Program Overview

Africa’s booming digital economy is vulnerable to rising cyber threats, risking critical sectors like finance, healthcare, and government services. Bug bounty programs present a practical and scalable solution, enabling ethical hackers to identify and fix vulnerabilities in exchange for rewards. These programs can empower Africa’s tech-savvy youth, providing income opportunities and fostering advanced cybersecurity skills. Beyond securing digital infrastructure, bug bounties build trust in online platforms, attract international investment, and align local organisations with global security standards. By adopting bug bounty programs, Africa can secure its digital future while creating a thriving ecosystem of innovation and resilience.

Judy Ngure is an accomplished information security expert with extensive international experience. Currently, she works as a Senior Information Security Engineer and interim CISO at Sabi. She also serves on the advisory boards of Nigeria’s CyberSafe Foundation and Kenya's Beba-Beggie, a provider of smart storage e-lockers, Judy was named to the 40 Under 40 List of Women in Cybersecurity by The Cyber Express and is recognized among the top 50 African women in cybersecurity. Previously, she held the position of VP of Data and Information Security at Africa's Talking, where she led security initiatives, developed policies, conducted risk assessments, and oversaw incident management.

Ms Halima Letamo heads the ITU area office for Southern Africa. She is a seasoned ICT professional with over 25 years work experience. Ms Letamo worked within the ITU for the past 10 years prior to this appointment, managing global initiatives aimed at the implementation of the ITU capacity development portfolio, focusing on skills development of ICT professionals, institutional capacity development for ITU Member States and basic digital skills development for underserved communities. She has facilitated the World Summit on the Information Society Action line C4 for the past 9 years driving global policy dialogue and facilitated capacity development of ICT professionals in topics such as AI, e-Applications, e- health, e-agriculture, e-learning, ICT policy and regulation, cyber security, spectrum management and emergency telecommunications among others. She has experience in the implementation of resource mobilisation strategies, project management for development organisations, strategic management and has served in executive boards of global organisations such as the Commonwealth Telecommunications Organisation.
Prior to her work at the ITU, Ms Letamo worked for the Botswana Telecommunications Corporation, a Telecommunications national incumbent. Her footprint in the organisation can be traced to the privatisation process of the company where she headed the department dealing with process re-engineering, change management and talent management streams of this process. Ms Letamo has also worked for UNESCO, within the Education Sector where she supported advocacy for UNESCOs standard setting instruments. She has also worked for the Education regulator and the Botswana Government. She holds a bachelor's degree in Demography and Environmental Science, covering Remote Sensing and Geographical Information Systems, Masters degree in Education, a Masters degree in Business Administration as well as several professional certifications. She is from Botswana, married and has a son and a daughter.

This talk delves into the unique journey of engaging with national CSIRTs across Africa, offering an a unique, practical perspective on their challenges, successes, and the opportunities that lie ahead. The talk aims to inspire dialogue around how African CSIRTs can enhance their operational effectiveness through regional partnerships, knowledge-sharing, and tailored training initiatives.

Eric Akumiah is a seasoned cybersecurity trainer with a strong background in community development, cybersecurity policy, and CSIRT management. As the founding manager of CERT-GH, Ghana's national CSIRT, Eric was the Ghana focal person on CSIRT for the United States Government (USG) - Government of Ghana (GoG) Security Governance Initiative (SGI) and worked with the Software Engineering Institute (SEI) team to develop several aspects of the operations framework of CERT-GH. As consultant to World Bank ICT projects in Ghana, Eric contributed to the development of government ICT and cybersecurity infrastructure leading the development of several cybersecurity interventions including developing the national cybersecurity policy and strategy and was instrumental in setting up the government and communications sector CSIRTs in Ghana.

Mr. Lawrence Muchilwa is a highly accomplished professional in the fields of cybersecurity, IT operations, strategy, policy, and stakeholder engagement, with a particular focus on National CSIRTs, critical information infrastructure, cyber threat intelligence, and incident response management. Building on his academic background in Information Systems Technology, and Computer Science, he has over a decade of experience in diverse roles such as senior consultant, subject matter expert, lead trainer, and departmental head. He is currently the African Regional Liaison for the Forum of Incident Response and Security Teams and lead the Research and innovation working group at the Kenya Cybersecurity and Forensics Association.

In today's threat landscape, understanding and monitoring cyber adversaries is essential to bolstering an organization's defenses. This training session, "Building a Research Honeypot and Joining ATCHEDJI," will guide participants through constructing, deploying, and monitoring honeypots designed to attract and observe cyber threats in real-time. Aimed at cybersecurity professionals and incident responders across Africa, this session focuses on practical, hands-on techniques for setting up honeypots using free and open-source tools. Participants will learn how to leverage these tools to collect valuable threat intelligence, analyze malicious behavior, and contribute to a shared African cyber-threat intelligence platform: ATCHEDJI. By the end of this workshop, attendees will have built their own research honeypots, understand the importance of gathering actionable intelligence, and will be invited to join the ATCHEDJI project, a collaborative effort to improve regional cyber defenses by sharing threat data across Africa. This training is designed for members of CSIRTs, SOC analysts, and network defenders who wish to enhance their ability to detect and respond to cyber threats by harnessing the power of honeypots and collective intelligence.

