Confidence Staveley took a study break after her secondary education to reinvigorate her mind before going off to university where she was set to study medicine. During this period, her parents advised her to enroll in a computer school in order to avoid idleness. It was in the course of these lessons that Staveley learned programming and fell in love with computers, transforming her resolve to be a medical doctor. She convinced her parents to let her pursue a career in technology and went on to study for an advanced diploma in software engineering. After that, she studied information technology (IT) and business permission systems at Middlesex University, where she graduated with a first-class degree. During her master’s degree at the University of Bradford where she was studying IT management, she encountered cybersecurity, and the rest, as they say, is history.
Staveley is now a cybersecurity expert and arguably the most celebrated cybersecurity leader in Africa whose work and contributions have been recognised on both national and international levels. She is the Founder and ExecutiveDirector of CyberSafe Foundation, a non-governmental organization dedicated to improving inclusive and safe digital access in Africa.
I interviewed Staveley on a Friday afternoon, and her energy is lively and warm—just like on her social media. We talked about her journey; the cybersecurity scene; and her mentorship program, Cybergirls.
What’s the state of cybersecurity in Nigeria?
With the acceleration of digital transformation that the whole of the African continent has experienced, with the COVID lockdown playing a major role, there’s now a lot more discourse around cybersecurity. More people are now interested in securing data on their devices, and organisations are worried about data breaches. However, most of the organisations that are worried about this and put measures in place to protect against cyber-attacks are in highly regulated spaces like financial institutions.
A lot of the action towards cybersecurity in Nigeria is compliance-driven, and you find that organisations that are not compelled to do so almost never bother with cybersecurity. Most organisations do not have a budget for cybersecurity: no personnel, processes or technology in place to protect the data they’re collecting. They wait until they’re been hit by a cyberattack to act.
While there is a lot more discourse and actions towards cybersecurity, I believe that we can do better — as individuals and organisations.
What do you want people to know about cybersecurity, especially those looking to transition?
Cybersecurity is not a needle in tech, it is a whole field with different areas and fields. There are parts of cybersecurity like penetration testing and web application security, that require knowledge of coding and other parts that don’t. It just requires that you understand how security concepts work to keep an organisation secure and compliant.
Transitioning will depend on what field you’re transitioning from and whether you’re transitioning into a technical area of cybersecurity or a non-technical one. However, regardless of whatever fields you’re interested in, it’s important to pay attention to the fundamentals of cybersecurity as they form the basis of everything.
What are some challenges that come with entering into the cybersecurity space?
Generally, cybersecurity is quite an expensive and difficult field to enter. The industry has strong gatekeepers which are making it harder for new entrants into the field to get opportunities that enable them to apply what they’ve learned in training and gain much-needed experience. For example, most entry-level job positions still require years of work experience as the certifications required in entry-level jobs require work experience to even earn them.
There are also other challenges with practising. Firstly, there’s not a lot of space to grow as a beginner as most companies already want experienced people. This makes a lot of people in the field struggle with opportunities for work experience especially in Nigeria, as there are only a couple of organisations that offer cybersecurity training in a guided way.
Another thing is that as a woman, it’s typically difficult to get into certain technical spaces as people assume that you’re not competent. Women are underrated everywhere, and cybersecurity is no exception. I’ve been in situations where my skills were questioned until I proved myself. Cybersecurity jobs are demanding and some organisations do not employ young women. There are job situations that require round-the-clock monitoring and the general consensus is that women cannot cope in such demanding work environments.
Upon entering the cybersecurity space, Staveley realised that there wasn’t enough female participation in the African cybersecurity scene. Globally, women make up only about 20% of the cybersecurity workforce, and the number is much lower in Africa. As she grew and built her career, Staveley saw that there were ample opportunities in cybersecurity for women, especially African women, and so she birthed CyberGirls.
Tell us more about CyberGirls
Cybergirls started off as an experiment. I saw that the African cybersecurity space was largely male-dominated, so, I spoke with my friends and we brainstormed ways to bring more women into space. The world is progressing and becoming more inclusive, and there’s no reason why cybersecurity should be any different. However, we acknowledged that the field is expensive to get into, and even if there are lots of women who are interested, a lot of them just cannot afford the training and materials needed to navigate cybersecurity.
We needed to find a way to bridge that gap for young women and girls, so we created the CyberGirls program, where we train and mentor young women from across the continent for free. Cybersecurity can be used as a tool for socio-economic impact; to pull women and girls out of poverty. We created a disruptive educational model, where we’re able to provide quality but free cybersecurity training. We consider it disruptive because our participants get hands-on training, even more so than their counterparts in some traditional universities. We deliver a lot of value in seven months of training and have seen participants who come in, get the skills, and move on to become very valuable in the ecosystem.
What have you been able to achieve so far with CyberGirls?
We are connecting young women from our cohorts to work opportunities, and creating one of the largest pools of female cybersecurity talent on the continent. In our first cohort which was open only in Nigeria, we had about 120 applicants. In our second cohort, we opened it to girls in six other African countries. A large number of these girls have gone on to get jobs in multinational companies or get scholarships to further deepen their knowledge of cybersecurity. This is the third cohort and we received over 20,000 applications from 45 countries because people are seeing the positive impact the program has had in the lives of previous participants.
One of our most exciting achievements is how we’re creating a ripple effect of security in the ecosystem. One of our participants found a critical vulnerability in a major tech player that could have cost the organisation over $100,000 in losses. Nigeria has a lot of cybersecurity challenges and with this program, more people are on the lookout for threats and vulnerabilities which is very important in the long run.
What are two things you know now, that you wish you knew at the start of your career?
One of the key things I wish I knew was that mentorship is key. If I had realised how powerful this was at the beginning of my career, I would have taken more advantage of mentorship as I had a mentor.
Another key thing I wish that I knew early is that knowledge of cybersecurity by itself without demonstrating its application of it will not take you far enough. Speaking in jargon does not make you the smartest person in the room.
The third key thing that I wish I knew is that building a successful career in cybersecurity is a marathon and not a sprint. It requires continuous learning and you grow faster when you share knowledge. I also underestimated the power of networking within and outside my industry.