This blog is a rebirth of a longtime blog once hosted at blog.kinyoka.com and mkombozi blogs (Google Blogs) which both blogs got deprecated (i stopped blogging as entered infosec and i had a period of 10 years immersing myself in deep learning of infosec).
This blog will cover some advice on how to start your career in infosec / cyber security, giving out what I learned and continue to learn and the best way to make it alive in this crazy world of defenders vs malicious attackers (best of lucky,because you will need it).
I was born and raised in Dar es salaam, Tanzania. My childhood spent in area next to the Tanzania national stadium (Uwanja wa Taifa) in Temeke District and I went to Chang’ombe Primary School and I had a chance to meet some bright minds there, who managed to do well in later life. I think the most important thing of all, I was introduced to the world of basketball at the age of 10 years old, and I have never stopped playing ever since.
After my primary school years, I went on and studied secondary school education at Forodhani Sec. School and High school at Mzumbe Secondary School (where I did HGL – which is History, Geography and English – well I didn’t do science subjects :)).
I had a thingy for computers since I was at Forodhani Sec (1997-2000), and a good friend of mine Ajelandro Sindano (who at the time had PC at home – Pentium 1, I think), which I manage to befriend him and had opportunity to use the computer at least 3 times a week. I met Ajelandro at Zanaki – Vijana Basketball Club’s courts, and this place is where I met most of my role models (Mkuki Bgoya, Martin Warioba, Bahati Mgunda, Abdullatif and a lot of long term friends).
Ajelandro had a friend called Mikah, at the time he was studying computer science at IFM, and I think they were taught programming class and he taught me the basics of HTML (in Windows Notepad) and that was the start of my passion for web development. I called on that passion, and follow the good steps of Martin W. at the time studying at LSU and got a few books, e.g. Dreamweaver from Mkuki, which helped me alot in terms of learning.
Around the same time my Forodhani friends Taty Emmanuel and Barnabas “Kizi57” Lukumai, were into the computers, designing, and web development. The only different is these guys at Computers and 24/7 internet connection. At some point we formed a company to try to monetise our passion and make a few Tshs, so the Visual Lab as you know it was born. It was Adam Juma XXL, Kizi, Taty and myself, we tried our best with very little knowledge about business and it wasn’t a great success, so I decided to go to Mzumbe University (so did Taty), joined the same program (BSc Information and Communication Technology Management) which we graduated in 2007.
How did I endup in InfoSec?
After graduating Uni, I joined Barclays Bank Tanzania as Application Support Analyst, which is the user support, server support and deployment etc. Which was a good opportunity given that I have never worked in a corporate environment, so I learned alot in terms of the working culture and how to behave as wage-earning adult. This is a huge change given that my working experience, as all been a developer (working on my own or a group of friends with no boss, and clear defined job roles – funny times, late nights and no social responsibility), the only times I had a boss prior to joining Barclays was when I worked at University of Dar es salaam computing centre (during high school summer break), and university last semester, where I was supposed to intern at a corporate company, instead I chose to go work for a startup CESAI as a web developer (I got paid too, which was funny).
So after working for 3 months as application support (July – October 2007), by-then country information security manager (Irene Rwelamira) was to be promoted to be the country head of information risk), so there were a vacancy, which I took the opportunity and I was mentored by Irene for another six months, before I was official Country Security Manager. So roughly that how my InfoSec (there is a difference between Cyber Security and InfoSecurity, the latter being the big brother of the former) career started and now I have been in the field for about 12 years, filling in different roles as Security Manager and Security consultants working for prestige companies such as Barclays Bank, National Microfinance Bank – NMB (part of Rabobank – Netherlands), InfoAssurax (my own startup), NCC Group (UK) and NTT Security UK (part of NTT Group).
It has been a thrilling and ever-learning journey. I have managed to learn alot during the past few years, moved to a new country, traveled the world, see nice countries such as South Africa, Kenya, Uganda, Canada, Belgium, Netherlands, U.A.E, Scotland, Wales, England, Germany and learn new cultures.
Over the years I have managed to get a few security certification (only way to prove you know something at least 10% as a basic) The following are current and expired certificates (it doesn’t matter if the certificate expired, so long as your knowledge stays current)
Payment Card Industry Qualified Security Assessor (PCI QSA) – 2013 – Present
SABSA Security Architect (SCF) -2016
CREST Technical Security Architect (TSA) -2017
CREST Registered Penetration Tester – 2014 (Expired)
Certified Information Security Manager (CISM) – 2011
ISO 27001 Lead Auditor – 2018
ISO 27001 Implementation – 2011
PCI-DSS Implementation – 2011
Prince2 Foundation – 2012
Ethical Ninja I & II – April 2012
Microsoft Azure Cloud – Networking and Infrastructure- 2017
AWS Cloud Platform – Auditing AWS Environments for Security and Best Practices – 2017
** I had to retake the exam either twice / thrice sometimes to passed one of these exams. Nobody said it would be easy!
M.Sc. Information Security Management – 2009 – 2010 (University of Salford, UK)
B.Sc. Information and Communication Technology Management – 2003 – 2007 (Mzumbe University, Tanzania)