Dona Gracia Junias Bonou is an Information Security professional currently serving as Cybersecurity Research Engineer at CyLab-Africa/Upanzi, where he works on building and managing defensive security infrastructures and conducting security assessments. Junias built a solid DFIR background working with Benin's national CSIRT (bjCSIRT), where he was involved in incident response, digital forensics, and national cyberspace monitoring. His proficiency in CSIRT operations and threat intelligence equips him to assist network defenders in effectively detecting and responding to intrusions. He also has experience in cybersecurity research and capacity-building, including developing Capture The Flag (CTF) content tailored to the African context for regional initiatives like picoCTF-Africa and HackerLab.

Trevor Henry Chiboora is a dedicated Cyber Security Specialist based in Kigali, Rwanda, with extensive experience in vulnerability assessment and penetration testing (VAPT). He earned a Master of Science in Information Technology, specializing in Cyber Security and Computer Networking, at Carnegie Mellon University. As a Research Associate at CyLab Africa, Trevor plays a critical role in conducting cybersecurity research, performing penetration tests, and contributing to the deployment of an advanced Security Operations Center (SOC) using open-source technologies. He is driven by a passion for securing digital environments, and he has demonstrated expertise across network troubleshooting, application security, and endpoint protection.

This one-day training course will focus on building operational resilience in the face of escalating cyber threats. This session aims to equip participants with the tools and strategies necessary to effectively navigate and mitigate cyber crises. The training covers key aspects of cyber crisis management, including the distinction between the incident and a crisis, the main stages of cyber crisis management, and key pillars of building a national cyber crisis management framework and the role of communication and adjusting it to relevant stakeholders. Through a combination of theoretical knowledge, real-life case studies, and practical exercises, attendees will learn how to strengthen their organization's preparedness, ensure continuity, and reduce the impact of cyber incidents.

With an extensive background in IT and cybersecurity, Paulius Bagdonas has first-hand experience managing crises in high-stakes environments. During his tenure at one of the largest global banks, he played a key role in the crisis management team, including a major incident where the entire IT infrastructure went down, bringing operations to a halt. At the National Cyber Security Center, Paulius led a project focused on protecting Lithuania's critical information infrastructure (CII) when dealing with third parties. He developed guidelines to ensure that all critical entities operated in a secure environment, establishing clear protocols prior to any collaboration. In addition to his practical experience, Paulius has a university education in International Business Management and International Project Management, and is currently an expert on the cyber capacity building team at NRD Cyber Security.

Živilė Nečejauskaitė is a communications professional, specializing in change and impact communication. She is a co-trainer of the ITU Academy course on Cyber Crisis Management. Živilė has co-organized and co-hosted several cybersecurity capacity building conferences in East Africa Region, called "Cyber Defense East Africa", one of which has focused on national cyber crisis management. She holds a Master's degree in Communication for Development from Malma University in Sweden. Živilė has worked in the public and private sectors in Lithuania and abroad, and has focused on cybersecurity capacity building for the past 7 years. Currently, she dedicates her time to building frameworks for communication during a cyber incident.

This training will expose participants to the fundamentals of cyber attack emulation, including key techniques, tools, and methodologies used to simulate real-world cyber attacks. Participants will also gain hands-on experience using emulation tools in a lab environment. Prerequisites: Basic knowledge of cybersecurity concepts, networking, and command-line interface (CLI).

Nii Ankrah has a robust background in implementing cybersecurity and technology solutions across various sectors, including financial services, telecoms, government, and regulatory bodies. Nii holds certifications such as Certified Information Systems Security Professional (CISSP) and GIAC Cyber Threat Intelligence (CTI), underscoring his expertise. His passion for community impact is evident in his active involvement in cyber capacity-building initiatives, where he plays a pivotal role in mentoring and empowering local and international groups to enhance their cybersecurity capabilities.

The "Defend & Detect: Mastering Network Security Monitoring for Critical Threat Defense" training equips cybersecurity professionals with the skills to effectively monitor and secure network environments. Covering essential tools such as Suricata, Zeek, Strelka, and Wireshark, the session provides participants with a comprehensive understanding of network traffic analysis, system setup, and threat detection. Through interactive workshops and real-world scenarios, attendees will gain hands-on experience, enhancing their technical capabilities. Additionally, the training addresses the legal and ethical considerations of network monitoring, ensuring compliance and integrity in cybersecurity practices.

Howard Mukanda is a seasoned cybersecurity engineer with a robust background in networking and network security monitoring. Currently serving as a Senior Cyber Security Engineer on a Red Team, Howard specializes in adversary emulation and red teaming exercises, leveraging his extensive experience to enhance organizational security postures. Prior to this role, he honed his skills in network security monitoring, ensuring the integrity and safety of complex network systems. Howard's career began with foundational roles such as an IT Systems Administrator and Information Technology Network Administrator, where he managed and secured diverse IT infrastructures. His expertise spans across managing Windows and Linux servers, virtualization infrastructure, and network equipment, providing a solid foundation for his current cybersecurity endeavors. In addition to his professional achievements, Howard is a dedicated educator, teaching a 24-week Cyber Security boot camp at a university. He also shares his knowledge through his YouTube channel, where he explores various cybersecurity topics and techniques. Howard holds several prestigious certifications, including Certified Information Systems Security Professional (CISSP), Cisco Certified Network Professional (CCNP), OffSec Experienced Penetration Tester (OSEP), Certified Red Team Operator (CRTO), and Offensive Security Certified Professional (OSCP), underscoring his commitment to excellence and continuous learning in the field of cybersecurity.

