CyberGirls brings cybersecurity training to women in Africa
Confidence Staveley of the CyberSafe Foundation and the CyberGirls program is today's guest. CyberGirls is a year-long cohort program in which women in Africa ages 18 to 28 can learn cybersecurity basics and create career tracks to fast-track these students into cybersecurity careers! Staveley tells us about the workings of the program, how she uses her YouTube channel to teach API security with food analogies and explains the origins of what is likely the first-ever Afrobeat song about security awareness! This episode is as fun and inspiring as any I’ve recorded, so I hope you’ll tune in for today’s Cyber Work.
0:00 - Cybersecurity training for women in Africa
4:47 - How Confidence Staveley got into cybersecurity
10:35 - What is the CyberSafe Foundation?
16:57 - What is the CyberGirls fellowship?
21:30 - How to get involved in CyberGirls
30:10 - Inspiring success CyberGirls stories
43:11 - Keeping CyberGirls engaged
46:31 - API Kitchen YouTube show
52:00 - Cybersecurity initiatives in Africa
59:27 - Advice for working in cybersecurity
1:03:13 - CyberGirls' future
1:05:20 - Learn more about CyberSafe
1:07:22 - Outro
– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast
Transcript
Chris SienkoHost00:00
Today on CyberWork. I'm extremely pleased to welcome Confidence Stavley of the CyberSafe Foundation and the CyberGirls program to the show. Cybergirls is a year-long cohort program in which women in Africa ages 18 to 28 can learn cybersecurity basics and create career tracks to fast track these students into cybersecurity careers. Confidence tells us about the workings of the program, uses her YouTube channel to teach API security with food analogies. I've seen it, it's true, it's great and explains the origins of what is likely the first ever Afrobeat song about security awareness. This episode is as fun and inspiring as any of them I've recorded, so I hope you'll tune in for today's CyberWork. Hi and welcome to this week's episode of the CyberWork with Infosec podcast. Each week we talk with a different industry thought leader about cybersecurity trends, the way those trends affect the work of Infosec professionals, while offering tips for breaking in or moving up the ladder in the cybersecurity industry.
01:00
I guess today confidence stavely is Africa's most celebrated female cybersecurity leader, api security professional talent developer, international speaker and inclusion advocate. What sets confidence apart is her innate ability to merge profound cybersecurity knowledge with impeccable communication finesse. She excels in translating intricate cybersecurity concepts into digestible, jargon-free insights for diverse audiences. For example, her unique approach is brilliantly showcased in her YouTube series API Kitchen, wherein she applies culinary metaphors to illuminate API security intricacies. I was watching this yesterday and, as I was telling countless before, I feel like I've learned more about OWASP's API vulnerabilities list from that than I have from just sort of being in this company for a while now, but it's a wonderful channel. Within its debut season, the series amassed over half a million views across social media.
01:52
She recently clinched the title of Cybersecurity Woman of the World 2023. Previous recognitions include Cybersecurity Woman of the Year for both 2021 and 2022, a spot in the top Cyber News 40 and her 40 in cybersecurity, and a ranking among the top 50 women in cybersecurity Africa, and more. An alumna of globally renowned fellowships such as the 2021. Beyond Her advisory roles on various boards, confedstavely is the driving force behind the CyberSafe Foundation. This is what we're talking about today. This is a leading NGO devoted to fostering a digitally inclusive and secure landscape in Africa, so I'm really looking forward to talking with you, confedstavely. Thanks for joining me today and welcome to CyberWork.
Confidence StaveleyGuest02:31
Thank you so much, Chris. I've been waiting for this time, so I'm absolutely excited. We had many work.
Chris SienkoHost02:38
We've had a couple of scheduling snafus and I'm very glad we got to make this work. So, I want to start here like I start with all my guests, but I'm especially interested in your story here to bring our listeners up to speed about you and your cybersecurity. During Confedstavely Talked a lot about it in the bio there. Can you tell me about what your earliest interests in computers and tech were and what was the initial spark that started you down this path?
Confidence StaveleyGuest03:02
Thank you so much, chris. That question is one that's very dead to my heart because it just speaks of how exposing young women to computers really does help attract fresh talent and helps even with diversity. And my story is just really in that line because I didn't wake up one day thinking, or I want to be in the tech industry, no, it just happened. And how this happened was I had finished my high school in my country that's called Secondary School Education and my parents had asked me to take a gap here before I get into university and so. But they were also concerned that because of the sort of neighborhood we lived in, they didn't want me getting idle and having the boys around that sort of thing.
03:51
So you know how they say you know how they say I do, I do. Person is a devil's workshop.
Chris SienkoHost03:57
That's exactly what's right.
Confidence StaveleyGuest03:59
So they got me into this computing school to just while away time. And so you know what? Go ahead and learn how to use computers. So I hadn't touched a computer up until that time. And then I started up learning, first application programming packages, like, say, how to use Microsoft Word, that we take for granted today. You know those very basic packages. And then I went on to say, to learn how to program. So I started learning to program in T-Shop, in Java, in C++, and, my God, chris, I felt a lot Like it felt like I had found a part of me that had never been unlocked before.
04:36
I was always so excited to go to that computing place and at this time you know this time, when it had passed and my parents now allowed me to take the interest in dissemination that allows you to go into university in my country. I took it and I got admission into university to study medicine. So, and that was what my parents always wanted just to give you a bit of a background as well, where I come from a lot of times you do not have a model for success that was tied to tech. You know, people who succeeded were medical doctors, they were engineers, they were lawyers. So of course, my parents' model of success is lined up just in that direction, and African parents really do have quite an influence on what you pick to study in school. So if you talk a lot, they would say, oh great, you should be a medical doctor, right? If you know your science is very well and you seem smart with it, you should be a medical doctor. Or you should be an engineer if you're a boy, right.
05:35
So my parents had proposed. You know that I was definitely going to be a medical doctor, and they had sold me that dream for a long time. I had bought into it as though it was mine. But coming in contact with computers changed everything. I said no, no, no, that's their dream. It. Mine right now is being tech. So I had the uphill task of convincing my African parents we didn't have a model of success around tech to see tech as a place for their daughter and to allow me to fulfill that admission. So what I did was, at the time I didn't have a laptop to do my slides, so I couldn't afford one, so I bought cardboard papers and I then did these slides on cardboard papers and explained to my parents.
Chris SienkoHost06:20
You gave them a slideshow and it was paper.
Confidence StaveleyGuest06:22
A slideshow, a manual slideshow.
Chris SienkoHost06:24
Amazing. I love that.
