As most involved in the cybersecurity field, my day also consists of a long and tiring schedule, but also as most cybersecurity experts, I love my job and this industry. Working towards a better and more secure digital space is a great motivation each morning.
Because of this field I have had the please, and still do, of meeting and working with a great array of cybersecurity experts who have a great deal of experience, however, I still get to meet and work with a great number of aspiring youth with a passion for this industry. As it comes with many challenges, requires a lot of time and effort, studying, staying up-to-date with all new innovations or potential threats, and a great deal of time, for many, an imbalanced work-life schedule, with time away from loved ones and a lot of focus on work. I am sharing with you a day in my life and the balance that I have found.
5:20 AM: It starts this early with the annoying alarm clock emitting a random pattern of beeping sounds. I get tempted to actually chase after the clock in order to shut it off, but fortunately, my wife gets to it before I do, and just like that, the first ‘false positive’ alert of the day officially checks in. I turn sides and continue sleeping for the next 15 minutes. It happens that the 5:20 AM wake-up alert was for Jeff, the 4-year-old, whose bus driver will be hooting outside the gate at 5:50 AM. After he leaves, it will be my turn out of the same gate at 6:30 AM.
7:45 AM: Thanks to the excellent road network in Nairobi city, I am at the building entrance in the heart of Nairobi City (CBD) staring up at the office on the third floor.
I acknowledge that I am about to undertake my official workout for the day and I cannot help reflecting on my life before the cybersecurity career, where an hour morning run from 5:00 AM to 6:00 AM was the norm. I find my way up panting slightly, but I make it. I also make a mental check and mark the workout task as complete as I proceed to open up my laptop. I grab a cup of tea and start a routine that will take the next four hours.
Getting Work Done
I review and reply to emails ranging from security logs to admin issues and business development. I complete tasks related to the review of the expected receipts, plans for expenses, follow-up on customer leads and I must say that having had a business background early in my career comes in handy, otherwise, I would take the whole day with these tasks.
I will identify and reach out to the established cybersecurity firms and create a business case for them to consider strategically entering into the untapped East African cybersecurity market. On the list of benefits that I will include in the proposal, to such potential firms, is the need to tap into the local affordable talent that this part of the world is currently able to produce.
As an ISO/IEC 27002 Lead Manager, I have to understand and be able to help organizations implement 93 security controls (previously 114), and having first-hand exposure and experience with solution providers that address the required controls allows me to deliver effective solutions to customers on consulting projects. At the same time be a very effective IS auditor, when on an Audit, and Assurance engagement.
I get to review dashboard reports from a Unified Threat Management (UTM) platform for all the managed cybersecurity services customers. I resolve any pending issues or escalate them as required and communicate the event or events to each client as per the agreed Service Level Agreement (SLA). This process is very different for every organization and is dependent on the maturity of each organization’s security process.
Working Through Lunch
12:00 PM – It is time to rush for an early lunch and get to work through lunch as I prepare for the cybersecurity training scheduled at 2:00 PM at one of the partner institutions.
2:00 PM – I get to work with aspiring cybersecurity professionals, help them acquire cybersecurity skills and also get them to pass top cybersecurity leading certifications. I have to be creative with the instructional design as the certification exams are recommended for professionals who already possess some years of experience in cybersecurity job roles. This is not always the case.
Most (about 60%) of those enrolled are recent computer science graduates with one year or less in the cybersecurity space. To close this gap, I ensure that for each student, I provide access to our lab infrastructure that will simulate real-world business environments, processes, and IT infrastructures.
I will also ensure that they get access to the latest penetration testing distribution tools and finally ensure I provide them access to the top open-source solutions, which they will use to protect the IT systems that I have provided to them. I will also get them involved in the testing and evaluation of our partner products as well, in any ongoing cybersecurity research. At this point, I am more than ready to call it a day.
The Evening Commute
It is 5:00 o’clock somewhere, and it is finally Nairobi’s turn. As the “city in the sun” prepares for sunset, it is time to get home to compare notes of the day with Jeff. For the commute home, I will be using Nairobi’s public transport which consists of buses referred to as “matatus”, very colorful with most having all the colors of the rainbow in a perfect balance, served with blaring music and branded with posters of legendary American rap artists as well as free Wi-Fi on most of them.
Once inside, my attention is drawn to an IP camera at the front, and just as I thought that cybersecurity work was done for the day, I find myself where we all start, i.e., information gathering phase (Wi-Fi name and password name in plain sight), I find myself asking the question, “What other devices are connected in addition to the IP camera?”
As I am about to jump to the weaponization phase, I make a quick glance around the bus, first at the young man sitting next to me who has been engaged with his phone the entire trip.
His phone seems capable of handling advanced mobile penetration testing tools and I start thinking of what he could be capable of accomplishing.
I, now turn to the other passengers and start asking myself, “Are the hackers here?”, “Have they already taken over the IP camera?”, I question the thoughts in my head and even start asking myself if a medical doctor happened to be on board, whether he would be sitting around imagining how one of us would look like after multiple fractures from an accident. After that thought, I immediately stop and fortunately it is time to alight from the matatu.
As I alight, I promise myself to focus on good thoughts and leave the challenges of cybersecurity to official working hours.
It is now 6:00 PM and I am finally home. I find Jeff in the sitting room and after some warm hugs, he quickly invites me to check his new “invention”. It turns out to be a combination of my old gadgets (cables, computer parts, and more related stuff) all precariously connected together using my tool kit set as the base.
I make a good effort to listen to his explanation of how it works, but as I listen all I can picture is his entire invention coming down once I take my tool set kit, another example of a poor security design. He seems to be no different from the software and application developers in the world who ignore the need to implement secure software development practices.
It is now 6:30 PM and the mom is home. It turns out that this is the best time to pull my tool set kit from the invention. I will have a good laugh when I see the invention come down. I also understand that I am about to start the final official workout of the day as I have to run as fast as I can.
I will eventually get caught, just as it happens in the real world where getting hacked is a matter of when not if. And just like that, I will be looking forward to the challenges of the next day.