Leading up to Black Hat USA, hear from Black Hat Review Board Members, Speakers, Trainers and Partners about their contributions to information security and the upcoming Black Hat event.
Please press or click a name below for more information.
Cyber Security Consultant and Co-Founder of SheHacks KE
Security Research and Co-Founder of SheHacks KE
Together they will present "Building Cyber Security Strategies for Emerging Industries in Sub Saharan Africa" at Black Hat USA 2020 Briefings. Listen to the Fast Chat Interview and Read the Transcription below to learn more about them and their research:
Tell me a bit about yourselves and how you got started in information security?
Laura Tich: My name is Laura Tich and Evelyn and I are the founders of Shehacks KE. SheHacks KE is a community of women in cyber security in Kenya. It was founded in 2016 after we realized there were women in security in Kenya, but they didn't have a platform to share their knowledge and skills. So, we decided to create something for them and we have been running it together since then.
Black Hat: That's great — How many members do you have now?
Laura Tich: By now it's about 350, thereabouts.
We have a number of events and focus mainly on Trainings and bootcamps. Since COVID we have been doing digital bootcamps every Thursday evening. We train anyone who joins (not exclusively ladies) on specific topics within Cybersecurity.
What interested you in submitting a Briefings proposal to Black Hat?
Laura Tich: For me, it was a challenge. I wanted to challenge myself and show our people that this can be done. We actually didn't expect it to be accepted, but we keep preaching about putting yourself out there and taking chances, facing challenges and whatever comes your way. So, we try as much as possible to submit or apply for things that maybe have not been done before by a Kenyan. Just so we can show them that yeah, this is possible, you can actually do this.
Black Hat: Have either of you been to a Black Hat event before?
Laura Tich: No, this will be our first time, but I went to DEF CON last year.
In your abstract you describe how attempts to emulate cyber security technologies, policies and strategies implemented by more other nations hasn't worked well in the Sub-Saharan African Region. You gave a variety of reasons why – Do you think that is mostly due to attacks being specific to the region's technologies, user behaviors, cost, the use of pirated tools or the combination?
Evelyn Kilel: I think the fact that it is still a growing community and the key aspect in the Sub-Saharan Africa environment is mostly FinTech. FinTech is still a new market and we are trying to explore more on how to best secure that kind of market. So it's still new and not much research has been done on how you can improve on the different aspects across that particular element within the region.
Additionally, the community aspects — The best example is SheHacks. The environment gives a space where people can research more, they can educate themselves more and from there is where different products are going to be developed through the same platforms. Gives a better environment where we can know only know then where the different security products are relevant for our market. So still the research has not been covered fully for the particular element.
Laura Tich: There's not much research that has been done in the Sub-Saharan African region and in our write-up we talked about how we've always been bundled up with the Middle East and North Africa - which is not bad, but there's an imbalance in the way technology is approached in both areas. Not really an imbalance, but differences - in the Middle East or in Sub-Saharan Africa as you said, we have a lot of small and medium enterprises and they all work with FinTech.
In Kenya for example our mobile money is one of the biggest in the world and a lot of people try to emulate it so our cyber threats always occur around FinTech and other technologies that are maybe older in other regions, but are more predominant here in Sub-Saharan Africa.
Is SheHacks KE one of the bigger groups working to bring more cyber security skills in the region?
Laura Tich: Yes, there are many. In Kenya for example SheHacks is just one of the many, but as we focus mostly on women, there is AfricaHackOn which is open to everyone and then in Nigeria there's SheSecures and in The Gambia, there is hackathon girls so there are a lot of communities in Africa, but we are yet to get to a point where we say we have enough professionals in the market, but we're getting there.
Your point about needing to develop open source or affordable tools designed specifically for the local market was very interesting. Is there a big open-source community in the areas you work that you know of or are most of the groups focused on skill development?
Laura Tich: Most of the people we work with are still at the beginner level, but we have individuals in Kenya and across Africa that have worked to develop tools that specifically address needs of the region. We don't have enough of those, but we have people that come up with new ideas and tools.
Evelyn Kilel: The best example is in Kenya. We have a friend of ours called Christian, who has developed a tool called Mara framework to help with mobile security review and it is among the best tools that we use for our day to day basis for security assessments.
You also talked a lot about the over-dependence on cloud services in the region and I just wanted to learn a little bit more about what you meant. A lot of companies (where I am based in California) are focused on moving towards the cloud, automating security tools, replacing traditional systems and so I was wondering why you felt like maybe the over dependence on cloud services was a contributor to cyber security issues in the area.
Evelyn Kilel: Based on what Laura mentioned earlier on the SMEs that are mostly around this region. Most people depend on cloud because that is the easiest platform you can have. Most companies do not have space for servers and basically think that is the easier route – to take the cloud platform way.
It is a good thing that they are adopting the cloud nature of the environment. In my review of the different SMEs that we have they utilize cloud platforms to the maximum.
Laura Tich: So the issue of security comes in with as much as people are trying to embrace this new technologies and as one of the focus areas of growth as part of the reports we've read is cloud. So a lot of people are moving towards cloud, but there's the matter of security where discussions around security are not very common. So as much as people apply or use cloud within the organizations, they do not really look at the security aspects of it.
You already talked a little bit about SheHacks and how you started and what you're working to achieve, but I wanted to circle back to see if there was anything else that you wanted to share, including any ways the broader cyber security community, the Black Hat community could get involved, help support your organization or what your what efforts you're trying to work on in the region.
Especially over the past year (2019), we've become/gained a platform globally, we've started partnering with organizations outside of Kenya so we are opening up to new horizons. A lot of people are finding out about us and we're also learning more about the global community, so these collaborations are very, very important because we get to see the different perspectives of security and we get to implement what we see or what we learn from outside there in the country, so collaboration.
I will always preach collaboration because at the end of the day it's one community, regardless of the different regions and the different backgrounds we have.
Anything else to share or any other questions that you have?
Laura Tich: I mean we are still in disbelief as much as we are working on our presentation and looking forward to speaking, but it's still so surreal. We're looking forward to interacting with other members of the community and sharing our experiences.
Evelyn Kilel: I believe this is a good opportunity. We missed a chance to go to Black Hoodie in 2018 because we couldn't support ourselves, so when we got this chance, we took it. We are thankful and look forward to having the opportunity!
Register now for this year's fully virtual Black Hat USA, scheduled to take place August 1st through 6th, and get more information about the event on the Black Hat website.