Staveley: Redefining Gender Inclusivity, Cybersecurity and Africa’s Tech Future
Africa’s most celebrated female #cybersecurity leader and inclusion advocate, Confidence Staveley, in this exclusive interview with Nosa Alekhuogie, discusses her multifaceted roles in the industry, the landscape of cybersecurity in Africa, and positioning Africa as a tech powerhouse. From simplifying complex cybersecurity concepts to fostering talent across the African continent, Staveley has been a trailblazer in redefining Africa’s place in global technology. Excerpts:
IofCould you tell us a bit about yourself?
am Confidence Staveley, and I refer to myself as the relatable cybersecurity queen. This title has grown from my knack for simplifying complex cybersecurity concepts in a way that is understandable by odyssey all types. I proudly consider myself Africa’s most celebrated female cybersecurity leader because I have lost track of how many awards I have won. I am also the author of a book called API Security for White House Hackers. I enjoy building talent, so I’m generally building talent from the African continent, cybersecurity talent specifically. I’m very passionate about gender inclusion in tech, given the huge disparity in terms of gender, when it comes to the African continent especially, but globally speaking, it’s still a gender issue in tech, in the African continent, and even in cyber, you can see a really wide margin. I am very passionate about closing that gap and that’s a core part of the work I do.
I am also the founder of cybersafe Foundation, which is a leading, non-governmental organisation that is devoted to fostering a digital inclusive and secure landscape in Africa.
Our core area of focus is building capacity in terms of cyber skills and building awareness around cyber risk on the continent. We focus on minority groups like women that are vulnerable and feel left behind.
I don’t want women to get jobs because of their gender but because they are skilled.
Do you think the cybersecurity industry is dominated by men?
The cybersecurity domain is heavily male-dominated, presenting a systemic issue across many regions globally.
But let me give you some numbers so we have some context to this. Globally speaking, women are a minority in the cybersecurity industry. We are estimated to be about 25% women in my industry globally. If you want to look at how many of those women are black, women of colour, or Hispanic, the exclusionary pattern intensifies.
But if you bring it back to the African continent, despite women constituting half of the population, they make up 25% of the cybersecurity workforce, and globally, they make up merely 9% of the cybersecurity workforce. This stark contrast means that 91% of cyber-related or cybersecurity jobs in Africa are held by men.
Now, that is not necessarily telling of the fact that women are discriminated against. I do not exactly feel that is the reason. There are just systemic issues that have made that happen.
Similarly, certain domains, like nursing, are dominated by women, leading men to feel similarly excluded and that is what is happening with cyber.
Education access, a fundamental barrier, significantly contributes to these disparities, particularly in Africa, where unequal educational opportunities persist as a significant challenge.
As a prominent cybersecurity leader in Africa, how have you managed to navigate challenges related to gender inequality?
In cybersecurity, unlike many other fields, success is not heavily tied to factors like race, colour, or gender. It is about expertise and capability: can you perform the job? Do you possess the necessary skills? However, barriers like limited access can impede skill development. When equipped with the right skills and able to demonstrate competence, individuals stand on equal footing with their male counterparts. Despite the industry sometimes resembling a boys’ club, what I have concentrated on as a person is showcasing competence and showing up as a person of value.
Concentrating on these positive aspects has enabled me to overlook barriers and reaffirm my worth.
Earlier in my journey, I encountered doubts regarding my skills and capabilities, subtle yet impactful. For instance, if both a white male and I claimed expertise as ethical hackers, the default belief often favoured him. To counter such nuances, I have consistently emphasised my strengths, working towards a future where these doubts become obsolete. Instead, the emphasis shifts to what I can contribute and offer without question.
What do you envision as the future of cybersecurity in Nigeria, and how would you assess our current position in the field as a nation? Can you provide a brief overview of Nigeria’s cybersecurity landscape?