This session will explore the detection of advanced post-exploitation techniques targeting Active Directory environments, focusing on credential dumping, Kerberoasting, and long-term persistence through techniques like Golden and Silver Ticket attacks. Attendees will learn how to configure and use ELK (Elasticsearch, Logstash, and Kibana) as a Security Information and Event Management (SIEM) solution to identify key indicators of compromise and analyze suspicious activities. The session will cover the setup of detection rules and dashboards to monitor anomalies, helping organizations enhance their defenses against post-exploitation threats in real time.

Emmanuel Hemadou: I'm a Cybersecurity Analyst at bjCSIRT, leading the Incident Response team. I have a degree in Computer Security and hold OSCP and eWPTX certifications. Currently, I'm overseeing the technical aspects of Hackerlab, a CTF competition held annually in Benin, and I'm also involved in organizing the NextGeninCyber CTF which will be held as part of this symposium.

This presentation will discuss considerations for developing a Sectoral CERT ecosystem as part of the wider national cybersecurity strategy. It will also highlight some key learnings from Ghana’s approach.

Stephen Cudjoe-Seshie: Stephen is a versatile Technology Manager with over nineteen years of experience in ICT infrastructure strategy, planning, design, deployment, and operations. He holds an MBA in Engineering Management from Coventry University, UK and a Bachelor of Engineering (Hons.) in Electronics Engineering from the Multimedia University, Malaysia. He has been a Certified Information Systems Security Professional (CISSP®) since 2011. Stephen’s mandate at the CSA is to help build a Secure and Resilient Digital Ghana through world-class proactive and reactive cybersecurity incident response measures within a framework of global collaboration.

The proposed full-day workshop aims to provide a deeper dive into how to use The Shadowserver Foundation's free threat feeds and other Shadowserver free services more effectively. This will include an overview of different indicators/datasets provided by Shadowserver as part of the free daily data feeds, specific data use cases for incident response, introduction of report severity levels for prioritization, practical hands-on usage of our reports API and free tooling that is available that data consumers can leverage (this includes usage of tools now published on the Shadowserver GitHub - https://github.com/The-Shadowserver-Foundation). We will also provide training and examples of using the open-source IntelMQ (https://github.com/certtools/intelmq - a popular choice for National CSIRTs) to process the data. We will also provide a tutorial on how to use our free public Dashboard (https://dashboard.shadowserver.org) effectively to gain attack surface and threat situational awareness and manage vulnerabilities.

Piotr Kijewski is the CEO and a Trustee at The Shadowserver Foundation, a non-profit organization with a mission of making the Internet a more secure environment. He also manages Shadowserver's large-scale data threat collection and sharing projects, as well as National CSIRT relationships. Piotr has over 20 years of operational experience in cybersecurity and incident response. He headed CERT.PL building up its various security data gathering and analysis projects as well as managing its anti-malware operations, including numerous botnet disruptions. Piotr is also a member of the Honeynet Project (where he has also served on the Board of Directors), a well-known and respected non-profit that is committed to the development of honeypot technologies and threat analysis. Piotr Kijewski is a member of the Management Board of The Hague Chapter of the CyberPeace Institute.

Mr. Lawrence Muchilwa is a highly accomplished professional in the fields of cybersecurity, IT operations, strategy, policy, and stakeholder engagement, with a particular focus on National CSIRTs, critical information infrastructure, cyber threat intelligence, and incident response management. Building on his academic background in Information Systems Technology, and Computer Science, he has over a decade of experience in diverse roles such as senior consultant, subject matter expert, lead trainer, and departmental head. He is currently the African Regional Liaison for the Forum of Incident Response and Security Teams and lead the Research and innovation working group at the Kenya Cybersecurity and Forensics Association.

A practical guide for teams on a budget. Welcome to an innovative approach to cybersecurity training that’s both affordable and impactful. This session will explore how to build self hosted hands-on labs leveraging opensource tools and minimal investment. You'll learn how these labs provide real-world simulations for skills like penetration testing, network monitoring, and incident response—all in a controlled self-hosted and secure environment.

What You'll Gain: Join us to discover how to transform your team's cybersecurity training without breaking the bank! Step-by-step guidance on creating labs using open-source tools like ludus, suricata, strelka, and Elastic SIEM. Practical examples of a purple team lab scenarios tailored to enhance your team's technical expertise. Insights into budget-friendly strategies for deploying effective training environments.

Howard Mukanda is a seasoned cybersecurity engineer with a robust background in networking and network security monitoring. Currently serving as a Senior Cyber Security Engineer on a Red Team, Howard specializes in adversary emulation and red teaming exercises, leveraging his extensive experience to enhance organizational security postures. Prior to this role, he honed his skills in network security monitoring, ensuring the integrity and safety of complex network systems. Howard's career began with foundational roles such as an IT Systems Administrator and Information Technology Network Administrator, where he managed and secured diverse IT infrastructures. His expertise spans across managing Windows and Linux servers, virtualization infrastructure, and network equipment, providing a solid foundation for his current cybersecurity endeavors. In addition to his professional achievements, Howard is a dedicated educator, teaching a 24-week Cyber Security boot camp at a university. He also shares his knowledge through his YouTube channel, where he explores various cybersecurity topics and techniques. Howard holds several prestigious certifications, including Certified Information Systems Security Professional (CISSP), Cisco Certified Network Professional (CCNP), OffSec Experienced Penetration Tester (OSEP), Certified Red Team Operator (CRTO), and Offensive Security Certified Professional (OSCP), underscoring his commitment to excellence and continuous learning in the field of cybersecurity.

