Meet the South African ethical hacker tackling cybersecurity challenges

According to the World Economic Forum Global Risks 2020 report, cyberattacks rank first among global human-caused risks, costing the world $11.4 million each minute.

Today, South Africa has the third-highest number of cybercrime victims worldwide, losing approximately R2.2 billion (US$147 million) a year to cyberattacks. A recent Accenture report found that hackers target South African organizations because they have lower defensive barriers than those in more developed economies and believe they have a lower chance of incurring consequences.

As African consumers continue to embrace technology and the role of tech in business and commerce grows, companies and governments can’t afford to take a reactionary approach to cybersecurity. 

The proactive measure some businesses and governments are taking is hiring ethical hackers, also known as penetration testers. Ethical hackers legally break into an organization’s computers and devices to test its defenses and identify vulnerabilities in the system.

I spoke with Nchaupe Setshedi, a Security Operations Center Analyst at Snode Technologies, about his thoughts on cybersecurity in South Africa, his role as an ethical hacker, and how African startups can improve their security. 

Share your journey into tech?

I’m a self-taught software developer and ethical hacker. My journey started in 2016 when my cousin referred me to Geekulcha and Social Codingza’s co-founder Thembiso Magajana.

I primarily developed my skillset by attending hackathons and meetups. At these events, I grew my network in the tech ecosystem. Being active in the various tech communities is also how I met my mentor and rival, Katlego Molokomme, who’s an Android developer. He taught me a lot. Trying to be as good of a front-end developer as him pushed me to learn as fast as I could. 

Unfortunately, I never became a good front-end developer, so I switched to back-end in 2017 after attending the Cyber Security Summit hosted by Geekulcha at Vodacom World. It was there that I got to meet a lot of interesting people in cybersecurity and decided that back-end was the way to go. 

My first professional experience was as an intern with SITA Soc Ltd Pty as a software developer. Now I’m currently working as a Soc Analyst at Snode Technologies.

Share your general thoughts on cybersecurity?

Cybersecurity is an area where even countries whose tech ecosystem is way ahead of ours sometimes find it hard to get it right. It’s a continuous learning process.

In Africa, we have a lot of catching up to do, but we can learn a lot from the mistakes of our predecessors in order to skip some of these hurdles. But there is still a major skills gap in the cybersecurity space, so for us to catch up, we need a significant increase in cyber professionals and training to equip talent with the right skills.

Getting into cybersecurity?

1. Be persistent.

2. Be extremely curious.

3. Be willing to break some of the rules. Don’t break the law, just the rules. Ask for permission if you’re at a company. If permission isn't given and you’re going to do something that will benefit the company in the long run, do it and apologize later. 

‍

What is a penetration tester, and what does your role entail?

My role is to investigate if there are vulnerabilities in our system by hacking into it and reporting my findings, how I exploited the vulnerability, and how it can be remediated. My goal is to prevent another person who has the same skills as me from exploiting the vulnerabilities in the system.

What I enjoy most about being an ethical hacker is that my daily character is being a thief and a cop at the same time. This dynamic keeps me up at night.

What were some of the biggest challenges you face as an ethical hacker? 

Finding time to study and stay relevant as a penetration tester while keeping up with my daily tasks. Having a strong community is how I deal with these challenges. A few of my friends and I are starting battle night, where we’re going to do round table discussions on technical topics.

I also read a lot and try to publish content on Twitter and write LinkedIn posts about cyber breaches. I share how it should be handled from my point of view. And I try to participate as much as possible in industry events and discussions. 

Tips to African tech companies on improving their security?

Change the way you approach software engineering and development. Apply “secure by design,” which is a concept where you factor in cybersecurity as you build. Most startups face cybersecurity challenges because security wasn’t prioritized in the development stage.

I would recommend that startups take security into as much consideration as they do APIs and all the components of a software product because a cyber breach will impact you financially and erode trust.