• Thursday, May 23, 2024
businessday logo


Confidence Staveley, cybersecurity professional fostering a digitally inclusive, secure landscape in Africa

Confidence Staveley, cybersecurity professional fostering a digitally inclusive, secure landscape in Africa

Confidence Staveley is a celebrated cybersecurity leader, API security professional, talent developer, international speaker, and inclusion advocate.

She has achieved numerous professional certifications and industry recognition.

What sets Confidence apart is her innate ability to merge profound cybersecurity knowledge with impeccable communication finesse. She excels in translating intricate cybersecurity concepts into digestible, jargon-free insights for diverse audiences.

Her unique approach is brilliantly showcased in her YouTube series, “API Kitchen”. Here, she employs culinary metaphors to illuminate API security intricacies. Within its debut season, this series amassed over half a million views across social media, as Confidence masterfully served up a banquet of API security wisdom.

Her exceptional contributions are frequently celebrated. Recently, she clinched the title of ‘Cybersecurity Woman of the World 2023’. Her previous recognitions span awards like the ‘Cybersecurity Woman of the Year’ for both 2021 and 2022, a nod as the International Security Journal 2023 Influencer, a spot in the ‘Top Cyber News 40 under 40 in Cybersecurity’, a LinkedIn Top Voice distinction, and a ranking amongst the ‘Top 50 Women in Cybersecurity Africa’, and so on.

An alumna of globally renowned fellowships such as the 2021 Obama Foundation African Leaders and the International Visitors Leadership Programme (IVLP), Confidence’s voice has echoed across over 120 global platforms, reflecting her expansive influence, and thought leadership.

Beyond her advisory roles on various boards, Confidence Staveley is the driving force behind CyberSafe Foundation, a leading NGO devoted to fostering a digitally inclusive and secure landscape in Africa. She is also the founder of MerkleFence, an Application Security as a Service (ASaaS) consulting company.

Share your influences growing up and how it has impacted you till date

I was raised in a very loving family with low economic means but very strong values. My father for example, is a key reason I am a very confident woman. He made me believe this both in his words and actions. He once told me, “In you, I have ten sons”. I will never forget those words. His believe in my potential and active support has made me into the audacious woman I am today.

My mum on the other hand has her strong influence shown in my entrepreneurship passion. My mum also thought me the power of passion. She once said, “You cannot outperform a passionate person”. This has shaped me in no small way and empowered me to do same for others. If I am half as brave as my parents were, I will be an incredible mother to my biological and non-biological children.

What inspired you to pursue a career in cybersecurity and what has been your journey so far?

I started off my career just wanting to be in technology generally, and so I first got an advanced diploma in software engineering before I went on to get a Bachelor of Science degree in Information technology and business information systems. At this stage, I still didn’t really know much about the field of cybersecurity.

It wasn’t until I enrolled in a master’s programme in Information Technology Management and stumbled upon an elective course in cryptography that I was introduced to the captivating realm of information security, commonly referred to as cybersecurity. Instantly, I was enamored with the idea of protecting our technological advancements, ensuring the security of our society, and fostering innovation in a secure environment.

Under the mentorship of my cryptography lecturer, I embarked on a journey of niching down into the world of cybersecurity through self-learning, experimentation, and practical application. Each step of the way, I found myself drawn deeper into the field, fuelled by a desire to make a meaningful impact and contribute to the safety of our digital world.

Since then, my journey in cybersecurity has been nothing short of exhilarating. Every day brings new challenges, opportunities for growth, and moments of discovery. The fast-paced nature of the field keeps me on my toes, feeding my adventurous spirit and driving me to continuously strive for excellence in cybersecurity.

In this ever-changing cybersecurity landscape, there’s never a dull moment. Also, for someone like me who thrives on excitement and constant learning, it’s the perfect fit.

As a woman in a male-dominated field, what has been some of the unique challenges you have faced and how have you overcome them?

I’ve often found myself underestimated, and in the past, this meant missing out on opportunities that I knew I was fully capable of handling. However, I’ve discovered my own workaround by leveraging social media as a platform to advocate for myself. Now, I attract opportunities, even those I may not feel entirely prepared for, and I embrace the challenges as opportunities for growth.

True to my name, my confidence is unshakeable. Being underestimated in certain circles doesn’t faze me, if anything; it motivates me to overperform, especially when the bar has been set low.

Time poverty and mental overload were significant challenges I faced in the past, hindering my career growth compared to my male counterparts. However, I quickly learnt to ask for help, lean on my community of stakeholders, and delegate tasks on the home front. By bringing everyone on board and openly communicating about the different seasons of my life, I found the support I needed to thrive.

