Program Overview

In today's threat landscape, understanding and monitoring cyber adversaries is essential to bolstering an organization's defenses. This training session, "Building a Research Honeypot and Joining ATCHEDJI," will guide participants through constructing, deploying, and monitoring honeypots designed to attract and observe cyber threats in real-time. Aimed at cybersecurity professionals and incident responders across Africa, this session focuses on practical, hands-on techniques for setting up honeypots using free and open-source tools. Participants will learn how to leverage these tools to collect valuable threat intelligence, analyze malicious behavior, and contribute to a shared African cyber-threat intelligence platform: ATCHEDJI. By the end of this workshop, attendees will have built their own research honeypots, understand the importance of gathering actionable intelligence, and will be invited to join the ATCHEDJI project, a collaborative effort to improve regional cyber defenses by sharing threat data across Africa. This training is designed for members of CSIRTs, SOC analysts, and network defenders who wish to enhance their ability to detect and respond to cyber threats by harnessing the power of honeypots and collective intelligence.

Dona Gracia Junias Bonou is an Information Security professional currently serving as Cybersecurity Research Engineer at CyLab-Africa/Upanzi, where he works on building and managing defensive security infrastructures and conducting security assessments. Junias built a solid DFIR background working with Benin's national CSIRT (bjCSIRT), where he was involved in incident response, digital forensics, and national cyberspace monitoring. His proficiency in CSIRT operations and threat intelligence equips him to assist network defenders in effectively detecting and responding to intrusions. He also has experience in cybersecurity research and capacity-building, including developing Capture The Flag (CTF) content tailored to the African context for regional initiatives like picoCTF-Africa and HackerLab.

Trevor Henry Chiboora is a dedicated Cyber Security Specialist based in Kigali, Rwanda, with extensive experience in vulnerability assessment and penetration testing (VAPT). He earned a Master of Science in Information Technology, specializing in Cyber Security and Computer Networking, at Carnegie Mellon University. As a Research Associate at CyLab Africa, Trevor plays a critical role in conducting cybersecurity research, performing penetration tests, and contributing to the deployment of an advanced Security Operations Center (SOC) using open-source technologies. He is driven by a passion for securing digital environments, and he has demonstrated expertise across network troubleshooting, application security, and endpoint protection.

This one-day training course will focus on building operational resilience in the face of escalating cyber threats. This session aims to equip participants with the tools and strategies necessary to effectively navigate and mitigate cyber crises. The training covers key aspects of cyber crisis management, including the distinction between the incident and a crisis, the main stages of cyber crisis management, and key pillars of building a national cyber crisis management framework and the role of communication and adjusting it to relevant stakeholders. Through a combination of theoretical knowledge, real-life case studies, and practical exercises, attendees will learn how to strengthen their organization's preparedness, ensure continuity, and reduce the impact of cyber incidents.

With an extensive background in IT and cybersecurity, Paulius Dauksas has first-hand experience managing crises in high-stakes environments. During his tenure at one of the largest global banks, he played a key role in the crisis management team, including a major incident where the entire IT infrastructure went down, bringing operations to a halt. At the National Cyber Security Center, Paulius led a project focused on protecting Lithuania's critical information infrastructure (CII) when dealing with third parties. He developed guidelines to ensure that all critical entities operated in a secure environment, establishing clear protocols prior to any collaboration. In addition to his practical experience, Paulius has a university education in International Business Management and International Project Management, and is currently an expert on the cyber capacity building team at NRD Cyber Security.

Živilė Nečejauskaitė is a communications professional, specializing in change and impact communication. She is a co-trainer of the ITU Academy course on Cyber Crisis Management. Živilė has co-organized and co-hosted several cybersecurity capacity building conferences in East Africa Region, called "Cyber Defense East Africa", one of which has focused on national cyber crisis management. She holds a Master's degree in Communication for Development from Malma University in Sweden. Živilė has worked in the public and private sectors in Lithuania and abroad, and has focused on cybersecurity capacity building for the past 7 years. Currently, she dedicates her time to building frameworks for communication during a cyber incident.

This training will expose participants to the fundamentals of cyber attack emulation, including key techniques, tools, and methodologies used to simulate real-world cyber attacks. Participants will also gain hands-on experience using emulation tools in a lab environment. Prerequisites: Basic knowledge of cybersecurity concepts, networking, and command-line interface (CLI).

