy to push on during challenging times. My
mentality is; it’s the small wins that contribute to the bigger
picture. Also continuous self learning, curiosity and overall self drive is
key. In this field, methodologies that are cutting edge today might be
obsolete within months, so you have to keep sharpening your skills and
following emerging trends in the industry.
Another aspect that drives success in this field, and which I actually
struggle with is networking. Networking with other professionals,
exchanging ideas and gaining understanding on different views is really
invaluable. Having a mentor or buddy to frequently bounce off ideas is
priceless in my books. Being a loner in this field makes one develop tunnel
vision which is very detrimental.
Lastly, aligning cybersecurity work to the overall business strategy is
something that is a challenge in the industry. Ultimately, organizations
exist to generate value for their shareholders. While working in this field,
it is important to ask yourself, “Does what I do on a day-to-day basis have
any impact on business success?”
Albertini Francis — Cloud Security/ Devsecops Engineer.
“I got my first experience when Dad brought home a computer as he was a computer lecturer. It was awesome discovering a whole new world, exploring so much from the Encarta encyclopedia programs(usually came in 4 disks). This was a kick-start to my tech journey and I became the “dreaded tech support of the family…fun times as always”
As for penetration testing I came across it in year 2 of Uni after watching Mr. robot, I then actually saw a live Pentest session and it was probably the coolest thing I ever saw. I asked someone to assist me on how to get started and was guided to some resources which I started off slowly building capacity. At first, building on your fundamentals can seem boring and mundane but once you start seeing the results it becomes fun and rewarding. Fast forward through many Labs and CCTFs I’m still learning.
As for my current field, Cloud security and DevSecOps, the cloud was or rather still a unexplored and underappreciated field from a business and practitioner point of view. From the numerous incidents that happen on a daily which funny enough spring from the seemingly simple misconfigurations which have such enormous consequences. Its a really fascinating rabbit hole to explore which keeps getting better with every new threat that is discovered.
Exploring the cases that lead to incidents always fascinates me and doing the related CTFs lends a deeper understanding to help me understand how to build better, demonstrating real-life consequences to businesses.
My advice would be, cyber security is a wide field with so many sectors find something that lights a fire in you then build towards it but in between there is the fundamentals that one needs to build(do it and learn to love it) it pays dividends later.”
Samuel Keter — Senior Manager, Cyber Defense.
My exciting journey into cybersecurity commenced in 2011 while I was also joining university. Fueled by an curiosity, I found myself captivated by the inner workings of systems, prompting a series of “what if” thought experiments. By 2013, my curiosity had evolved into a mischievous exploration, as I ventured into hacking systems for the thrill of it. This included activities such as website defacement and tampering with data to gain an advantage — stories for another day.
In 2014, fortune happened on my side when I had the privilege of crossing paths with two esteemed titans in the Cyber Security field whom to this day, we share cherished memories, bonded not only by our interest in cybersecurity but also passion in motorosport (chasing 600whp). They guided me from the shadows of the black/grey hat while embracing the “white hat” domain. Since then, my journey has been one of continuous growth and opportunity.
I have been privileged to serve numerous clients across diverse industries throughout Africa, helping them enhance their cyber maturity landscape. Guiding them through this transformative journey has been a gratifying experience. As a result of these efforts, I had the honor of being named a finalist for Young CISO of the Year in 2022, a testament to the impact made in the field.
Furthermore, I have had the joy of mentoring aspiring individuals who are venturing into the cybersecurity world. It gives me great satisfaction to witness them take a big step forward, one they never regret as they dive deeper into this field. Guiding and inspiring others to embark on this path has become a significant aspect of my own cybersecurity journey, and I am grateful for the opportunity to make a positive impact.
The biggest advise I would give anyone is to never give up, the first step would be the difficult step but the subsequent steps would be much easier, Mentorship will give proper guidance on the best path and being passionate carries a lot in life.
Ian Musyoka — information security engineer.
I studied Analytical and Chemistry with computing and got passion in cybersecurity in 2019 while in my 4th Year. I found myself having passion in cybersecurity and learning journey began. Platforms such as YouTube and blog articles came in hand and guided me through the journey. I was always fascinated of how computers work and always wanted to understand weaknesses in the systems.