Confidence StaveleyGuest06:27
And I explained to them how tech was the present and the future I would say more of a future at that time for them and how it was going to be this great thing and how I had so much fun and passion and joy doing it. And I don't think my parents bought into it because I said tech was the future, but I believe that in retrospect they bought into it because of how much passion they saw that I was portraying. And my mom always had this saying she said you can't outperform a passionate person. So I reminded her of that because I'm very passionate about this. This is something that you should definitely let me go ahead doing. And so, on the basis of the passion I had displayed, my parents had to trust me around, something that they didn't understand, but they could see that I was getting ahead of a hang of, and so they're allowed for me to fulfill my admission to study medicine.
07:18
I then did a diploma in software engineering, which really fit into now my interest in API security and how that's helping me secure the code that's written there. And then I went on to do a first degree in IT and business information systems and then I went to do a degree in IT management. It was during my MSc degree in IT management that I got to do an elective that was related to cybersecurity. That literally launched me on this part of cybersecurity. But I'm just saying that all of it was just my dogs getting lined up in a row by life and by just being exposed to computers in the very first place, and I'm really grateful to my parents for the courage they had to trust me on this one.
Chris SienkoHost08:00
Yes, yeah, yeah. They were basically stepping out into the unknown just like you were there, but I think I have to imagine that was probably good for you as well, in the sense that you were able to explain, not just to them but to yourself, what it was you liked so much about, computers, I mean they always say, teaching someone else is the best way to learn something yourself there, and that's a very good sort of clarifying moment. I have to imagine when you're saying these are all the things that I like.
08:26
So that's an amazing story. I love that. What a great intro. What a great organ story. So in 2019, you founded the CyberSafe Foundation, and this is an organization based around a vision of helping businesses and tech leaders all over Africa be cyber safe against threats from cyber criminals and malicious security practices. So, for our listeners who are just learning about the organization, can you tell us about the CyberSafe Foundation's goals and the methods to achieve those goals and your reach across the tech and business communities of Africa?
Confidence StaveleyGuest08:58
Yes. So again, just backtracking a bit, before 2019, I was in cyber, but I mean, I was serving in. I was serving enterprises through the organizations I worked with, squarely just helping them with the cyber security programs and stuff like that. But then something happened that was life changing. My mom became a victim of cyber crime and when that hit home, I knew very clearly but in what I say in third person or as another person that was close to the victim just how it felt to have this sort of experience and I wanted to do something. I wanted to contribute to making sure that less and less people have to have that experience. That we saw play out Right and it started from there.
09:59
And then I thought to myself what is the gap?
10:03
The gap between what the government is doing about cyber safety and what the private sector is doing about cyber safety. And there existed that gap that I could identify, first around awareness to around capacity building and three capacity building that is focused for diversity and also for the most vulnerable in our societies. So that's exactly where we pitched our tent ensuring that we're able to close that gap of what the government is doing about this and what the private sector is doing and that, for us, became a space to play and in that space there's just so many areas that we're coming to really provide our support to the entire ecosystem. But our focus has always been the most vulnerable in our society and also driving inclusion, and that's where our mission statement reads. That way, we are just less focused on how are we making sure that excluded people are included, and typically, with the statistics we're seeing, that's clearly most times women. And just to share one of those stats, across the world or globally, we may make up 25% of the cyber workforce.
Chris SienkoHost11:24
Right, oh yeah.
Confidence StaveleyGuest11:26
In Africa. Although we may make up 50% of the population, we may only make up 9% of the cyber workforce. Wow, so that's a beast mile, to say in the lightest way possible, right? So we wanted to make sure that we fix that in the way that not just fix six gender parity issues but also fixes the lack of skilled talent on the continent, also fixes socioeconomic issues Because, again, when you're able to give someone this sort of very powerful skill set, it acts as a way of not just protecting enterprises but also a way of improving their socioeconomic well-being. We've seen women get these skills and their lives totally changed because they are able to unlock new high-paying job opportunities. So that's one way we're able to have this multi-edge sort of cuts down these ugly things in our path. So we have that.
12:26
We also have the issues around awareness. People are not able to see the risk as to adopting technology, and if you were looking at the African tech landscape, technology adoption is at a speed and scale that we've never seen before.
12:44
Yeah, the transmission is flipping across the continent, but what we're also seeing is that we are seeing and I like to use this analogy we're seeing a case where we're putting our messages bends, our brand new messages bends in the hands of our five-year-old kids and not showing them where the brakes are. I mean, how dangerous can that possibly be? Then? That's exactly what's happening when technologies are adopted by users, technologies are adopted by organizations, without addressing the inherent risk that comes with the benefits, and so our whole mission is around that whole capacity building, that whole awareness that we need to provide for inclusive, safe digital uptake across the continent.
Chris SienkoHost13:29
Yeah, that's phenomenal and what I like about that. Many things. First of all, I remember seeing I was watching, like I said, I was on your YouTube channel yesterday and I saw that you had a video specifically where a young woman is talking to her mother about cyber scams, and was that based on your story with your mom or was it based in that?
Confidence StaveleyGuest13:52
Yes, it was based on that and because we've also seen that older people are constantly in the process of cyber criminals and a lot of them don't know better. So we've also seen that the channels have that really done well. Most times it's the younger children of these older people that are a bit more tech savvy than the appearance that should do that sort of teaching. So we played that out in that particular video and I mean that video has been spreading across Nigeria and in some parts of and other parts of Africa. We see we have people ask us can we take that content, show it here? Can we take that content and put it here? So as sites, you know what you're seeing. You know on the YouTube channel we have that spreading over social media channels. We have that in different other kids that the video has been taken and put in. So it's been a very successful run for us and we're very, very pleased with some of the results we're seeing.
Chris SienkoHost14:51
Yeah now, yeah, that moves into my next question nicely, but Infosec, you know, which is our company, and the Cyber Safe Foundation already have an excellent relationship together, which is why we're talking today and, I think, largely because we have such similar passions and goals, which include to lowering the barrier to entry in cybersecurity and to bring new voices and new and diverse experiences into the cybersecurity space and to make more and more of the world cyber safe, whether it's through tech or storefied education.
15:17
So to this end, confidence, you created the Cyber Girls Fellowship. This is a free one year program that equips girls and women ages 18 to 28 with globally sought after cybersecurity skills, getting them certification ready and positioning them to start a career in cybersecurity, with the mutually reinforcing goals of bridging the gender disparity, as you said, and the skills gap in cybersecurity, and improving the socio economic well being of girls and women living in underserved communities in Africa. So can you tell us about the sort of mechanics of this program, how it works and also how women discover and get involved with the program, either as as volunteers or as participants?
Confidence StaveleyGuest15:55
Thank you so much for that question, and I mean just to this ago I received a message from one of the girls that is graduating in that in our current core, just leaving graduating, we generally let them out our doors in November so we're taking a new cohort or we call for application and taking a new cohort towards March next year.