My advice to women in male-dominated industries is to focus inward and disregard the sense of being in the minority whenever possible. Instead, concentrate on honing your skills to the point where you become indispensable. Become so valuable that your contributions can’t be ignored or undermined.

How do you think the cybersecurity industry can better attract, retain and develop female talent? What initiatives have you been involved in to drive gender inclusion?

One effective approach is to invest in initiatives focused on building a skilled pipeline tailored to women and aligning it with the demands of the job market. By training more women and increasing their participation in the cybersecurity workforce, we enhance the prospects of retaining them in senior roles.

Additionally, there is a pressing need for mentoring programmes designed specifically for women, particularly those on the cusp of transitioning to mid-senior or management levels. Many women leave the workforce at this critical juncture due to the inherent challenges of the tech space. With adequate support, we can retain them by assisting them in balancing their various responsibilities or facilitating their re-entry into the workforce when they are ready.

As the founder of the CyberGirls Fellowship, Africa’s largest cybersecurity training and mentorship programme for young women, I am deeply committed to addressing these challenges. Through our annual cohort-based disruptive educational model, we attract young women from diverse backgrounds, provide them with comprehensive cybersecurity training and mentorship, and facilitate their placement in cybersecurity roles. Our programme has reached fellows in over 27 African countries and has yielded remarkable outcomes, with alumni securing positions at Fortune 500 companies and experiencing significant income growth post-graduation.

For us, it’s not just about closing the gender gap in the cybersecurity industry, where women currently represent only 9% of the African cybersecurity workforce. It’s also about leveraging advanced digital skills to uplift the socio-economic status of women. Our programme has been recognised as a model capacity-building initiative by esteemed global organisations such as the World Bank and the World Economic Forum, underscoring the impact of our work in transforming lives and driving positive change.

In your role as a talent developer, what strategies have you found effective for identifying and nurturing emerging leaders, especially women and other underrepresented groups?

I’ve discovered that many women simply need to see themselves first, and then also see themselves represented in leadership roles to ignite their own leadership journey.

Throughout my years of talent development work, I’ve identified three major barriers that women often encounter, coined into the acronym “BAR”: Believe (recognising their potential and power to succeed), Access (obtaining the necessary resources, training, and support), and Representation (seeing relatable leaders in the industry).

My role as a talent developer has been centered on addressing these barriers head-on. The results have been truly remarkable. I’ll never forget the story of a young woman who initially struggled with basic computer skills but, after participating in our programme, emerged as a highly sought-after penetration tester, landing a cybersecurity job without even holding a bachelor’s degree.

Creating supportive communities tailored to women’s needs and providing them with timely support is crucial in achieving equity and unlocking their full potential.

How do you think the cybersecurity skills gap can be addressed, and what is your perspective on the importance of upskilling and reskilling initiatives?

One effective strategy is to harness the power of AI to automate repetitive and labour-intensive tasks, thereby freeing up valuable time and resources of employees to focus on the more important tasks. Additionally, employers should establish thoughtful apprenticeship programmes and prioritise investments in reskilling existing talent within the workforce.

My recommendations primarily focus on employers within the cybersecurity sector, as this field often places a high emphasis on experience. While there is a growing demand for skilled professionals in cybersecurity, there are significant barriers preventing talented individuals from entering and thriving within the industry, including a lack of accessible learning opportunities and healthy work cultures.

Upskilling and reskilling initiatives are vital in the fight against cyber threats, and it’s imperative that we proactively invest in expanding knowledge and adapting to the ever-evolving cybersecurity landscape. By doing so, we can equip individuals with the skills and expertise needed to stay ahead of adversaries and safeguard our digital infrastructure.

Tell us about your book, reason for writing and impact so far

My book titled ‘API Security For White Hat Hackers’, discusses API security, breaking down offensive methods, and giving step-by-step guidance on testing different vulnerabilities. As readers progress, they’ll get into case studies showcasing how to implement APIs securely and learn to think like attackers when dealing with API setups. By the end, they’ll have a solid grasp of API hacking and the skills to tackle various vulnerabilities.

I felt compelled to write this book to raise awareness among organisations about the risks associated with inadequate security measures for Application Programming Interfaces (APIs). APIs serve as the backbone of the internet, facilitating seamless integration between different systems and the exchange of sensitive information. The importance of securing APIs cannot be overstated, and it is my hope that this book will serve as a wake-up call for organisations to prioritise API security in their cybersecurity strategies.

Scheduled for release next month, the book is currently available for pre-order, offering readers the opportunity to gain early access to invaluable insights and practical guidance on API security.

What advice would you give to young women considering a career in cybersecurity or technology more broadly?

Come ladies, we need you. However, do not be naïve of either of the following: the amount of consistent work required to break in or your potential to do hard things. If you love the thrill of non-stop learning, you will love it here.