Nigeria has grown in leaps and bounds as it has to do with technology, and this extends across the entire African continent. The digital leap has been substantial, witnessed in telecoms, IT infrastructure, and the burgeoning startup ecosystem, largely bolstered by government policies. Assessing this landscape, digital technology infrastructure has notably expanded, particularly in telecoms with substantial investments, increased mobile phone penetration, and amplified internet usage. This connectivity is pivotal, not just for accessing services and products but also for enabling virtual learning and driving prosperity through digital technology.
Additionally, Nigeria has seen rapid growth in software development and digital services, evolving into a hub for tech startups and innovations. Notably, Nigeria boasts numerous unicorns and there is data to prove that showcasing the nation’s wealth of young, tech-savvy individuals.
Speaking as a continent as well, we are the youngest continent in the world. The continent’s youthfulness has generated vast opportunities, fostering a booming startup and entrepreneurship ecosystem. Fintech, e-commerce, agritech, health tech, edtech, and proptech sectors are thriving.
There are notable government initiatives, innovation hubs, educational programs, and an upsurge in STEM education, particularly in private schools and after-school activities. However, despite these advancements and increased integration with global markets, cybersecurity remains a significant challenge. Insufficient investments in cybersecurity posture persist, with many organisations prioritising compliance over a genuine duty of care.
As technology adoption surges, there is a lack of consciousness about the associated risks, leading to inadequate protection measures. The gap between innovation pace and cybersecurity readiness is evident, where technological advancements race ahead while cybersecurity measures lag. To truly integrate cybersecurity into innovation, a shift is necessary—making security an inherent part of service deployment, product development, and business operations.
We are innovating at the speed of a cheetah, and we are securing it at the speed of a snail. There is a critical need to align our speed of innovation with an equally swift pace of cybersecurity adaptation to ensure that our tools, services, and business practices are inherently secure by design.
How do you anticipate innovative methods shaping the future of cybersecurity in Nigeria, particularly with the integration of technological advancements such as machine learning, Artificial Intelligence (AI), and the Internet of Things (IoT)? How might these advancements impact the cybersecurity stance of organisations in Nigeria?
Nigeria is quite a sponge at this time in terms of technology. We are taking in quite a lot, and this is bringing both opportunities and challenges.
The biggest challenge I foresee is the expanding attack surface. As technology evolves and introduces new competitive arenas, it inadvertently widens the avenues for potential attacks. For instance, IoT devices significantly increase the entry points for attackers within an organisation due to their vulnerability stemming from weak security protocols. Therefore, Nigerian organisations embracing IoT devices must ensure their secure integration into their networks and implement best practices around them. This is evident in scenarios like smart cities or healthcare, where the adoption of IoT technology demands rigorous security measures.
Moreover, the proliferation of AI correlates with the ascent of sophisticated cyber threats. The automation of attacks through AI amplifies their speed and efficiency, heightening the probability of successful breaches. Nigerian organisations should brace themselves for more advanced and potentially more detrimental cyber threats.
However, it is crucial to view AI not only as a potential risk but also as a defence asset. Encouraging young talents to acquire AI skills becomes imperative as they innovate AI solutions that bolster cybersecurity defences. These AI-driven solutions can excel in anomaly detection and predictive analytics, enhancing cyber defence strategies. Investing in AI-powered cybersecurity solutions could revolutionise how threats are addressed and mitigated.
Amid technological advancements, it is pivotal to harness the potential of the young population, converting them into global assets. Balancing technology adoption with robust cybersecurity measures is vital. This approach ensures that while we embrace technological progress, we also effectively manage associated risks.
So, for Nigerian organisations, there’s a need to invest in AI-driven cybersecurity solutions that could be a game-changer to respond to threats and mitigate cyber threats.
What do you foresee for cybersecurity in 2024?