16:14
And she told me how, in her little village, you know, with completing her diploma and not being able to access jobs, she took on cybersecurity. She was attracted to what we're doing and she saw herself in it. But then again, speaking to why women's centric programs like Cyber Girls really do work, is that she got, she had, she was, she joined the program pregnancy, so she was three months pregnant and a program that is several months long, as challenging as Cyber Girls is. We then were able to build a structure around that to help her graduate and to do very well not just pass through but actually do very well. And she was telling me about how she's currently breastfeeding her child while looking at her congratulations email telling her that she's graduated and for me very phenomenal, because for me it just really underscores why this is very important. This person is in a village in Kenya.
17:09
This person has just had a child and then she's been able to unlock a skill set that is about to learn how to roll. Imagine how much that does for herself and for our family. So it's just really huge. And we currently have we currently run the program and from the numbers, we are currently the biggest on the continent that is doing this exactly this exact work for girls I would say young women, if you're looking at it from a global perspective, because they're 18 to 28. And what we do is we take a yearly call, we take them through a seven months training program, which we're very, very blessed to have InfoSec work with us on that path and I'm going to speak about that very soon. But what we, what we have there with with the training, is that we also have them paired with mentors across the world, in four continents to them, provide mentorship to them as well, so they're able to unlock the power of presentation as a way to enable them to see their future in cyber. And we use a mix of ways to teach them and I'm looking at a learning pyramid right now that we we definitely use and the learning pyramid has listen, listen.
18:19
When people listen to you, speak about something, they retain 5% of it. They retain 5% of it when people read about something, they retain 10% of it. When people listen and read, they retain 20% of it. When people demonstrate their knowledge, they retain 30% of that knowledge. But when they discuss it, they then retain 50% of it. But when they apply that knowledge, they get to unlock 75% of it. Now, the highest level of that is when they teach. Then they'll look about 85 to 90% of it. Again, our program doesn't cater to them teaching that. Of course they get to unlock that later. But what we have done with the design of the program is we've mixed in elements that allows them to apply that knowledge, to discuss it, to demonstrate it and then to listen and read. Of course, with the partnership that we have with Infosec and what we have known as well is we have a presence of. We have a presence or we have girls or young women in our program across 22 African countries. So there's quite a wide reach and there's very huge impact as well.
Chris SienkoHost19:21
Yeah, now how do the participants find your program? Are you advertising in media, or in print media or computer media or Facebook? How do potential cyber girls find you or find out that this could be an opportunity that they would get involved with? And if they see this, how do they actually sort of reach out to you and get involved?
Confidence StaveleyGuest19:50
Chris, it's an interesting thing that you asked that question again. Sorry, I missed it the first time, but what I want to say is we don't run any ads, and that is telling of the organic reach that we have.
Chris SienkoHost20:03
What about?
Confidence StaveleyGuest20:04
Yeah, what about? Because the repetition we have really does precedes. We've had so many success stories that we run out of breath talking about them. So that also means that the people that we've made this impact in again also because we've created a cycle is also easy to then basically know when we're going to be calling for applications. The month people get to know it's always in November.
20:26
So the people that have gone through our programs our town criers if I was pretty that way and on paid at systems that go on social media and keep talking about how this has completely changed their lives, because the thing about cyber girls that really does stand us out is not necessarily the tech skills. Those technical skills are fantastic to have, but that rounded experience that people get to have, that changes their perspective, that we work their minds, that we wires their minds, is really a very key thing they were able to create through the programming that I said. We have combined ways of doing what we're doing, and so what I'm saying that to say is and just to throw out some numbers is that we have very strong organic reach. We call out, call for applications in November every year. So organizations or communities that have women that are sort of like, would I say target audiences would then look out for that and then broadcast it in their communities when we publish the call for applications. And another thing we've seen historically is the opportunity Cuddles so like their websites that you go to that publish scholarships. They're always looking at what our social media platforms say when we're calling for applications and then they take that information and they broadcast it for us for free.
21:41
We also have a lot of like I mentioned a lot of the ladies just really talking about what we've been able to do with them, and the numbers show that this has been very effective. So, for example, in our second course we're able to attract 8000 applications. Last year we call for applications for our current cohort. That is just passing out. We then triple that number, so we had 20,000 plus applications come in.
22:05
So we're thinking about forecasting that we'll either double that number for this cohort that we were calling for this month or we're going to triple that. So it's really is organic that way, the way that we we attract the people that we want to see. Another key thing to mention as well is that we have a lot of women that actually want to come to cyber. I think those that organic you know large number we're able to attract, we just tells that what we don't have is maybe the funding to to scale the work we're doing. We may not have the funding to actually get a lot more of those women in, but the interest is very high in the African continent for women to come into cyber.
Chris SienkoHost22:50
What I like about this too this is just something that sort of came into my mind is that you talked about how you had to sort of make the case to your parents that a career in tech would be on par or similarly, you know, worthwhile for their daughter, as would be a doctor or a lawyer or an engineer or what have you. And I feel like the cyber, the cyber girls program here in Cyber State Foundation, is sort of acting like that, like an intermediary to a lot of women's parents, possibly saying like here's, here's this program, look at all these people who have done so well, this is, this is a legitimate sort of course of action. This is the thing that will, you know, lift your daughters out of, out of you know, their economic situations, or give them a new sense of purpose, as you said, and stuff like that. So that's, that's very exciting on a bunch of different levels.
Confidence StaveleyGuest23:40
And Chris just really chiming in there. We've heard many stories where parents are the ones who have sent them the link to to apply. So I got to hear about one. Yes, there's well someone who reached out to me sharing her story because, again, they're in hundreds so I can't, I can't know these the stories until they share them with me. And then she said, oh she, she didn't know about you know.
24:02
Let me just give some context. She's the best graduating fellow for our current cohort, so she is the best of the very best. She's coming out with like a 90 something percent score. So she is a forensics auditor who was just in school, almost finishing her course, and her mom randomly sends a link to have a look at this and she's coming out of her training now. She's done digital forensics and threat intelligence. Combining that with her forensics and auditing background is just a lethal combination. So we find that parents are able to see now with the examples that want their girls belong in cyber and I want to say that with emphasis as well, because for sure every week, we get people say a lot of things that against what we're trying to say, which is that these places for men, is what they'll say, you know.
24:53
so women do not have a place here, I get. So that's my face on Twitter.
Chris SienkoHost24:57
Yeah, I believe it.
Confidence StaveleyGuest24:58
Yeah so. So imagine that we are having to face both sides of that. We're having to face people telling our girls and us that you know, leave this space for us, it's for the boys. And then seeing, also, the parents are because they're able to see clearly that girls who come in here can thrive. We're able to share very resounding and very true success stories that they can also double check Right Then shows that their girls, their sisters they are, you know, whatever you want to call your aunties can fare very well in cyber, can have a thriving, beautiful career here.