Eric Sowah Badger is a proven Cybersecurity Professional with experience in Ethical Hacking, Penetration Testing, Red Team Operations, Vulnerability Assessment, Application Security, etc. He is currently the Senior Manager, Security Operations Center at Consolidated Bank Ghana(CBG) and also does voluntary lecturing at some universities in Ghana in the field of Forensics and Ethical Hacking. Eric commands experiential knowledge in security threats and response, a CTF player and creator and a professional speaker on cybersecurity related topics. He is a Master of Science in Cybersecurity and Digital Forensics holder at GIMPA and also holds a Bachelor's degree in Information Technology (BSc. IT) from Methodist University College Ghana, a Higher National Diploma (HND) in Computer Science, and some international certifications in Cybersecurity. Some of which includes: Certified Red Team Operator(CRTO), Practical Network Penetration Tester(PNPT), eLearnSecurity Certified Professional Penetration Tester(eCPPT), Certified Red Team Professional(CRTP), eLearnSecurity Web Application Penetration Tester eXtreme(eWPTX), eLearnSecurity Junior Penetration Tester(eJPT), Certified Application Security Practitioner(CAP), Certified Network Security Practitioner(CNSP), Certified Professional Ethical Hacking(CPEH), Certified Security Professional(CSP+), Prince2 Foundation for Project Management.

Coordinated Vulnerability Disclosure (CVD) is a global challenge. In its process, vulnerability information flows through global supply chain. It is often complicated - many stakeholders are involved in many CVD cases. As the world becomes more interdependent, the importance of CVD is increasing. In this presentation, CVD basics and the speaker's organization JPCERT/CC's CVD and the related activities will be explained.

Working on CVD at JPCERT/CC for 9 years, Tomo Ito currently leads the Global CVD project of the organization, which aims to contribute to the global CVD ecosystem stability through collaborations with the stakeholders from different parts of the world.

Keynotes:

• Remarks from ZICTA
• Remarks from SADC (George Ah-Thew)
• Remarks from FIRST (Mona Østvang)

Dr. George Patrick Ah-Thew is the Senior Programme Officer (SPO) ICT in Directorate of Infrastructure at the Southern African Development Community (SADC) Secretariat, based in Gaborone, Botswana. As the SADC SPO ICT he is responsible for SADC prorgammes relating to the Harmonisation of ICT Policy, Regulatory and Strategic frameworks, Digital Transformation, Cybersecurity, Computer Incident Response Teams (CIRTs), Internet Governance, Internet Exchange Points (IXPs), SADC ICT Observatory, SADC Shared Satellite Communications System, preparations and support on common positions on the region’s ICT priorities for continental and International fora. He has over 25 years working in the ICT Sector and has been instrumental in the development of the three SADC Cybersecurity Model Laws and SADC Regional CIRT Framework and collaborating with ITU, AfricaCERT and CERT-MU to facilitate cyber drills in the SADC Region since 2018. The SPO ICT works in close collaboration with the SADC ICT Implementing Agencies, namely: CRASA, SATA and SAPOA.

Mona Østvang is a senior incident response manager working as a consultant in mnemonic IRT, a long-term member of FIRST. She has worked on a number of severe incidents the past 15 years, and does also work on preparing organizations for responding to such incidents through planning and exercising.

This session aims to present the KINDNS framework and explain how it can be used to assess the level of security of a DNS infrastructure. The framework also embarks a series of guidelines that can be followed to improve the security of any DNS infrastructure.

Yazid Akanho leads the ICANN org's technical engagement strategy in the MEA region in collaboration with other functions within the Org. He coordinates the relationship with various stakeholders within the Internet ecosystem on technical aspects of Internet governance via different initiatives and projects that help to promote the Internet's unique identifier systems security, stability, and resiliency's best practices. Yazid holds a Master's degree in Telecommunication and previously worked at Benin Telecoms (now SBIN), the national telecommunication operator in Benin and at MTN in different roles and responsibilities. He is passionate of driving technical projects and has supported deliver key projects in those two organizations. As a previous ICANN community member, Yazid is an active Internet evangelist within the Internet community in his country and abroad. He led his country ISOC chapter reactivation process in 2018 and has been its vice chair in 2019 and 2020. He also has led and contributed to few other initiatives in the community, and still continues to do so.
LinkedIn: https://www.linkedin.com/in/yakanho/ [linkedin.com] X: https://x.com/yakanho [x.com]

This presentation explores the evolution of cybersecurity across Africa over the last decade, using the ITU Global Cybersecurity Index (GCI) as a benchmark. It delves into the five critical areas assessed by the GCI—Legal Measures, Technical Measures, Organizational Measures, Capacity Development, and Cooperation—and compares data from 2015 to 2024. The analysis highlights Africa's strides in strengthening cybersecurity frameworks, from the enactment of national cybersecurity laws to the development of technical capabilities such as Computer Emergency Response Teams (CERTs). Additionally, the presentation addresses ongoing efforts in capacity building, regional and international cooperation, and the establishment of governance frameworks to enhance cybersecurity resilience across the continent. By measuring the continent's progress, the presentation identifies both key achievements and the persistent challenges that need to be addressed to ensure Africa's cybersecurity landscape remains robust, inclusive, and adaptive in the face of growing digital threats.

