Telecom Review Africa conducted an exclusive interview with Doreen Mokoena, CEO of Cybersecurity Clinique. During the interview, she discussed CISO strategies for consistently assessing and improving organizational cybersecurity posture. Mokoena also addressed the adaptation of cybersecurity strategies to bridge the digital divide. Furthermore, as a woman actively involved in the cybersecurity field, she discussed the value and role of women in this domain, and shared her upcoming goals and plans for the future.
As a CISO, what strategies do you employ to continually assess and enhance the overall cybersecurity posture of the organizations?
I have the privilege of working across multiple domains within the organization to develop and drive our cybersecurity strategy and framework. My responsibilities include establishing security governance practices and building resilience by bolstering our cybersecurity operations. To achieve this, I stay up-to-date with the latest trends and developments and ensure that appropriate security measures are implemented and conducted regularly.
As the person responsible for validating that our organization remains compliant with cybersecurity standards, regulatory frameworks, regulations, and best practices, I understand that even with advanced defense mechanisms, employees remain the weakest link. That is why I prioritize employee training programs to mitigate risks and detect threats early. Over and above the cost-saving element, organizations can quickly reinforce a cybersecurity culture.
Every member of our team must understand the importance of cybersecurity culture. Not only does it help us to protect against cyber threats, but it also reinforces our security posture. By prioritizing cybersecurity, we not only save costs but also build a culture of safety and trust. My role cuts across multiple domains within the organizations and is instrumental in developing and driving the organization’s cybersecurity strategy and framework.
This is achieved through establishing security governance practices and building resilience by bolstering cybersecurity operations; this is heavily dependent on keeping abreast of the latest trends and developments and ensuring that appropriate security measures are implemented and conducted regularly.
How do you adapt cybersecurity strategies to bridge the digital divide and ensure comprehensive protection for individuals, regardless of their technological resources?
Despite technological and socioeconomic changes, the digital divide must be bridged through a "people-centered" approach. The digital divide affects those who have access to internet infrastructure but lack cybersecurity knowledge, as well as those who are digitally marginalized and lack digital literacy. Both groups illustrate cyber insecurity, highlighting the vital link between digital literacy and cybersecurity.
Addressing the cybersecurity digital divide requires a multistakeholder approach. Governments, research communities, private organizations, and academics must collaborate to democratize access to robust cybersecurity measures. CyberSec Clinique has initiatives like free training resources, running workshops on understanding personally identifiable data and debugging the 'consent' myth, and ensuring that individuals, children, and older people have a comprehension of the CIA Triage. These strategies seek to promote digital literacy and create pathways to providing affordable cybersecurity solutions that can empower individuals and small businesses to navigate the digital landscape securely.
In your opinion, how does the evolution of AI closely intertwine with the future of cybersecurity?
The intersection between AI and cybersecurity is massive as organizations use AI to enhance cybersecurity measures. As we embrace emerging technologies, we also need to acknowledge that the evolution of technology has introduced new threats and vulnerabilities that require advanced solutions for protection. Artificial Intelligence (AI) has become more prevalent in the fight against cyber threats. Cyber threat landscapes have become increasingly complex, which makes AI-powered incident response tools vital for analyzing attack characteristics. Most organizations use machine learning algorithms to analyze the characteristics of an attack. However, computing power and AI algorithm complexity issues still exist.
Before discussing the adoption of AI in cybersecurity, it is essential to consider ethical concerns. It is critical to use responsible AI practices and human oversight to ensure security and privacy. To be precise, AI requires data, and it is essential to understand where that data comes from, how it is processed, and what results from those processes, which will require a sense of identity and security. Understandably, many people are concerned about the security of their data. Moreover, artificial neural networks rely heavily on data, and ethical and regulatory considerations should be the top priority when dealing with sensitive and private data.
Being a woman active in the field of cybersecurity, how would you value the position and role of women in this field?
I was inspired by Penelope Garcia from the CBS hit drama "Criminal Minds." Penny is an eccentric and technologically gifted geek who works as a Technical Analyst; she excelled in a field deemed to accommodate males only and made it easy and fashionable to be in this field. Fortunately, women are making their mark in this exciting industry and breaking down barriers individually, closing the gap in gender disparity. Even though stereotypes and misconceptions persist, most organizations’ composition of their cybersecurity staff is distinctive.
I look up to Doreen Bogdan-Martin, who is the Secretary-General of the International Telecommunication Union, as well as Confidence Staveley, who is the founder of the Cyber Safe Foundation. I value both of them because of the work they're doing in the retention and advancement of women in cybersecurity, further proving that cybersecurity and tech have become more diverse, and the impact is shown in communities on a global scale.
What are your upcoming goals and plans for the future?
I have an unwavering vision of owning a massive Cybersecurity Operations Centre catering to underprivileged municipalities, hospitals, and schools across South Africa. Protecting these institutions' personal and sensitive information is paramount to me, and I am committed to ensuring that it happens.
I am currently part of several Non-Profit Organizations (NPOs) that are dedicated to code clinics, threat intelligence, regulations, and compliance. These NPOs will serve as a training ground for the next generation of Cybersecurity experts who will join me in the fight against cyber warfare.
I am in the process of creating a visually compelling security storybook for children, which will educate them about sexual grooming and the dangers of inappropriate content online. I have already begun drafting free guidelines for developing secure systems that adhere to industry-specific regulations, best practices, and policies specific to the system being developed. As a strong advocate for women in cybersecurity, I believe that we need more women in this sector. I am keenly interested in serving on the ICANN's Board of Directors as a policy advocate, where I can bring my unique perspective to the table and make a meaningful impact.