Chris SienkoHost25:32
I love that, no, that's yeah, and I feel like you have now. You have a sort of two pronged attack against people who want to keep it. You know this sort of monoculture and this male monoculture, and it's like not only do we want this space for ourselves, but also our parents do.
25:47
Exactly, you're not going to say no to my mom, I just want to African mom. No, exactly, exactly. I hate cyber work. Listeners, I'm just going to jump into this episode for a moment to remind you that if you book a live online bootcamp from Infosec by December 31st 2023, you'll get $500 off the price. There's no promo code needed. Just book your bootcamp before the end of this year and it'll be $500 off the normal price.
26:12
So, as you'll soon hear, confidence Stavely has rightly made a name for herself as an educator in the realm of secure coding. She and I will talk about the many ways that secure coding isn't just an add on to another type of career, but a full course of study unto itself. Infosec has several secure coding bootcamps that qualify for the promo discount. So let's have a quick look at our secure coding bootcamp offerings here. Just going to pull up the pages and you will see that we have four different secure coding bootcamps one for NET coding, one for CC++, one for Java and one for PHP.
26:50
Now, these are not certification based. These are skills based. So they are for people who want real hands on examples of vulnerable code that they can learn to secure over a course of intensive training. So for the NET course here. You'll see this is a three day course of scheduling, with morning, afternoon and evening sessions and a full course of activities.
27:15
So if you're looking to kick up your secure coding skills in a very quick way maybe because your office requires it or because you want to show a future employer that you have these skills because maybe it's on their resume or on their list of requirements this is a really great way to get your secure coding skills very firmed up in your mind. And again, it's a lot of hands on work and that can only be an improvement to retention. So secure coding continues to be a highly desirable and multifaceted skill set, and learners who can show off their hands on secure coding acumen will find themselves on their desired path even faster. So to get your career ready for the challenge with Infosec secure coding bootcamp, just go to infosecinstitutecom, slash free and browse the live online bootcamp offerings. Again, register before December 31st 2023, and it's $500 off All right, that's enough.
28:06
Back to the show. So you said you could tell stories until you were out of breath, but so I want to hear a couple of them. Can you talk about some particularly interesting or inspiring stories about successes that any of the past or present cyber girls accomplished? You mentioned, obviously, your recent student and the threat intelligence, but can you talk about some past cyber girls recipients who are now in very satisfying jobs or doing interesting things, or maybe even teaching?
Confidence StaveleyGuest28:35
Sure, I have maybe two stories to share that just readily come to mind. One is from a 2.0 cohort Just before. 3.0 is the one we are graduating on and our first cohort. The 2.0 story I would like to share would be that of Kachipa Masipa, a young girl in South Africa who came through our doors, joined the SOC track I mean the incident response there and she went through our trainings and at the time she was just she was a waitress at the restaurant, a local restaurant which was struggling to get by and she finished the program.
29:20
We, of course, would add on things like CV preparation. We have master classes to leverage LinkedIn to position yourself with job opportunities. We would have sessions for interview prep and stuff like that. So it's not just the cyber part of things we get to do, but we prepare them whole somebody for the job market and to be able to attract the roles. Because, again, just to post that story and just share that, our key KPI is not in training the girls only. Our key KPI is in working them into the workforce. Because you see, that start we have our eyes on, which is 9%, that start doesn't get to change until women get into the workforce.
Chris SienkoHost29:57
Right.
Confidence StaveleyGuest29:58
So our real KPI is getting the women skilled first, so that we're not getting them jobs because they are women. We don't want women to have jobs because they're women. But, then skinning them up so that they can qualify for those roles and then through working them into the workforce by providing all sorts of support.
30:17
And so for Kachipa, we're able to then provide the support for her to get the skills and to position herself for the opportunities. And then what happened was, a month after graduation, she nailed an interview and got a job with a company that's listed on the Johannesburg Stock Exchange Market, which is actually the biggest stock exchange market on the continent. And just to show how that translates to socioeconomic impacts, her earnings increased by 400%. Wow, 400% increase. And when we spoke about you know, when we spoke she and I spoke about what does 400% mean for her in terms of increase? She said it allows her to be able to provide for herself and for her family better, it enables her to live a better and safer life in South Africa and it also helps her to be able to fund her personal growth. So, because the thing we're not having good socioeconomic opportunities is that you constantly live in a rat race right, you're in a spot and you can't seem to come out of it, but then, when you have this sort of your own part economically, you can continue to grow your mind and unlock new levels of opportunities.
31:28
So when she said these things to me was just too profound. I was very excited. And then if you go to the story for the girl in our first cohort, she was leaving in a very abyss moment like very, very little mint right and she wasn't exposed to using computers. And she came on our program and she was already 20. She couldn't use one right. And when she came the first day on the program she wrote a note on her desk that she was going to be the best graduating fellow on that court and she put it on her study table. But that wasn't all. She also put the hour she was gonna be studying to be able to attend that. And for me that was very profound because she said it was and she said exactly how she was gonna get to school.
32:11
And you know, and that was accepted, and we didn't know all of this until she graduated and she was sharing that story. Wow, look at her word. She actually came from her knowing how to use computers, to be coming at our best graduating fellow on the penetration testing track. So she is now in a pentestar and she got a job with one of the leading companies cyber security companies in her country and then her income grew by 1200%. Wow. So, but that, for me, wasn't just the greatest thing about her story and why her story is just very inspiring.
32:46
Because she became a pentestar, she found a vulnerability in I don't want to, I don't want to class it, so we don't say too much but she found a vulnerability that could have been costing that company hundreds of thousands of dollars. That vulnerability allowed someone to basically change the price of any digital product and successfully check out. So a product that could be, say, $100, they could buy that same product at $1 and actually check out. So that vulnerability was present and she was able to responsibly disclose that vulnerability. It was validated by them and then she was paid a bounty. Now the bounty is the smallest part of the wind for me.
33:30
That, I see, is how trading that girl has kept that ecosystem secure. The real effect of the success of cyber girls is saving that company money, is creating more trust in the ecosystem because again, that kind of incidence with company losing that sort of money could have cost quite a lot of havoc. But then also knowing how to go about finding that vulnerability and responsibly disclosing it, and having the ethical grounds to do that, is something that I am beyond proud of. And those stories really just summarize some of the key ones, cause I said, like I said, I could go out of breath excitedly talking about all of them.