Abdullahi Guled is a seasoned Cybersecurity Advisor with extensive experience in developing and implementing national cybersecurity strategies and policies. He currently serves at the Ministry of Communications and Technology of Somalia, where he plays a pivotal role in strengthening the country’s digital resilience and fostering a secure digital ecosystem.

Mr. Guled has been instrumental in drafting key legislation, including Somalia’s cybersecurity and cybercrime frameworks, and has actively contributed to building institutional capacities. His expertise spans areas such as critical information infrastructure protection, digital governance, and promoting regional and international cooperation in cybersecurity.

As a founding member of the Somalia Cybersecurity Community, Mr. Guled is dedicated to raising awareness about cybersecurity and nurturing local talent to bridge the skills gap. He is also actively involved in advocating for inclusive and sustainable digital transformation initiatives in line with global best practices.

With a passion for knowledge sharing and capacity development, Mr. Guled frequently represents Somalia in international cybersecurity forums, bringing insights into Africa’s progress and challenges in the cybersecurity landscape.

Open source tools can be a valuable asset for operational security management. Taking a proactive approach and selecting tools that are tailored to the organization’s specific needs are essential to maximizing the benefits.

Mariem Mahjoub is an IT engineer and the Head of ISAC team of tunCERT and has over a decade and a half of experience in the cybersecurity field including 5 years of research and teaching. Mariem has provided information security consulting services and has been member in several cybersecurity projects for the government. Information security specialist, with know-how in several areas of IT security such as network security; information security assessment; open source technologies; SOC management; development of security procedures, policies and guidelines.

Cybersecurity has become a critical concern as Africa and the Arab regions experience accelerated digital transformation. Despite the increasing prevalence of cyber threats—including ransomware, phishing, and cross-border attacks—efforts to address these challenges remain fragmented due to disparate regulatory frameworks. This report advocates for the harmonization of cybersecurity laws across Africa and the Arab regions to foster a resilient digital ecosystem. Drawing on regional case studies and global success stories, the report explores the urgency, benefits, and pathways for aligning cybersecurity policies. It highlights key focus areas, such as data protection, critical infrastructure security, incident response coordination, and law enforcement collaboration. The analysis underscores the potential of harmonization to bolster economic growth, enhance cross-border cooperation, and mitigate vulnerabilities that threaten digital economies.

Dr. Mohammed Lawan Ahmed: Director, Cybersecurity Department, National Information Technology Development Agency (NITDA) will be speaking on behalf of Kashifu Inuwa Abdullahi (CCIE), Director-General/CEO of the National Information Technology Development Agency, NITDA, is a transformational expert with key competencies across policy formulation, administration, growth management, talent development, solutions architecture, resource mobilisation and strategy implementation. Inuwa is a thoroughbred IT professional, with an impressive resume in public and private sector IT development, policy formulation, and IT governance. He graduated with a bachelor’s degree in computer science from Abubakar Tafawa Balewa University Bauchi. He holds various executive certificates from top-notch universities such as Harvard University, University of Cambridge, London Business School and Oxford University, UK. Abdullahi is also an alumnus of the prestigious IMD Business School, Switzerland, and a trained strategist from the world-famous Massachusetts Institute of Technology (MIT). He equally holds many professional certifications in telecommunications, service management, networking, and solution design.

This half-day, practical workshop will guide participants through using the MISP platform (Malware Information Sharing Platform) during cybersecurity incident response. Attendees will learn how to search for Indicators of Compromise (IOCs) and Indicators of Attack (IOAs) and effectively share threat information with their communities based on incident findings. By the end of the session, participants will gain practical skills and actionable insights on how to better utilize MISP for threat sharing and incident response, ultimately strengthening their own cybersecurity defenses and that of their organizations.

Mr. Lawrence Muchilwa is a highly accomplished professional in the fields of cybersecurity, IT operations, strategy, policy, and stakeholder engagement, with a particular focus on National CSIRTs, critical information infrastructure, cyber threat intelligence, and incident response management. Building on his academic background with a PhD in progress, a Master's in Information Systems Technology, and a Bachelor's in Computer Science, he has over a decade of experience in diverse roles such as senior consultant, subject matter expert, lead trainer, and departmental head. He is currently the African Regional Liaison for the Forum of Incident Response and Security Teams

Mafoko Lebogang is a forward-thinking cybersecurity professional with over 6 years of experience in security operations. Specializing in incident management, security architecture design, risk analysis, and security automation, he has led initiatives that enhance cybersecurity frameworks and processes. As a Senior CSIRT Analyst at Botswana Communications Regulatory Authority, he plays a key role in security framework development, SIEM customization, digital forensics, and stakeholder collaboration. Notably, Lebogang has been instrumental in establishing Botswana's National CSIRT and spearheading ransomware prevention projects for critical infrastructures. He holds a Bachelor of Science (Hons) in Network Security and Computer Forensics from Botho University and is certified in SIM3, while also pursuing CISSP, OSCP, and CEH Practical certifications. He is currently the Cyber Security Risk Manager for Absa Bank Botswana .

This topic focuses on achieving real-time visibility into critical cybersecurity threat intelligence beyond the typical IoCs and includes indicators of attack (IoA), Indicators of exposure (IoE), and Indicators of warning (IoW). By detecting, monitoring, and mitigating these indicators, organizations can proactively identify and mitigate threats, not only for their own infrastructure but also for their CERT members and third-party partners. Real-time insights into attack vectors and exposure risks enable a coordinated defense approach, enhancing overall security posture and resilience against potential cyber threats. This is a data-centric approach, without any installation or configuration of tools on your network, yet gaining visibility into data specific to you.