Nii A. Ankrah is currently at the lead of operations at the Financial Industry Command Security Operations Centre (FICSOC), a Banking and Financial Industry CERT in Ghana. With a robust background in implementing cybersecurity and technology solutions across various sectors, including financial services, telecoms, government, and regulatory bodies, Nii holds certifications such as CISSP and GIAC CTI, underscoring his expertise. In his current role, Nii spearheads operations at the FICSOC and actively works to establish secure collaboration environments for the financial sector to strengthen its cyber resilience. His passion for community impact is evident in his active involvement in cyber capacity-building initiatives, where he plays a pivotal role in mentoring and empowering local and international groups to enhance their cybersecurity capabilities.

The "Defend & Detect: Mastering Network Security Monitoring for Critical Threat Defense" training equips cybersecurity professionals with the skills to effectively monitor and secure network environments. Covering essential tools such as Suricata, Zeek, Strelka, and Wireshark, the session provides participants with a comprehensive understanding of network traffic analysis, system setup, and threat detection. Through interactive workshops and real-world scenarios, attendees will gain hands-on experience, enhancing their technical capabilities. Additionally, the training addresses the legal and ethical considerations of network monitoring, ensuring compliance and integrity in cybersecurity practices.

Howard Mukanda is a seasoned cybersecurity engineer with a robust background in networking and network security monitoring. Currently serving as a Senior Cyber Security Engineer on a Red Team, Howard specializes in adversary emulation and red teaming exercises, leveraging his extensive experience to enhance organizational security postures. Prior to this role, he honed his skills in network security monitoring, ensuring the integrity and safety of complex network systems. Howard's career began with foundational roles such as an IT Systems Administrator and Information Technology Network Administrator, where he managed and secured diverse IT infrastructures. His expertise spans across managing Windows and Linux servers, virtualization infrastructure, and network equipment, providing a solid foundation for his current cybersecurity endeavors. In addition to his professional achievements, Howard is a dedicated educator, teaching a 24-week Cyber Security boot camp at a university. He also shares his knowledge through his YouTube channel, where he explores various cybersecurity topics and techniques. Howard holds several prestigious certifications, including Certified Information Systems Security Professional (CISSP), Cisco Certified Network Professional (CCNP), OffSec Experienced Penetration Tester (OSEP), Certified Red Team Operator (CRTO), and Offensive Security Certified Professional (OSCP), underscoring his commitment to excellence and continuous learning in the field of cybersecurity.

The proposed full-day workshop aims to provide a deeper dive into how to use The Shadowserver Foundation's free threat feeds and other Shadowserver free services more effectively. This will include an overview of different indicators/datasets provided by Shadowserver as part of the free daily data feeds, specific data use cases for incident response, introduction of report severity levels for prioritization, practical hands-on usage of our reports API and free tooling that is available that data consumers can leverage (this includes usage of tools now published on the Shadowserver GitHub - https://github.com/The-Shadowserver-Foundation). We will also provide training and examples of using the open-source IntelMQ (https://github.com/certtools/intelmq - a popular choice for National CSIRTs) to process the data. We will also provide a tutorial on how to use our free public Dashboard (https://dashboard.shadowserver.org) effectively to gain attack surface and threat situational awareness and manage vulnerabilities.

Piotr Kijewski is the CEO and a Trustee at The Shadowserver Foundation, a non-profit organization with a mission of making the Internet a more secure environment. He also manages Shadowserver's large-scale data threat collection and sharing projects, as well as National CSIRT relationships. Piotr has over 20 years of operational experience in cybersecurity and incident response. He headed CERT.PL building up its various security data gathering and analysis projects as well as managing its anti-malware operations, including numerous botnet disruptions. Piotr is also a member of the Honeynet Project (where he has also served on the Board of Directors), a well-known and respected non-profit that is committed to the development of honeypot technologies and threat analysis. Piotr Kijewski is a member of the Management Board of The Hague Chapter of the CyberPeace Institute.

Mr. Lawrence Muchilwa is a highly accomplished professional in the fields of cybersecurity, IT operations, strategy, policy, and stakeholder engagement, with a particular focus on National CSIRTs, critical information infrastructure, cyber threat intelligence, and incident response management. Building on his academic background in Information Systems Technology, and Computer Science, he has over a decade of experience in diverse roles such as senior consultant, subject matter expert, lead trainer, and departmental head. He is currently the African Regional Liaison for the Forum of Incident Response and Security Teams and lead the Research and innovation working group at the Kenya Cybersecurity and Forensics Association.

