Think Globally, Act Locally

One of the three trends I wrote about at the beginning of 2022 is the shifting of cybersecurity org charts. One of the strategies companies employ is to tap into previously unharvested talent pools, particularly under-represented demographics such as women and people of color. That strategy simultaneously addresses the global skills shortage and helps diversify cybersecurity teams, which is good for business and social value.

In 2021, Security Innovation (SI) helped Cyversity and Google create a red teaming scholarship program. It put over 150 people who were either unemployed, students, or wanted to transition into cybersecurity through an intense training regimen. The program included online courses, hands-on labs, and instructor-led hacking challenges on a live application deployed on SI's CMD+CTRL cyber range. Other elements of the scholarship program helped remove common barriers to obtaining a job in cybersecurity, e.g., access to a network of professionals, resume writing and mock interview workshops, industry certification, and the ability to enroll in a formal mentorship program. Because many hiring organizations have dropped the requirement of a 4-year degree for cybersecurity jobs, the scholarship program provided well-rounded professional development for net-new cyber talent.

The red team scholarship had representatives from 13 countries, 71% of whom were unemployed in the field before the program. It also had 45% women, which is very encouraging given that the industry average is ~18%, according to the Ponemon Institute. One of the recipients (the only one from West Africa) was a young man, Joshua Offe Berkoh, who landed a job due to his total commitment to the program and learning as much as possible.

But this admirable fellow didn't stop there. He wanted to help others, just as this scholarship had helped him. Because I was one of the people he connected to as part of the program, he reached out to me and asked how he could help his local community of friends and colleagues interested in cybersecurity.

Joshua Offe Berkoh"I want to help people in Ghana who would otherwise never get access to such great education and job-ready skills. My goal is to raise security awareness and bring career development opportunities to my peers, many of whom are struggling to get their first jobs in security."

Joshua told me he could identify 50 people in his immediate community that would be keen to participate in a similar program. We love working with motivated people like this! I told Joshua that if he organized the group, we would build a similar program to what we did with Cyversity and Google, including a full day of instructor-led cyber range training on-site in Accra. It took him less than two weeks to get commitment from 50 people; I was duly impressed. The single pebble from the Cyversity scholarship that landed in Ghana in 2021 had created ripples that now engulfed 50 more people keen on entering the cybersecurity industry. This reinforces the multiplier effect that we often hear – think globally, act locally. I never imagined we'd have such an impact when we first envisioned the scholarship program. But we touched one life, honed their cyber skills, and helped pivot their life (he went from unemployed to working in cybersecurity and getting accepted to a master's degree program in the US!) That person then wants to help others… and the ripples continue to expand.

Below is a basic outline of the program SI made for Joshua's cyber cadets. We're calling it the AppSec JOB Challenge – Ghana (with JOB standing for both employment and the program founder's initials). Leveraging a combination of courses, labs, and cyber range exercises, this program will help 50 people develop job-ready skills for entry-level positions in AppSec, InfoSec, and Software Engineering:

  • Full 6-month Application Security Analyst (ASA) training and certification program
  • 50 participants throughout Ghana
  • Intense 3-month training with online courses and hands-on learning labs
  • Live instructor-led hacking event in Accra on July 2, followed by three months of access to CMD+CTRL Cyber Range and advanced courses for continued learning and practice
  • All delivered at zero cost to recipients
security-innovation-ghana-appsec-challenge-winner

Joshua Sechie-Otsabah
Hacking Challenge Winner

The on-site cyber range training in Accra was a huge success.

2 of the 3 top finishers were women
The gracious winner (Joshua) wrote a heart-felt LinkedIn post that I'll treasure forever:

“These sessions helped me gain more insight about how to develop more secure Apps as well as testing for software vulnerabilities. Thanks to the whole Security Innovation team for giving Ghanaians the opportunity.”

Program Participant Spotlight: Audrey Mengue

audrey mengueAudrey is a software engineer at Turntabl Ghana Limited. She lacks security skills but feels security is important and deserves the closest attention in this ever-digital world. Very interested in learning security – everything from knowing how attackers operate to effectively protecting users or coming up with techniques to counterattack.

"My primary objective is to learn, learn, and learn. I look forward to having access to current content and being trained by experts in the field. I am especially excited to hack with my peers - having a session where we will put everything we have learned into practice will be rewarding. I am convinced this program will shape the way I build more robust software and take my skills to the next level."

Ripple Effect – Here We Come, Zimbabwe

These are the types of programs that seem to get attention… we've already been approached to offer a similar program in Zimbabwe in conjunction with the Computer Society of Zimbabwe. Who's spearheading that initiative, you may wonder? A young woman who was a Cyversity-Google red team scholarship recipient in 2021. News travels fast!


About Ed Adams, CEO
Ed Adams is a software quality and security expert with over 20 years of experience in the field. He served as a member of the Security Innovation Board of Directors since 2002 and as CEO since 2003. Ed has held senior management positions at Rational Software, Lionbridge, Ipswitch, and MathSoft. He was also an engineer for the US Army and Foster-Miller earlier in his career.

Ed is a Ponemon Institute Research Fellow, Privacy by Design Ambassador by the Information & Privacy Commissioner of Canada, Forbes Technology Council Member, and recipient of multiple SC Magazine’s Reboot Leadership Awards. He sits on the board of Cyversity, a non-profit committed to advancing minorities in the field of cyber security,  and is a BoSTEM Advisory Committee member.