Mirza Asrar Baig is the Founder and Chief Executive Officer of CTM360, and is the visionary behind developing the Digital Risk Protection stack that embodies the concept of the company. His focus remains on building a highly scalable platform with the vision "Build Locally, Scale Globally", and he believes in empowering the Arab World to be recognized as a leader in technology research and development. Mirza is a Computer Science graduate from King Fahd University of Petroleum and Minerals (KFUPM - Dhahran, Saudi Arabia). His educational background underscores his deep commitment to research and innovation. With over 30+ years of experience serving the Information Technology and Cybersecurity requirements of the GCC Financial Sector and government bodies, he is playing an instrumental role in safeguarding the region's digital landscape. Mirza is actively contributing to the region through speaking engagements and providing invaluable insights into threats specific to GCC organizations. His passion for advancing cybersecurity in today's digital age has left an indelible mark, reflecting his dedication to enhancing cybersecurity and resilience globally. CTM360's technology platform is primarily data-driven and is on track to profile all organizations across the world leveraging public domain data. The technology enables aggregate analytics and real-time cybersecurity posture on industries, countries, and regions. Mirza is now on a mission to have his technology recognized as the go-to choice for regulators as well.

Digitalization and connectedness of industrial environments is opening business opportunities and enhancing operational efficiency. This rapid modernisation and complexity of interconnected systems has expanded the attack surface, opening more entry points for cyber criminals, and exposing organisations to cyber-attacks that can counterpoise the benefits. Furthermore, the necessity of increased convergence of OT with the traditional IT environment is leading to additional inherent vulnerabilities, which are doubling every year. As is evident, this convergence enables Industry 4.0 by turning automation functions to Internet of things through connectivity to business processes and applications.

While these benefits are positive, there may be challenges faced with the implementation of IT/OT convergence due to various reasons, including obsolete technology, etc. This surge in digitalization has therefore exponentially increased the importance of cybersecurity, necessitating immediate strategic interventions to protect critical infrastructure and improve the overall cyber security posture.

Sithembile Songo has been crowned as the Cyber leader of the year 2024 in Africa, CISO of the year 2024, one of the 50 Top of Mind Global Executives, Top 50 cyber professionals, Top 50 manufacturing leaders, Top 100 global women in cybersecurity, international speaker, Top 100 influential women, mentor and is serving as a member of the board and advisory board member. She holds a Master of Science in Information Security from the University of London. She has spoken at major local, national and global IT and cyber security conferences. She has been specializing in information security for more than 20 years now and her experience is augmented by several executive leadership roles in both public and private sectors, including Financial, Telecom, Public Sector, Consulting firm, Energy sector and other State-owned entities.

Sithembile currently works as the Chief Information Security Officer, CISO, heading the information security pillar at the state-owned energy entity, which produce 95% of South Africa’s electricity. Her strategic role primarily focuses on protecting the national critical infrastructure from potential cyber-attacks, thus preventing a negative impact on the economy. She also enables secure business operations, including secure generation, transmission, and distribution of electricity, which depend on operational technology (OT) that largely depends on secured computer networks and systems to produce electricity.

This workshop aims to train participants on how to use the KINDNS framework to assess DNS infrastructures and operations for their own organization or third party organization and how they can incorporate KINDNS framework in their cybersecurity tools.

Yazid Akanho leads the ICANN org's technical engagement strategy in the MEA region in collaboration with other functions within the Org. He coordinates the relationship with various stakeholders within the Internet ecosystem on technical aspects of Internet governance via different initiatives and projects that help to promote the Internet's unique identifier systems security, stability, and resiliency's best practices. Yazid holds a Master degree in Telecommunication and previously worked at Benin Telecoms (now SBIN), the national telecommunication operator in Benin and at MTN in different roles and responsibilities. He is passionate of driving technical projects and has supported deliver key projects in those two organizations. As a previous ICANN community member, Yazid is an active Internet evangelist within the Internet community in his country and abroad. He led his country ISOC chapter reactivation process in 2018 and has been its vice chair in 2019 and 2020. He also has led and contributed to few other initiatives in the community, and still continues to do so. LinkedIn: https://www.linkedin.com/in/yakanho/ [linkedin.com] X: https://x.com/yakanho [x.com]

Applying UN norms for responsible state behavior in cyberspace involves integrating agreed-upon principles into national policies, international relations, and operational practices. These norms aim to foster a safe, stable, and cooperative cyberspace by reducing risks of conflict and ensuring responsible conduct by states. This presentation will touch on the key steps in applying norms from the CSIRT perspective.

Kaleem Ahmed Usmani is currently serving as the head of the Computer Emergency Response Team of Mauritius (CERT-MU). He has extensive experience in the ICT sector, spanning over 20 years, with a focus on cybersecurity, IT management, and network engineering. Usmani has been instrumental in implementing national, regional and international cybersecurity projects. Kaleem sits on several regional and international committees. He has also represented Mauritius in international forums, such as the United Nations Group of Governmental Experts on Cybersecurity and the Open-Ended Working Group. His efforts have contributed to Mauritius being recognized as a leader in cybersecurity resilience.

Modern Internet standards and cybersecurity frameworks play a pivotal role in safeguarding our increasingly digital world. As technology advances, the global reliance on interconnected systems has heightened vulnerabilities to cyber threats, emphasizing the urgency for standardized practices. This presentation explores the imperative of cybersecurity standards and frameworks in enhancing the resilience of digital infrastructure.