I would say 2023 was quite an interesting year. I projected a couple of things to happen and a lot of them happened. Looking ahead to 2024, I anticipate a surge in AI and automation being harnessed for both cyber attacks and defence mechanisms. Ransomware attacks will continue to grow, but concerted cross-border collaborations between governments and private sectors are poised to curb these strikes swiftly. Government backing will intensify efforts to prevent double extortion scenarios and facilitate data retrieval for affected organisations.
Exploiting vulnerabilities within IoT devices is expected to become more prevalent. Despite the focus on sophisticated cybersecurity measures, many African businesses that have not prioritised cybersecurity could fall victim to attackers leveraging simple entry points.
Emphasising basic cyber hygiene practices becomes crucial for organisations. The adoption of 5G technology may bring about widespread security challenges due to its increased speed and connectivity, potentially enabling innovative solutions or more complex attacks.
Supply chain attacks, targeting larger businesses via their smaller service providers, are foreseen to rise. Attackers will exploit third-party vendors or software to access multiple targets through a single entry point.
Additionally, 2024 is anticipated to witness a surge in deep fakes and disinformation campaigns, especially in the context of upcoming global elections. These deceptive audio and video contents will likely fuel misinformation campaigns and social engineering exploits.
The global cybersecurity skills gap remains a concern and may contribute to cyber attacks. Bridging this gap by training more personnel and preparing organisations is vital, especially in the face of increasing nation-state attacks sponsored by governments to drive espionage or disrupt markets. Securing the cloud will be another focal point as more organisations transition to cloud-based solutions. The demand for robust tools and strategies to safeguard cloud deployments is expected to escalate.
What do you consider to be the primary cybersecurity challenges currently encountered by both the public and private sectors?
The answer to that question might vary depending on the perspective you are seeking. Particularly from the end user’s standpoint, the predominant challenge revolves around phishing and social engineering attacks. These deceptive tactics aim to coax individuals into divulging sensitive information, a scenario frequently encountered by both public and private sector entities in Nigeria. While financial losses make headlines, data breaches resulting from these attacks often go unreported.
Ransomware and malware attacks continue to pose significant threats in Nigeria, exemplified by a supply chain attack last year affecting a major Nigerian company. The proliferation of such malicious software can severely disrupt operations and compromise data security.
Moreover, weak cybersecurity infrastructure plagues numerous Nigerian organisations. Outdated security systems, inadequate network security, and insufficient endpoint protection render these entities highly vulnerable to cyber threats.
Data protection and privacy present another challenge, especially given the escalating volume of collected and processed data. Ensuring compliance with regulations and implementing robust data privacy measures, particularly with the introduction of the Data Protection Act, remains a pressing issue that demands immediate attention and implementation.
How do you manage the balance between your work and family life?
I do not believe in the traditional concept of worklife balance, especially for entrepreneurs, particularly female entrepreneurs. Instead, I advocate for work-life integration. It is crucial to recognise and adapt to different seasons in life, allocating focus and energy accordingly.
For instance, in the past three weeks, I have been enjoying basking (with) my family. I also had a season last year where I spent three weeks away from my family in different countries and just kept up with digital technology.
Understanding the power of community has been pivotal for me. Choosing the right life partner who supports my aspirations and comprehends our shared mission has been instrumental in maintaining both a thriving career and a well-managed household. It is through this community support, particularly from my spouse, that I can navigate the challenges of my demanding career. Outsourcing tasks that are not aligned with my strengths and utilising money as a tool to empower and aid in these endeavours has been a key strategy.
I say that money is a tool for every woman that is climbing the ladder in her career. It is not just to be stacked, it is supposed to serve and help you. Recognising that I am not a superhuman, I readily seek and invest in assistance when needed.
In a challenging field like mine, effective communication is crucial. Being a woman in this domain means constantly communicating and advocating for the work I do. This approach, combined with community support and strategic use of resources, has allowed me to excel in my career despite its demanding nature.
What guidance would you offer to young women interested in entering the technology sector?
I would like to share some guiding principles that have shaped my journey and can serve as advice for those interested. But the first thing I’m going to say is, it is world class or nothing.