The presentation gives the importance of web server logs in identifying and analysing web attacks. The concept of web server logs will be addressed, along with their function in documenting many kinds of occurrences on a web server, such as user requests, server responses, failures, and security-related incidents. The presentation next explores the data that is commonly seen in log entries, including timestamps, IP addresses, HTTP methods, URLs, and response codes. This will also look at how web server logs can be examined and deciphered to spot suspicious or malicious activity that could point to a web attack, like odd access patterns, recurrently unsuccessful login attempts, and requests for private or restricted resources. We will be covering a range of log analysis methods and concepts, such as software for log analysis, regular expressions, and human examination. The presentation also goes over best practices for log management and logging, such as how crucial it is to record pertinent data, set log retention guidelines, and protect log files from alteration or illegal access. It highlights how thorough and up-to-date logging procedures facilitate efficient incident response and forensic inquiries in the wake of a cyber attack or security breach. All things considered, the presentation gives the audience members the information and abilities they need to use web server logs as a useful source of data for identifying, looking into, and thwarting online threats. It emphasizes how crucial it is to comprehend and evaluate log data in order to improve the security posture of infrastructure and web applications.

Audrey Mnisi Mireku is a highly experienced cybersecurity professional with over 22 years in the field. She has worked extensively in both the public and private sectors and has held significant roles in cybersecurity governance and risk management. Audrey was part of the team that established Ghana's Cyber Security Authority and contributed to drafting key cybersecurity policies, including the Ghana Cybersecurity Act and the National Cybersecurity Strategy. She also led the operationalization of Ghana's National Computer Emergency Response Team (CERT). Currently, Audrey serves as the Chief Information Security and Risk Officer for the Ghana Association of Banks. She is also involved in several global and regional cybersecurity organizations, such as Women in CyberSecurity West Africa (WiCyS WA) and the Forum of Incident Response and Security Teams (FIRST). Moreover, she is a strong advocate for online safety for children and co-founded the NGO Future Jewels, which focuses on child online protection. She has extensive knowledge in web applications development and security with over 100+ applications tested and reported for remediations.

Eric Sowah Badger is a proven Cybersecurity Professional with experience in Ethical Hacking, Penetration Testing, Red Team Operations, Vulnerability Assessment, Application Security, etc. He is currently the Senior Manager, Security Operations Center at Consolidated Bank Ghana(CBG) and also does voluntary lecturing at some universities in Ghana in the field of Forensics and Ethical Hacking. Eric commands experiential knowledge in security threats and response, a CTF player and creator and a professional speaker on cybersecurity related topics. He is a Master of Science in Cybersecurity and Digital Forensics holder at GIMPA and also holds a Bachelor's degree in Information Technology (BSc. IT) from Methodist University College Ghana, a Higher National Diploma (HND) in Computer Science, and some international certifications in Cybersecurity. Some of which includes: Certified Red Team Operator(CRTO), Practical Network Penetration Tester(PNPT), eLearnSecurity Certified Professional Penetration Tester(eCPPT), Certified Red Team Professional(CRTP), eLearnSecurity Web Application Penetration Tester eXtreme(eWPTX), eLearnSecurity Junior Penetration Tester(eJPT), Certified Application Security Practitioner(CAP), Certified Network Security Practitioner(CNSP), Certified Professional Ethical Hacking(CPEH), Certified Security Professional(CSP+), Prince2 Foundation for Project Management.

Mr. Lawrence Muchilwa is a highly accomplished professional in the fields of cybersecurity, IT operations, strategy, policy, and stakeholder engagement, with a particular focus on National CSIRTs, critical information infrastructure, cyber threat intelligence, and incident response management. Building on his academic background with a PhD in progress, a Master's in Information Systems Technology, and a Bachelor's in Computer Science, he has over a decade of experience in diverse roles such as senior consultant, subject matter expert, lead trainer, and departmental head. He is currently the African Regional Liaison for the Forum of Incident Response and Security Teams

Mafoko Lebogang is a forward-thinking cybersecurity professional with over 6 years of experience in security operations. Specializing in incident management, security architecture design, risk analysis, and security automation, he has led initiatives that enhance cybersecurity frameworks and processes. As a Senior CSIRT Analyst at Botswana Communications Regulatory Authority, he plays a key role in security framework development, SIEM customization, digital forensics, and stakeholder collaboration. Notably, Lebogang has been instrumental in establishing Botswana's National CSIRT and spearheading ransomware prevention projects for critical infrastructures. He holds a Bachelor of Science (Hons) in Network Security and Computer Forensics from Botho University and is certified in SIM3, while also pursuing CISSP, OSCP, and CEH Practical certifications. He is currently the Cyber Security Risk Manager for Absa Bank Botswana .