Key emphasis will be placed on leveraging the Internet.nl platform—a comprehensive tool designed to test and validate compliance with modern Internet security standards. The session will delve into how Internet.nl evaluates crucial security measures, including DNSSEC, DANE, IPv6, TLS configurations, and email security protocols like DMARC, DKIM, and SPF. Real-world use cases and testing scenarios will illustrate how organizations can identify vulnerabilities and align their digital assets with best practices.

This presentation aims to equip stakeholders with practical knowledge of using Internet.nl to assess and improve their online security posture. Attendees will leave with actionable insights into adopting modern standards, enhancing resilience against cyber threats, and ensuring alignment with global cybersecurity expectations.

Daniel K. Nanghaka is a visionary leader and advocate for cybersecurity, modern Internet standards, and the transformative potential of Industry 4.0+ technologies in Africa. As the Principal Program Officer - Industry 4.0+ at the Science, Technology, and Innovation Secretariat in the Office of the President, Uganda, Daniel plays a pivotal role in advancing the country’s industrial and technological development through strategic initiatives and policy frameworks that align with global trends.

In his capacity as the Lead of the Trusted Africa Internet Initiative, Daniel drives efforts to strengthen Africa’s cybersecurity posture and promote the adoption of modern Internet standards. He collaborates with stakeholders across sectors to build secure and resilient digital infrastructures, ensuring that African nations meet international benchmarks. His expertise extends to critical areas such as DNSSEC, IPv6, secure email protocols (DMARC, DKIM, SPF), and the promotion of Internet governance best practices.

Daniel is deeply involved in Industry 4.0+ advancements, championing the integration of technologies like artificial intelligence, blockchain, IoT, and advanced manufacturing to catalyze economic growth and sustainability. His leadership in initiatives such as the digital transformation of agricultural extension services, the establishment of cloud computing infrastructures, and the development of cybersecurity frameworks demonstrates his commitment to aligning innovation with development priorities.

Daniel's advocacy has been profound in cordination of regional activities the GFCE Tripple I initiative which is recognized on leveraging platforms like Internet.nl to test and validate websites, email systems, and networks for compliance with modern Internet standards. His practical, solution-driven approach empowers organizations to enhance security, efficiency, and resilience against cyber threats.

Daniel’s dedication to fostering secure, innovative, and sustainable digital ecosystems is shaping Africa’s technological future, ensuring that cybersecurity, Industry 4.0+ technologies, and modern Internet standards remain central to the continent’s development agenda.

The United States NIST (National Institute of Standards and Technologies) has published the Cyber Security Framework as “… guidance to industry, government agencies, and other organizations to manage cybersecurity risks.” The Framework has been adapted into sector-specific “community Profiles”. The CSF Framework for Internet Routing applies the Framework for the context of Internet Routing. This presentation will briefly review some elements of the Routing Security Profile.

In his role as Engineering Fellow at Comcast, Tony Tauber focuses on Backbone and Core network architecture and engineering with particular attention to measurement, manageability, and automation as well as network and routing security. He also partners with the research and education communities on projects and previously chaired the North American Network Operators Group (NANOG) Program Committee. He is the lead engineer and architect for Comcast’s RPKI and Anycast routing initiatives. He was a founding contributor to the MANRS initiative and is a current member of the MANRS Steering Committee. In the past, he held senior network engineering positions at BBN, GTE Internetworking, Genuity, Level3 Communications and MIT Lincoln Lab as well as served as co-chair of the Routing Protocol Security working group in the IETF.

This case study shows how Public-Private Partnerships (PPPs) can be used as a collaborative model for addressing infrastructure and public service challenges.

It looks into their significance in leveraging private sector efficiency, and their role in reducing public sector financial burdens. It discusses the challenges, the strategy and the achievement of Cyber Defense Africa S.A.S. Established from a strategic public-private partnership between the Togolese Republic and the company Asseco Data Systems S.A. (ADS), CDA is the national cybersecurity services company, mandated by the Togolese Republic to ensure the operational security of information systems in Togo.

Anissa Kpakpabia is the manager of Cyber Defense Africa's Security Operations Center (SOC), where he started as a Level 2 Cybersecurity Analyst in 2020. He joined the CDA project after more than 10 years' experience in supporting national security projects in the fields of ICT, telecommunications and related fields. Before applying his skills in Togo, he was Head of IT at Business Search Ltd in Leeds (UK).

Capture the flag competitions are a very powerful tool that has a great impact on any cyber security human capacity building program, specially large scale and national programs, they play a major role in attracting new talents to the field of cyber security which already suffers from a severe lack of qualified calibers who can effectively defend organizations and countries against cyber threats. The brilliance of CTF competitions lies in their ability to motivate young people with very little experience to exert more effort into studying and exploring different cyber security specialties in order to achieve higher ranks in the competition where they currently participate or in future competitions, aspiring to self-actuation, status among their peers, financial prizes, and discovery of future career opportunities. The end result is tens, hundreds and maybe thousands of young individuals who are motivated to dedicate numerous hours of study time everyday on their path towards becoming skilled cyber security professionals who developed the problem-solving, critical thinking, and technical expertise to make a notable impact on an organizational level, on a national level and even on a continental level. This presentation underscores the pivotal role of CTF competitions to guide policy makers and organizations on how to leverage these competitions to enhance and upscale human capacity building which is the most critical building block of any sound cybersecurity strategy.