Chris SienkoHost34:08
I love that. No, and I love that you, all of your stories so far, have talked about sort of upward spirals of it's. Like you said, it's not just having enough money to not live in in poor conditions, but it's also to allow personal development, personal growth in the space to do that, and so people don't always think about how much money it costs to be comfortable enough to do ambitious things, and so I love that that there's an eye not just on okay, here's the skills you need, now get out of here and go for it or whatever Like there's this community, there's the sort of mutual reinforcement. It's all very, very exciting and very inspiring. So for my next question, I mentioned before, InfoSec and CyberGirls are closely collaborating right now through the use of our InfoSec skills platform. So can you talk about how the girls are using the skills platform and some of the common learning paths that they use and stuff like that?
Confidence StaveleyGuest35:10
We're using the skills platform for every part that we have involved CyberGirls, and then just get the listeners right on track with how our program runs. Our program starts off assuming that you don't know anything in cyber, because we also target people that do not hold any major certification and do not work in cyber at the moment, because if you're already working in cyber, you've done the job for us. We're not a fancy program just getting women to learn cyber, but we have our eyes fixed on, like I said, that's that and just getting that parity to happen. And so if you already work in cyber, for example, well done.
35:49
We'll be cheering on for you here.
Chris SienkoHost35:51
You're trying to get things from zero to one, not from nine to 10.
Confidence StaveleyGuest35:54
You get what I mean, so that is our focus and so our program is also designed that way. We start off with cybersecurity essentials, which is just cybersecurity awareness and responsibilities of digital, and then we move on to understanding basic concepts around cyber and knowing how those work, understanding how to use computers and operating systems and things like that, how computers talk to each other. You're also able to look at networking fundamentals as well. So that builds sort of like a major base for you. So we cover the fundamentals quite strongly. So whatever you choose to do in cyber because again there are different domains in cyber right Whatever you choose to do, you will need that base that to flourish from. Whether you want to be a pension tester or you want to be a governance risk of compliance person, you just need that base. You need to know how computers talk to each other.
Chris SienkoHost36:47
You need to know how it all works.
Confidence StaveleyGuest36:49
Yeah, right, you need to know how it all works right. So, and from there on, we then have six learning tracks. We have critical infrastructure security, we have cloud security, we have digital forensics and threat intelligence. We have the famous guy, the VAPT track, vulnerability assessment and pension testing. We have incident response, we have cloud security and we have DevSecOps actually seven parts right and for all of the tracks we have InfoSec content helping us help these girls to understand the concept, starting from the fundamentals right into all of these tracks.
37:28
So something like critical infrastructure security. We have using the skills platform as well to do that For cloud security. We really just used it as well For the VAPT track I mentioned earlier and for all of our tracks and, for example, when we were trying to teach the girls how to use the Linux operating system, we just fell right back on the InfoSec platform to really help us with that and we depended wholly on that and it did the job. And to test that we were actually successful and working with InfoSec and the learning content. That was fantastic and perfect for what we're trying to achieve.
38:06
We have one major way we're able to do that and that was the Linux part. So we call the Linux part is actually a CTF event and other fun things happening. So we were able to get our girls, after completing the Linux module a month after, to then be part of the CTF, and our girls are phenomenally well capturing all of the flags that we were able to put up. So I'm saying that to say that we are very grateful for the InfoSec partnership with InfoSec that has brought very closely to our girls the convenience of learning well and getting these skills imparted very effectively, and we're very grateful.
Chris SienkoHost38:46
That's great. So can you tell me about sort of how the skills platform combines with? I guess I don't have a sense of? Are these in-person classes in these various areas? Are there virtual classes? Do you have lectures that then sort of move into the skills applications? Like how what is like an average sort of like class day Flow? Okay?
Confidence StaveleyGuest39:12
Ah, okay, great, Thank you for asking that question. So what we do is we have a curriculum and we map what needs to be taught to, where that needs to be taught or where that needs to be learned Right, and we give the girls the task to self-study by using that platform. So we give them access to that platform we manage that very closely Thanks to the way this partnership runs with InfoSec and then we give them that access so they learn a particular. So we can say this is the module you took over for this week. This is the grounds to cover. And then you self-study. But on Friday we have you self-study using the pre-recorded videos and the content of the labs on the skills platform.
39:58
And then on Fridays, fridays and Saturdays, we then have live sessions where our trainers that have gone through that training as well then able to come in and answer questions. They're industry professionals. They also go through the training on InfoSec platform. They're then able to answer questions. So if there were issues that girls run into, or they had, they saw something they didn't quite understand they're able to ask those questions in real time, have them answered and they're able to continue the training. So that is sort of like the modest upper-handy of how the program just runs. We have set expectations on a weekly basis that they already would know at the beginning of the program because it's all chatted out and then we assess them. We are able to also track their progress again because of the back-end access we have to what they're doing.
Chris SienkoHost40:50
That was what I was curious about, because I know that there is a sort of self-paced study nature to using this platform and, as you said, I like that you meet once a week so that there's not a lot of time to drift. But you know, and so far you've talked to mostly all I'm sure most of your students are all like very committed and working every day. But like, do you have any tips? Or like how do you keep the cyber girls engaged during the many months they're in the program with a self-paced thing, like how do you keep them meeting their milestones and that sort of like getting overwhelmed or drifting or whatever? I think I imagine the weekly check-ins are part, but are there any other aspects?
Confidence StaveleyGuest41:28
of that, yes, many aspects of that. So first of all, most is who we let into the program in the first place.
Chris SienkoHost41:34
Right, okay.
Confidence StaveleyGuest41:35
Selection process is very big on passion. How badly do you want it. The thing with very passionate people is, half the time they're already self-led, they already have a vision that they share with you. So it's also the vision is owned. The outcomes that you want for them are also mutually aligned. So what do you want for them to get inside? But they also want for themselves? So it's not something you want for them and they're just sitting and watching you and getting all of the freebies, but they're very engaged because that's what they want in the first place.
42:06
So imagine that we get 20,000 applications. The 500 are giving this opportunity, which is less than 5% feel already lucky and have worked very hard through the four stages of selection, including an interview. So imagine all of that. To get in, like you need to kill it, right, yeah, yeah. So that's one part is the selection first, and then we also have intentional mechanisms around building a community. So there is this sisterhood bond that we have going on very strongly in the community. There are people that we have in groups of fives that are always going through their mentorship calls together, doing projects together, so they're each checking on each other and sort of supporting each other.
42:51
There's also the side where we provide something called. We have people called success advisors. For success advisors, their KPIs are getting those girls at finish line, so they succeed when the girls succeed, and that also means that they support them through succeeding to the check on them. If something's wrong, I wouldn't know about it, there would be the ones to know about it. If somebody is having a hard time someone has lost their love run, for example, and needs to take a break, somebody is having such a hard time at work and it's tips on how to navigate juggling both those people are responsible for providing that support.