I also loved programming (still do) and wanted to have a balance between a field that’s security related and requires a bit of programming skils. By the time I finished campus I had build not only a name but also skills. This was achieved through participating in CTFs(capture the flags) and constant practice on platforms like Hackthebox and tryhackme. After finishing campus I started applying for jobs in cyberspace and God opened a door
Some of the challenges I have faced could be the high-priced certifications and steep learning curve I did not have a background in any computer system/security background. I had to push myself and try to grasp as much contents as I possibly could in a really short span of time. And things worked out great.
The best advise I would give for someone starting out would be, It’s never too late. Pursue your dream start today. Remember a journey of 1000 miles begins with a step. Take the initiative and realize your dream. Always have commitment to your goal nothing comes easy trust the process there will be up’s and down’s but remember nothing good comes easy and finally acknowledge God in all your doing
Hillary Soita — Application and Cloud Security
I have to admit, computers weren’t always my passion. It was always some form of engineering. I pursued economics in campus and flopped badly. Later on, I changed to Computer science and expected an easier sail. It was not! However, I was fond of computer security and would always ditch a few school classes to learn how applications work and how to hack them. I loved (& still do) learning how different systems work and formulating my methodologies to make breaking them easier.
A couple of challenging years later, I’m an Application and Cloud Security Engineer and part-time bug bounty hunter. I have found interesting vulnerabilities and always get a rush each time. The learning curve is always steep and not easy to maneuver.
For anyone who is starting or going up, you don’t need passion. Whatever your reasons for joining this/any industry, you need discipline and the determination to learn (basics and all). Read and practice a lot. Also, experiment a lot. Hacking is finding unconventional ways to make something work in a way it was not intended to. Think outside the box. The more you learn and practice, the smaller the box becomes. 🙂
John Collins — Student
I’ve been a very curious person in the tech space from a very young age. I started coding in basic languages like VBS, that I'd use to automate very simple tasks on windows. I transitioned into Cyber Security in 2020 during Covid, we had closed school and no one was certain when we’d reopen. That’s when a friend introduced me to HackTheBox and she’d take me through some of the basics, like recon with nmap, these were things that were very new to me. I could sleep very late learning new concepts and watching Ippsec’s videos and not even struggle waking up the following day because my superior level of inquisitiveness could not allow me to rest.
Half way through the year, I got my feet in the water in Capture The Flag competitions and this is when i joined Team fr334aks. I tried reading a couple writeups in my free time and I’d then practice on PicoCTF. In 2022, I convinced my school to let me head home and participate in the AfricaHackon CTF with my team, and got third place which was a huge achievement on my part. After high school, i did my OSCP exam and passed, being the youngest in Kenya to attain that certification. I also did eJPT and CompTIA Security+. Currently, I do pen testing for various companies and I'm loving the experience!
I was faced with a unique set of challenges here and there, but i was never a quitter. I honestly believe that anything you set your mind to is achievable. All you need to do is to unleash the beast within you. Set a goal to learn something everyday, it’ll go a long way. Also, do take breaks once in a while, they help clear your mind and refresh your body. That being said, have fun!
Boniface Kinoti — Senior Penetration Tester
“My cybersecurity journey started after completing CCNA networking and routing back in 2015, this was personal learning where I could learn how different networking worked in different environments. This knowledge provided me a role where I was able to train my course mates on networking. I later came along the CCNA security course that opened up my cybersecurity path. The following year, I enrolled to CEH class and pursued the certification ( back then it was the thing hehe). This was a gateway to more security practice and I came across CTFs such as Hackthebox that my skills.
For my cybersecurity job, I started out as a sales intern responsible for positioning cybersecurity products & solutions in the market this was a challenging path since I was mostly used and comfortable with technical stuff. However, this turned out to be the best opportunity and role in my career since I learnt the essentials of soft skills in the business world. I was later on promoted to a pre-sales engineer and later on cybersecurity engineer (Penetration tester). My current roles involves daily research on current vulnerabilities and cves, simulating them in a real world environment and finding ways to mitigate. And of course I do penetration testing for clients both on my current role and freelance as well.
Some of the challenges I experienced was limited mentorship when I started out and I didn’t know the specific path or direction to get started, back in the days there were little resources as compared to today. But I used my challenges to my strength to build a positive mentality, resilience and passion towards what I do
The best advise I would give is its very important to know the basics of how everything works, its easy to secure and also attacks a system if you understand its underlying basics and functionality. Its important to have soft skills for communication between peers and the management. Learn the balance between one’s mental health and work.
Parting shot; Reading books provide more knowledge on how to understand a system as compared to simple tutorials.”