Ahmed Mashaly holds a B.Sc in telecommunication engineering and an MBA from ESLSCA business University and currently is a DBA doctoral candidate. He was one of the team members that founded the Egyptian Computer emergency response team in 2009, the team lead the Efforts of the Egyptian government towards building the national cyber security capabilities, enabling the country to reach the 23rd rank in the International telecommunications union's Global cyber security index 2020. Participating in countless national projects, Ahmed's expertise cover a wide range of technical, managerial and operational topics including but not restricted to : Incident response, penetration testing, digital forensics, Security awareness, international relations, project management and others. With over 15 years of experience in cyber security And a number of globally acknowledged certificates in cyber security, He also participated in creating several CSIRT teams in Egypt and in Africa, Ahmed has a track record of participating in conferences, events and webinars, he represented Egypt in numerous international organizations like (OIC-CERT, ITU, ARCC, OWASP and Africa CERT) along with speaking at events in Africa, Asia and North America.

This talk highlights key challenges and milestones in developing and implementing norms for responsible state behavior in cyber space (Cyber Norms), according to the United Nations framework and the UN reports that were adopted by the UN General Assembly, We also discuss confidence building measures (CBMs) among various stakeholders, and the relevance of cyber norms and CBMs to the incident response and security community. We emphasize the roles and responsibilities of cybersecurity professionals in the implementation of cyber norms and CBMs.

Dr. Sherif Hashem is a Full Professor of Information Sciences and Technology at George Mason University (GMU), USA. His professional and research interests Cybersecurity, Cyber Strategies and Policies, Management of Information Security, Cyber Diplomacy, Artificial Intelligence, Information Technology, Digital Transformation, and Data Analytics. He has 5 published book chapters and over 60 professional reports and refereed articles in international journals and conference proceedings (3300+ citations).

Dr. Hashem has a Ph.D. in Industrial Engineering from Purdue University-USA and is the Former Chair of the Board of Directors of FIRST (Forum of Incident Response and Security Teams). He is a member of the African Union’s Cybersecurity Expert Group (AUCSEG).

Over the last two decades, Dr. Hashem led several key cybersecurity efforts at the national level, and set up the framework for further developing the Egyptian Computer Emergency Readiness Team (EG-CERT). In 2016, He became the Chairman of the Executive Bureau of Egypt’s Supreme Cybersecurity Council. He led the team that drafted Egypt’s first National Cybersecurity Strategy (2017-2021). Successful cybersecurity initiatives and activities led by Dr Hashem have contributed to Egypt’s advanced cybersecurity rank: 14th among 193 countries, as reported by the ITU Global Cybersecurity Index in July 2017.

At the international level, Dr Hashem was an expert member of the United Nations Group of Government Experts (UN GGE) on the Developments In The Field Of Information And Telecommunications In The Context Of International Security (Aug 2012 - June 2013), a 15-members high-level group of experts that developed strategic cybersecurity reports to be endorsed by the UN General Assembly. Furthermore, he participated in and spoke at the several subsequent UN GGE and UN Open Ended Working Group (OEWG) meetings.

Learn how Work Force Development self-assessment tools can be used to improve how your organization hires staff and manages their training and development. The WFD tools cover job tasks and skills required to perform daily work activities along with Cyber Incident Response roles. There are 22 WFD Self-Assessment for roles in: OT, Cybersecurity, IT, and NIMS/ICS. These self-assessment tools will enable your company to: Complete a self-assessment of skills required to ensure your staff can perform tasks required for their job(s); And develop plans to address skill gaps. Ensure staff are available to perform ICS4ICS and Cyber Incident Response job functions and identify staffing alternatives like: Vendors of systems and components, System Integrators or other consultants, Service Providers for specialty functions (like for forensics), and/or Reciprocal Agreements with other similar companies.

Brian Peterson is an Information Risk Consultant who works for ISAGCA as the ICS4ICS Program Manager. He also works for other companies as a program and project manager and conducts research related to IT systems, applications, and SCADA/DCS systems, such as those used in the oil and gas, manufacturing, and other industry sectors.

Dr. Shane Stailey is an inventor, author and multi-technical practitioner educated and trained in multiple facets of security to include OT, IT, Physical Security and Cybersecurity. He specializes in cybersecurity workforce development combining years of field experience with designing, teaching and applying technical and cyber curriculum at multiple universities and colleges since 2013 while working in full time technical and/or cyber jobs.

Jean-Robert Hountomey is the moderator for the day's sessions and panels.

Co-founder of the Africa Forum of Incident Response and Security Teams (AfricaCERT): Jean-Robert Hountomey works as a Cybersecurity and Product Security researcher for a global technology leader with more than two decades of practice. His investigation areas include Cybersecurity Health and Maturity, Product Security, Privacy Engineering, Secure Software Development Life Cycle, Incident Management, Vulnerability Research, and Technology Policy. Mr. Hountomey contributes to the community as a co-founder of the Africa Forum of Incident Response and Security Teams (AfricaCERT) and the African Anti-Abuse Working Group. He also contributes to FIRST SIGs, CVE Outreach, AUCSEG, ISOC, ICANN, AfriNIC, AfNOG, etc... At AfricaCERT his focus covers issues and opportunities related to law, technology, Internet Governance, standards on digital security, cyber workforce, and recently ICS/OT Cybersecurity.