43:25
So that is one bit of things as well. Another bit of things as well is that we have frequent assessment that they have to continue to qualify for to reach the finish line. So there is that dopamine and adrenaline rush as well to just keep going, and when you pass you are happy. You go on like that. So when I say, gamification in a way just really continues to keep the energy up and to the get to the finish line.
43:49
So we have quite a lot of mechanisms and, of course, the weekly check-ins as well. Right, the weekly check-ins are with video turned on, with AI tools not allowed to be used and things like that. So we are able to then, if you're not in a check-in, call what has happened? Where are you? So we have all of those mechanisms that are allowed for us to have a lot of people in the program, but then they still feel like it's a very tiny group. It's big but still small. So we enjoy the benefits of being big but then give them the benefits also being small, and that has been very helpful in our retention rate.
Chris SienkoHost44:24
Yeah, now I want to thank you for that answer. Now I wanted to talk a little bit about I mentioned it before but your KPI Kitchen series on YouTube and there's this great. If you all haven't seen it, go look up KPI Kitchen with confidence. And you explain very well the sort of OWASP top 10 API security issues. They're top 10 names, like most common, and you break them down using restaurant metaphors and so forth. And I noticed that you mentioned several times that secure coding is a big part of your sort of passion. Can you talk about secure? Is secure coding ever part of the sort of Cyber Girls program and can you talk about because I think we know we can understand what a penetration tester like. If you learn penetration testing, you know what you're gonna do. If you learn incident response, you know what you're gonna do sock analyst, whatever. Can you talk about? Like the women who learn secure coding and what that leads to in terms of like career tracks?
Confidence StaveleyGuest45:29
That's a very interesting question. And I say very interesting question because our second best graduating fellow is a software developer who is not going to be a cybersecurity professional anytime soon but is going to be taking the skills she's gotten to write more secure code for the company that is hiring her virtually, or that has hired her virtually to work from Kenya, but for her company based in the US. So the company is based in the US. So I'm sharing that, because a lot of times when we talk about the work we do in Africa, it always feels like always sits in Africa, the benefits sits in Africa. But we're setting the whole world because look at that one talent that now knows how to code more securely.
46:08
That went on a DevSecObstract and I'm just going to highlight that. And for a DevSecObstract the requirement is that you need to be a programmer. So you need to be a programmer or a software engineer to be able to get on that truck, because we are just looking at secure coding the entire time. So people like Agnes Koina who came on that program, the ripple effects would be that the kind of she's going to sit in her software engineering role that she currently has and she's going to write more secure code, because it's very important that our influence as security professionals stretches to the adjacent. I like to call them the adjacent because they're not exactly security people. They're not going to be taking on a security role, but they're going to be doing their roles with security at the core of it.
46:58
And let me also share some sort of knock-on effect on how we see that as a best practice. A lot of organizations may not have security champions, who is maybe someone who is a core security person who comes in to provide support to the team. The security champion, which is a best practice that we've seen with ensuring that code is written securely, is that a member of the team could be someone who codes or designs the programs or creates a product, but has security knowledge or has been trained to have security skills, and that person is now able to not just write secure code but able to support their peers and ensure that they're taking on best practices and using the right frameworks and tools available to make sure that code is secure. And so for us, the DevSec Obstruct leaves and breaks for this reason, to be able to attract people that are, in other sense, that create technology products we use on an everyday basis, but then they have and they're skilled with security skills to help ensure that they're pushing our products that are secure by default.
Chris SienkoHost48:04
Yeah, yeah, that's great, because I think certainly, if I don't understand it, I imagine other listeners don't understand but the role of secure coder isn't just that they're reading existing code and saying, no, this isn't secure, you should do this. But there's also a planning element, right that they're at the beginning of the creation and saying we have to make sure that we're implementing this, this and this, or we're using these tools or these free written code pieces from GitHub or whatever. We have to make sure that all of this stuff is airtight so that we're not introducing vulnerabilities from day one and so forth. So it can be a very I think people think of secure coding sometimes as an add-on to something else, but it's very much like a substantive role unto itself, right?
Confidence StaveleyGuest48:54
It is, it's very much is. And talking about secure coding, there has to be a culture that supports it. Now, ideally, this should happen from top bottom, but in some organizations where they don't have that luxury of the top being, we want to drive that sort of change. We've also seen that organizations that have that security champion that is also a software developer is able to influence their peers around writing to do, and that's also the sort of change that we really are hoping that, as a secondary part of our change story, or the change dynamics that our program is able to drive in the ecosystem both on the continent and globally, is that we're able to contribute to the number of people that create this product for us, that have security skills as well and then serve us change agents within the organizations.
Chris SienkoHost49:45
Yeah, yeah and, like I said, that again has an upward spiral sort of knock on effect in terms of the entire sort of world security ecosystem, which is very exciting. So, as I mentioned before, cybersafe has many different programs alongside CyberGirls, and one of its most crucial goals is making African businesses and tech users more CyberSafe. So, to that end, you've launched Cyber Security Awareness Program campaigns that have reached over 20 million people, organized Cyber Security Awareness Training for over 4,000 SMEs, subject matter experts who educated over 11,000 employees of their organizations, launched Africa's first storied, certified cybersecurity awareness handbook and created I love this so much possibly Africa's first Afrobeat Cyber Security Awareness song, which I'm going to be playing again as soon as this interview is over. Here's some. I'm delighted by how closely tied our goals and approaches are in bringing security awareness to the masses. So, along with the song and the SME education, can you talk about how some of these initiatives you created around security awareness are implemented in Africa?
Confidence StaveleyGuest50:47
I mean, there are many ways I could speak about this, but I'm very excited to first highlight how our programs are also sustainable, or we're making our programs sustainable. One of the ways that we're doing that is, for example, the song you spoke about is an Afrobeat song that really does resonate with people. They can dance to it, but while they're dancing they're caring about passwords and strength and turning on too fast to authentication.
51:13
All of those best practices are not clicking on links anyhow. They're learning these things, but in a way that is very subconscious, in a way that also can easily be mainstreamed. And that's where I think that we really need to get to as an industry to really constitute that we want to see mainstreaming efforts, and so what we've done with some of our programs is that we've collaborated with ecosystem players. We're currently partnered with the Committee of Chief Information Security Officers of Financial Institutions in Nigeria, and what we've done is we've taken that asset we created, which is the Afrobeat song, and we're working with them right now and so that when you walk into banking halls, you hear that song play.
51:58
When you're listening to radio, currently we have campaigns we're running with Debova radio, which is one media that's really penetrated very, very many areas that digital technology hasn't gotten to.