This topic focuses on achieving real-time visibility into critical cybersecurity threat intelligence beyond the typical IoCs and includes indicators of attack (IoA), Indicators of exposure (IoE), and Indicators of warning (IoW). By detecting, monitoring, and mitigating these indicators, organizations can proactively identify and mitigate threats, not only for their own infrastructure but also for their CERT members and third-party partners. Real-time insights into attack vectors and exposure risks enable a coordinated defense approach, enhancing overall security posture and resilience against potential cyber threats. This is a data-centric approach, without any installation or configuration of tools on your network, yet gaining visibility into data specific to you.

Mirza Asrar Baig is the Founder and Chief Executive Officer of CTM360, and is the visionary behind developing the Digital Risk Protection stack that embodies the concept of the company. His focus remains on building a highly scalable platform with the vision "Build Locally, Scale Globally", and he believes in empowering the Arab World to be recognized as a leader in technology research and development. Mirza is a Computer Science graduate from King Fahd University of Petroleum and Minerals (KFUPM - Dhahran, Saudi Arabia). His educational background underscores his deep commitment to research and innovation. With over 30+ years of experience serving the Information Technology and Cybersecurity requirements of the GCC Financial Sector and government bodies, he is playing an instrumental role in safeguarding the region's digital landscape. Mirza is actively contributing to the region through speaking engagements and providing invaluable insights into threats specific to GCC organizations. His passion for advancing cybersecurity in today's digital age has left an indelible mark, reflecting his dedication to enhancing cybersecurity and resilience globally. CTM360's technology platform is primarily data-driven and is on track to profile all organizations across the world leveraging public domain data. The technology enables aggregate analytics and real-time cybersecurity posture on industries, countries, and regions. Mirza is now on a mission to have his technology recognized as the go-to choice for regulators as well.

This workshop aims to train participants on how to use the KINDNS framework to assess DNS infrastructures and operations for their own organization or third party organization and how they can incorporate KINDNS framework in their cybersecurity tools.

Yazid AKANHO has joined ICANN Org as Technical Engagement Specialist for Middle East and Africa (MEA). His main role is to support ICANN org’s technical engagement efforts in the region (trainings, promote DNS standards and best practices, promote research, …). He reports to Adiel Akplogan, VP Technical Engagement at the Office of the Chief Technology Officer.

Yazid’s professional career started at Benin Telecoms, the national telecom operator, where he worked in data transmission engineering and contributed to the design of FTTx and 4G LTE network projects, before joining MTN Benin where he held several roles including technical lead on several projects.

As a previous ICANN community member, Yazid has been an active Internet evangelist at various forums such as the Benin DNS Forum, fellow researcher at AFRINIC, Universal Acceptance Steering Group, ISOC Benin, AFRALO, Non-commercial Users Constituency (NCUC), and Non-commercial Stakeholder Group (NCSG) where he has contributed to several initiatives across these groups. Yazid has also served as vice-president of ISOC Benin Chapter.

Learn how Work Force Development self-assessment tools can be used to improve how your organization hires staff and manages their training and development. The WFD tools cover job tasks and skills required to perform daily work activities along with Cyber Incident Response roles. There are 22 WFD Self-Assessment for roles in: OT, Cybersecurity, IT, and NIMS/ICS. These self-assessment tools will enable your company to: Complete a self-assessment of skills required to ensure your staff can perform tasks required for their job(s); And develop plans to address skill gaps. Ensure staff are available to perform ICS4ICS and Cyber Incident Response job functions and identify staffing alternatives like: Vendors of systems and components, System Integrators or other consultants, Service Providers for specialty functions (like for forensics), and/or Reciprocal Agreements with other similar companies.

Brian Peterson is an Information Risk Consultant who works for ISAGCA as the ICS4ICS Program Manager. He also works for other companies as a program and project manager and conducts research related to IT systems, applications, and SCADA/DCS systems, such as those used in the oil and gas, manufacturing, and other industry sectors.

Dr. Shane Stailey is an inventor, author and multi-technical practitioner educated and trained in multiple facets of security to include OT, IT, Physical Security and Cybersecurity. He specializes in cybersecurity workforce development combining years of field experience with designing, teaching and applying technical and cyber curriculum at multiple universities and colleges since 2013 while working in full time technical and/or cyber jobs.