Editor’s note: The ISACA Cybersecurity Month Scholarship is one of the ISACA Foundation’s global academic scholarships for students pursuing an undergraduate or graduate degree in cybersecurity. Five awardees are selected every year and receive funding for their school tuition and an ISACA career building bundle. The application is open during Cybersecurity Month in October in recognition of this initiative to help create resources and awareness for digital security and support students who identify as a member of an underrepresented community in cyber. Below, some of this year’s scholarship winners, Samuel Gituyu Mwangi, BSc IT, CEH, CCNA, Collins Bunde, senior security analyst at Accenture, and Nayananjalee Rajarathna, web security analyst, BSc. ICT (RUSL), PGDip. Cybersecurity (SLIIT), share what motivated them to enter the cybersecurity field and how they have observed Cybersecurity Awareness Month throughout October.
Samuel Gituyu Mwangi (SGM): During the early 2000s, when internet access was relatively novel and costly in Kenya, I recall optimizing low bandwidth by engaging in social interactions within IRC hacker chatrooms. The distinctive culture characterized by a fervor for knowledge sharing and exploration was truly compelling. This same spirit, alongside the people and culture, resonates with me in many contemporary cybersecurity environments, and it continues to be a source of fascination.
Collins Bunde (CB): My dream of majoring in computer security and forensics began in primary school, when I first used a computer at my uncle’s house during the holidays. Later, I had the opportunity to meet and learn from Professor Keffa Raba, a cryptographic scholar. His fascinating stories about how evidence could be acquired from computers to catch and convict cybercriminals inspired me to change the course of my career.
Nayananjalee Rajarathna (NR): I always had a passion for technology since high school. I had the opportunity to earn my undergraduate degree in Information and Communication Technology at Rajarata University of Sri Lanka. At that time, I was drawn to the idea of protecting sensitive data in the digital world by ensuring the safety and privacy of individuals. As I have natural skills of critical thinking, problem-solving and attention to details, which are essential skills in the world of cybersecurity, I am even more passionate for pursuing a career in cybersecurity. As a result, I started my master’s degree in cyber security at Sri Lanka Institute of Information Technology (SLIIT).
Why do you think now is a good time to go into the cybersecurity field?
SGM: I believe we are currently situated in the optimal era to delve into cybersecurity. In this age of technology and the integration of data into everyday processes, the emergence of new adversaries, legal compliance requirements and the imperative for robust data protection make it essential for every organization to address these challenges with the expertise of a cybersecurity professional.
CB: Cybersecurity has become a critical business domain across all industries in the face of a dynamic threat landscape, increasingly sophisticated cyberattacks and nation-state actors.
Organizations are scaling up their cybersecurity maturity and building cases for cyber transformation and resilience to their boards. This creates significant opportunities for both entry-level and experienced cybersecurity professionals.
NR: With the constant evolution of threat actors in all sizes of organizations, it is clear that cybersecurity is an essential tool for continuous business plans within organizations. With the improvement of technology, it is crucial to stay up to date with every possible attack, especially zero-day attacks. Therefore, there is a need for cybersecurity professionals to stay alert with upcoming technologies and cyberattacks. Further, especially in Sri Lanka, I found that there is a cybersecurity talent gap where companies are struggling to find skilled professionals. Therefore, I believe this is a good time to start my cybersecurity journey and help individuals to protect their data online through cybersecurity awareness programs.
What areas of the cybersecurity field do you think are the best fit for your skills and interests?
SGM: Having initially ventured into software development before transitioning into network security, my professional journey has endowed me with a multifaceted skill set. My experiences in these domains have cultivated a security-conscious perspective, guiding my focus on enhancing existing mechanisms and methodologies. I specialize in incorporating secure coding practices, ensuring cloud security, implementing secure DevOps architecture, monitoring and securing APIs, and establishing access and control measures for networks. These areas align seamlessly with my skills and interests in the cybersecurity field. It’s worth noting that I am actively engaged in continuous learning, and I am staying up to date with emerging trends and advancements in the evolving field.
CB: Threat hunting, threat detection and digital forensics are key areas that best fit my skills, having worked in a SOC and as a forensic consultant. I have also harnessed the skills across these domains in both on-prem and cloud enterprise architectures.
NR: I believe my skills and interests align with several areas within the cybersecurity field, especially cloud forensics and cyber forensics. With the rapid improvement of cloud technologies, the need for professionals with cloud forensic skills is increasing. My interest in cyber forensics leads me to the areas of cloud forensics, as there are many challenges to solve. My commitment to continuous learning, analytical mindset and staying up-to date with the latest threats make me a perfect fit for the job role as a cloud forensic investigator.
What are you participating in or have you noticed in your community for cybersecurity awareness month?
SGM: I am volunteering with my local ISACA Kenya Chapter for cybersecurity awareness training. I appreciate the significance of contributing to the community. I find great value in sharing knowledge and providing training on the importance of safeguarding one’s data and privacy. Often, individuals are unaware of the risks that leave them susceptible to external threats like malware, scams, phishing and identity theft in their daily lives. Imparting knowledge that helps them comprehend the workings of these threats and providing them with tools to protect themselves is not only crucial but also personally fulfilling.
CB: Local cybersecurity communities have organized many events for Cybersecurity Awareness Month. For example, SheHacks has announced a call for papers for their HackFest event. Others have organized CTFs (capture the flag competitions) for university students and cybersecurity awareness webinars. Organizations are also sharing security awareness tips with their employees to promote a culture of cybersecurity awareness.
NR: Many organizations and educational institutions have organized workshops and webinars to educate individuals on various aspects of cybersecurity. One of the sessions I am participating in includes a Cybersecurity Awareness Month webinar series conducted by WiCyS Organization. Other than that, I noticed that the ISACA Sri Lankan Chapter also is conducting cybersecurity awareness programs focusing on large companies within Sri Lanka. I also started to publish LinkedIn posts about how to protect our data privacy online.
Cybersecurity Awareness Month has inspired engagement from the community to share knowledge about safer online practices. This reflects the growth of the cybersecurity industry globally in this digital world.
What advice would you give to other students as a next-gen, future leader in the field?
SGM: For the upcoming generation of students entering this field, I recommend nurturing a culture and spirit of continuous learning and exploration. Additionally, they can play a pivotal role in fostering a culture of respect, collaboration, and inclusivity—a space where individuals from diverse backgrounds, perspectives and identities can flourish and contribute as equals. Given the dynamic nature of this emerging field, abundant opportunities and avenues await their valuable contributions, and they are warmly encouraged to join and make a meaningful impact.
CB: I advise aspiring cybersecurity professionals to invest the time and effort to master their chosen security domain. To gain entry into the industry right from college, attend cybersecurity conferences and meetups, network with professionals in the field, and build a portfolio of your work and projects on GitHub. This portfolio will showcase your skills and experience to potential employers.
NR: As a next-gen future leader, I advise fellow students to continue learning and stay up-to date with new technologies. Continuous learning is the key to success. If you want to become an expert in cybersecurity, first build a strong foundation in networks, programming and operating systems. Get engaged with the online community globally and discuss security aspects. Get hands-on experience with cybersecurity tools, ethical hacking and penetration testing. Learn to stay calm under pressure and remember that clear thinking is critical to effective response and mitigation. Cybersecurity is a mission. It protects the privacy of individuals and even national security. Therefore, commit to continuous learning and stay up to date with the evolution of technology.