52:11
Really, we also have this on social media as well, and then we are just driving that campaign jointly with them, both on the bank-owned platforms and on paid platforms as well, and so that sort of collaboration allows us to extend the impact that we're creating with the assets that we have, and then it also helps us to keep that going in the ecosystem.
52:37
So that's one of the ways we're able to do that, and we have other programs, like you mentioned, like the Shine your Eye program that is really focused on elderly people and a lot of them. What we have seen, and why we are picking some of the methods we've picked, is a lot of them are retired people. They have a lot of time to spend on their phones watching fun videos and laughing their heads off. So while they're doing all of that, they're also very likely to share videos that they find interesting and what type they would share those sort of videos. So what we're doing also is we're using, we're dramatizing some of the things that we want them to be able to learn and the best practices and allowing for them to then circulate this sort of content. So it's been very interesting to watch and see how this pans out.
Chris SienkoHost53:23
That's cool. Can you tell our listeners the name of the song and is there a particular platform that, if you listen to it on iTunes or Spotify or YouTube or what's the best way for them to sort of drive out the numbers while they're enjoying it?
Confidence StaveleyGuest53:37
Sure, yes. So you can definitely find a song on YouTube and all of the streaming platforms, spotify Inclusive, apple Music as well. The title of the song is no Go For Maga, so it is Street Speak for Don't Be a Victim of Cybercrime. So it's no N-O, then Go is G-O, and then For is, of course, f-a-l-l, and then Maga is M-A-G-A, so that's previously, or rather that's currently, the one Maga is used to describe somebody who is a victim of cybercrime, and so what we're saying with this song is we wanted to make sure that the average person on the street can understand what we are saying and can really relate with it. The person in a white collar job can also relate with it as well, and so that's why we picked something like that. That's a very common phrase that's used, and then we can also write on the call to educate.
Chris SienkoHost54:30
So it's kind of the title is kind of like don't be a sucker or don't be a mark, kind of thing right.
Confidence StaveleyGuest54:35
No.
Chris SienkoHost54:37
But in a gentle way.
Confidence StaveleyGuest54:38
Yeah, don't be a mean person. Don't be a mean person and sucky.
Chris SienkoHost54:43
Don't be the person that everyone else is laughing about behind the back. No, they click the link. So I guess, from that perspective, what are some of the most common security mistakes that you see people making? Are there certain social engineering or fishing techniques that are prominently employed or especially effective when targeting people in Africa versus other countries or cultures? Are there any particular sort of Africa, specific ones that you see that you have to sort of? You know that are sort of tied to it. You know like expectations or whatever.
Confidence StaveleyGuest55:13
Yes, I would say that this may not exactly be very unique to Africa Maybe the channels would be but what we have seen as a very common mistake is that cyber criminals are very they're very current. They're always just aligned with what's happening. So if there's a new policy in government, if there is a seasonal thing that gets to happen like in the US currently there's Thanksgiving in Nigeria you know, in December it'll be Christmas, you know. So any of those seasonal events if it's Mother's Day or there's a new policy that someone is being given to a set of people, cyber criminals align their scams to that. So they create those sort of harmful links and spread them on platforms as simple as WhatsApp or on social media platforms.
55:58
You know those are very common ways that they're spreading. So it may not even be something as technical as phishing. You know sending an email. You know it could just be a WhatsApp message from someone you actually know who has been compromised and is just spreading it. Yeah, and then you could be something on a message on Facebook, for example. That's just spreading it. So, but then you can see, for example, in Mother's Day, oh, would you want to get your mother into this raffle draw to win this car because Toyota is turning 50. And if you check, sometimes around that time Toyota might actually be celebrating the milestone anniversary. So we found that there's quite a thing, a trend, with cyber criminals aligning themselves to policy exactly the right on the way.
56:44
I think that's what they say. They really just write the tide and use that as well to really defraud people.
Chris SienkoHost56:53
Yeah, yeah, no. Yeah, that's unfortunate and it's all too effective and I think we all sort of know that. But anyone can fall for it, you know, like in a moment of weakness, you know, no matter how smart you are, savvy you are. So it's always good to keep learning and it's always good to sort of always be aware and sort of building in sort of ways of checking things externally rather than just clicking the link or whatnot. So we start to wrap up. What advice do you have for youngsters who want to start a career in cybersecurity? Are there certain common pitfalls or obstacles? You see that you know how to avoid along the way.
Confidence StaveleyGuest57:30
OK, they're a couple. First, cybersecurity is often being touted in a way that the financial benefit is put on the fore. So I like to clearly state that this is not a get-rich-quick scheme. Right, getting into cyber? Yes, it does. It's very financially rewarding and, I would say, very many times it could be in due time. For some people it happens in the first year. For some others it may not happen in the first year. Just rack up that experience and you will be successful.
58:06
Another key thing I want to say is we need you here. It doesn't seem, with the way we do it, like that. We actually need you right, but we do need you. So the key thing is you need to be resilient, push through all of the nodes that you're going to be getting, push through all of the challenges that you're going to be facing and you're going to be successful here. Another key thing to also note is this is not one place that you know. I know you've always heard about being an ethical hacker, but that's not the only thing that exists in the cyber domain. You need to come in, explore and double around, knowing what XYZ is, also remembering that your transferable skills, and everyone's transferable skills, do apply in cyber, finding that place that it applies, and just grow your knowledge from there on. There's also the temptation of taking on the whole haystack at once, like doing everything being of the wrong knowledge.
58:59
But I would say that I highly recommend a T strategy. When you're coming into cyber, you come in, you learn the fundamentals and then you narrow down to a path. You give it your all, get enough value to get your doors, your feet, through the doors of an employer and then continue to learn there from experience and, of course, enlarge your skillsets. So I would say, start off focused on a particular path after pushing the fundamentals, and then grow on from there, so you're not in the trap of wanting to learn everything and learning none. So you don't end up being the person who is trying to conquer or gets defeated by conquering none, but by the time you're conquering and you're getting ahead, you also feel the satisfaction of doing something Right. Also, the last bit for I want to mention is that we're also almost always too focused on the hard skills, the human skills, because I don't want to call it soft skills the human skills human skills to communicate, you know, is what is going to help you.
01:00:01
Even with your pen testing results, you need to write a report that communicates your findings, right and remediations for that. So, regardless of where you are in cyber, communication is a very close skill being able to work with other people in a team, critical thinking, your ability to take something and then, you know, think about it in many ways. And if you do not enjoy problem solving, please don't come to cyber. It's not a place for you every day is a problem. Yeah, you know you need to enjoy working here.
Chris SienkoHost01:00:28
Not a job to push. Just push the same button over and over you solve problems every day.