How have you been able to balance your technical expertise, leadership responsibilities and gender inclusion activism? Share some of the key lessons you’ve learnt along the way?

I absolutely love this question, it’s not one I often get asked in interviews, and I appreciate the opportunity to reflect on it. In my view, the concept is simple yet profound. I firmly believe that I cannot give what I do not have. I am deeply grateful for the multitude of opportunities that allow me to immerse myself in hands-on technical work. Just as sharpening my technical skills through continuous learning is crucial, I also prioritise consuming short-form content that nurtures my growth on my leadership journey, enabling me to empower others to reach their full potential. I have also been part of global leadership programmes that have helped me grow into a value-based leader, for instance, the Obama Africa Leaders.

Moreover, I’ve come to realise that the more I develop personally and professionally, the more I inspire and uplift those around me. This realisation has encouraged me to embrace growth openly, share my successes and failures alike, and use my voice to advocate for positive change. With an active presence on social media, I recognise the impact of each post I make in shaping the future of my industry towards a more inclusive and equitable one that I envision.

Where do you see the future of the cybersecurity field heading, and how can organisations better prepare for the evolving threat landscape?

The cybersecurity landscape is undeniably shifting towards heightened complexity, with cyber threats and defense mechanisms becoming increasingly sophisticated, many of which will be powered by Artificial Intelligence. As we brace ourselves for the arrival of AGI (Artificial General Intelligence) and navigate the transition to a post-quantum digital era, the best practices that serve us well today may not suffice tomorrow.

That said, it’s important that we remain proactive both on an individual and organisational level to avoid becoming easy targets for cybercriminals. One effective approach is to seek guidance from experts or simply ask ourselves, what proactive steps can we take to make it harder for cybercriminals to cause harm to you or your organisation harm?

It’s important to recognise that while we may have concerns about the future, we must prioritise the implementation of non-negotiable security measures that protect our present-day operations. By staying vigilant and continuously improving our cybersecurity posture, we can better protect ourselves and our organisations against emerging threats.

Tell us all we need to know about CyberSafe Foundation, objectives and accomplishments

Cybersafe Foundation is Africa’s leading Non-Governmental Organisation in the digital development domain, on a mission to facilitate pockets of change that ensure inclusive and safe digital access in Africa. We work to improve inclusive and safe digital uptake in Africa, especially for the most vulnerable in our society through our initiatives.

Launched in July 2019 with our flagship initiative #NoGoFallMaga, we have in recent past launched cybersecurity awareness campaigns reaching over 20,000,000 people, organised cybersecurity awareness training for over 4000 SMEs, educating over 11000 employees of these organisations, trained over 90,000 women and girls in 27 African countries, launched Africa’s first storified cybersecurity awareness handbook and possibly Africa’s first afrobeat cybersecurity awareness song and a lot more.

What is MerkleFence about and in what way is it impacting society?

MerkleFence is a US based application security consulting company, leveraging African talent to help global clients unlock effective cyber protection. The work we do is very important because by 2025, a staggering 70% of container attacks will be due to known vulnerabilities that could be prevented, and we’re here to ensure innovative companies around the world who use our services, are part of the proactive 30%. Our mission? We empower our partners to lead in innovation, securely and confidently.

What are you looking forward to achieve or accomplish?

Wow! There’s quite a bit on my plate in terms of goals to achieve. First and foremost, I aspire to raise compassionate, well-rounded, and successful children who contribute positively to society.

Additionally, within the next five years, I envision making significant strides in improving the representation of women in cybersecurity across the continent. My aim is to shift the needle from the current 9% to a more inclusive 25%, fostering a more diverse and equitable industry.

Furthermore, I’m excited about achieving my dreams of establishing or leading a cybersecurity unicorn company. I also want to contribute to reshaping the perception of Nigeria, transforming it from being perceived solely as a cybercrime capital to becoming recognised as a hub of cyber talent, both regionally and globally.

What day will you never forget and why?

The day I won the ‘Cybersecurity Woman of the World’ award in Scotland was truly unforgettable. I had the honour of being nominated and listed as a top 20 finalist, but with such accomplished women in the running, I didn’t dare to think I could win. Despite my doubts, I decided to attend the award event at a stunning castle in Aberdeen, primarily to network and celebrate the achievements of my peers.

When my name was called as the winner, I was utterly stunned, it felt surreal. In that moment, I was filled with a mix of disbelief and overwhelming joy. It remains one of the most remarkable days of my life, and I feel incredibly honoured to have been recognised in such a prestigious way.

Concluding words

There is no better way to close this out but with my personal mantra which goes thus, ‘Good better best, I will never rest, until my good is better, and my better best.’ So help me God.