Confidence StaveleyGuest01:00:32
So I would say really hone your soft skills while you're working on your hard, your hard skills as well, because they're equally very important. As a matter of fact, it will be easier for you to get a job if you have both. So you may most likely repeat if you were the king competition and you were standing shoulder to shoulder with people with the same level of hard skills and technical skills as you do, your soft skills will stand you out.
Chris SienkoHost01:00:56
Yeah, that's. That's. That's awesome advice. You're talking to me, but I feel like you're talking at me as well. I've been the person who's tried to conquer the haystack all at once, and so I always need to hear that you need to sort of parse things out. But, yeah, great advice, thank you. So now we're about to wrap up today. It's coming up on the hour I could talk to you all day, kind of, as your your total joy and I really appreciate the time you've you've given me. But as we wrap up, can you do you have any plans or strategies to grow the amount of cyber girls per cohort? Are there certain things that need to happen in terms of volunteers or material contributions to increase the reach of CyberSafe Foundation to continue pushing through to its goals?
Confidence StaveleyGuest01:01:33
Raise fingers crossed, but we're really, really, really working hard on an expansion and we can't wait to get on that journey with InfoSec as a training partner. But a major challenge we've had is we're such a fantastic program that is not exactly supported with the funding that we need to run. I mean, I'm talking about quite a lot of dynamics that help us achieve the kind of results that I've spoken about, and it does take money, it takes a team to run this and it takes resources to be able to have access to certain things and to support these women. So a major challenge around growth is just the funding. We already have a structure that we can scale and we know how to scale. We'll just need that plug and we're working on it. I'm hopeful that the partners we're currently speaking with do come on board supporting us and throwing in all of it like we are throwing it now, right now.
Chris SienkoHost01:02:28
Yeah, yeah, fingers crossed. That sounds amazing. That sounds like you're on the right track there, so I got one. I'm sorry.
Confidence StaveleyGuest01:02:33
Oh sorry. Yeah, Our goal is that we want to be able to drink 20,000 women in cyber in five years. So once we get that funding, we do have the structure to scale from 500 women a year to 4,000 a year and then be able to have 20,000 of them in five years, and what this would mean is that we would very easily also be able to export a lot of our talent to service the global community. We would also be able to close the skills gap. We would also be able to skew those numbers around diversity as well on the continent.
Chris SienkoHost01:03:09
Yeah, 100 percent Awesome. So one last question here If our listeners want to know more about Confidastavley or the CyberSafe Foundation or the CyberGirls program and other programs you offer either to sign up themselves or to volunteer. If they're a tech person, when should they go online?
Confidence StaveleyGuest01:03:26
Oh, great. So our website is CyberSafeFoundationorg for the organization, and I'm sure you've heard from my voice when I was talking about cyber girls and everything that I'm really passionate about cyber girls. So, yes, it does have a website of its own and it's cybergirlscybersafefoundationorg, so you should definitely check it out. If you're signing up, we are calling for applications from the 20th Just going to double check that. I think the 20th is going to come back. So let me just say that we're opening applications on the 20th yeah, 20th of November for three weeks, so you can definitely sign up on our website.
01:04:00
If you're looking to volunteer as a mentor, we also have a form right there. If you're a woman with three years of work experience in cybersecurity, you're welcome to apply. We also have opportunities for people to be our facilitators and our judges. So that's also that particular bit of things is also gender neutral. So if you're a man as well and you are an ally that's looking to support women, we welcome you with open arms. Please come on board. And if you're a donor as well, we really need those donations to come in. You can also donate on our platform, thank you.
Chris SienkoHost01:04:33
Can you talk about? Is there a donation portals through? Yes, Everything OK great.
Confidence StaveleyGuest01:04:37
Cyber City Foundation so we can take your donations in Naira in dollars and in euros. So you can donate on the platform knowing that you're contributing to changing a woman's life. We have some different programs that allow you to do that, either as a one off or as a monthly automatic payment that comes off your account. And if you set up the one that allows automatic payments to come out, you can sort of take on the sponsor, a cyber girl, where the money you donate is going towards covering the cost of training and the tools.
Chris SienkoHost01:05:09
Yet to a particular young woman on the program yeah, love it Well, Kevin, thank you so much for taking us through this exciting, all these exciting things that you and Cyber State Foundation are doing. It was a real pleasure talking to you and I'm so glad for your time.
Confidence StaveleyGuest01:05:22
Thank you so much, Chris. This was very, very interesting and exciting for me.
Chris SienkoHost01:05:26
I'm so glad to hear that and, as always, I want to thank you, our cyber work listeners and video viewers whether this is the first episode you're watching or you've been with us since the beginning, we are so grateful to have you along for the journey. So, also, if you have any topics you'd like us to cover or guests you'd like to see on the show, feel free to drop them in the comments below. I'm always checking those out. So before I let you go, I hope you'll remember to visit Infosec Institutecom slash free to get a whole bunch of free and exclusive stuff for cyber work listeners. So we've got the bootcamp promo offer. This is huge, from now until December 31st 2023. If you buy a book of bootcamp with Infosec, you'll get $500 off the purchase price right off the top. No promo needed. Just go to InfosecInstitutecom slash free and browse the available bootcamps.
01:06:09
I always like telling those folks about our new cybersecurity awareness training series, workbites, which features a host of fantastical employees, including a zombie, a vampire, a princess and a pirate, making security mistakes and hopefully learning from them. Also still there, infosecinstitutecom slash free, our free cybersecurity training talent development ebook, you can check out our in depth training plans for the 12 most common security roles, including sock analyst, penetration tester, cloud security engineer, information risk analyst, privacy manager, secure coder and more. We talked about quite a few of those on today's program, so hope you'll check that out as well One more time. Infosecinstitutecom slash free and, yes, the link is in the description below. Thank you once again to Confidence Stavley and the CyberSafe Foundation and the Cybergirls program and, as always, thank you so much for watching and listening. We'll speak to you next week and happy learning.
Subscribe to podcast
Free cybersecurity training resources!
Infosec recently developed 12 role-guided training plans — all backed by research into skills requested by employers and a panel of cybersecurity subject matter experts. Cyber Work listeners can get all 12 for free — plus free training courses and other resources.
Weekly career advice
Learn how to break into cybersecurity, build new skills and move up the career ladder. Each week on the Cyber Work Podcast, host Chris Sienko sits down with thought leaders from Booz Allen Hamilton, CompTIA, Google, IBM, Veracode and others to discuss the latest cybersecurity workforce trends.
Q&As with industry pros
Have a question about your cybersecurity career? Join our special Cyber Work Live episodes for a Q&A with industry leaders. Get your career questions answered, connect with other industry professionals and take your career to the next level.
Level up your skills
Hack your way to success with career tips from cybersecurity experts. Get concise, actionable advice in each episode — from acing your first certification exam to building a world-class enterprise cybersecurity culture.