Anna Collard is founder and Managing Director of Popcorn Training, which promotes IT and information security awareness training using innovative, story-based techniques. Collard has been working in the information security field for 15 years assisting corporates across South Africa, Europe and the US keeping their information assets safe. Collard is a Certified Information Systems professional, an ISO 27001 Implementation & Lead Auditor consultant, and a business analyst. At one time a Visa/Mastercard Qualified Security Auditor. In this interview with Heath Muchena, Collard discusses leadership, information security, challenges women face in the IT sector, and shares insights on how to establish a successful career in the tech ecosystem.
Heath: How do you balance the need for technical security solutions with the potential friction it can create for businesses?
Anna: Security’s ultimate goal is to help business stay in business and is an enabler rather than a “restrictor”. This requires security to sit at the decision maker table from day one and not just be invited as an after-thought. Many technology trends, such as mobile, cloud, AI etc will only deliver the value if the solution has been built with adequate protection. It’s a bit like the analogy of the sports-car, it can only really race fast if it has good breaks.
Where it becomes difficult is when compliance or security starts to stifle business objectives. In those cases, the business needs to make the ultimate decision, which includes taking full responsibility for and accepting any risks highlighted by the compliance or security team.
Heath: How important is it to take a business-focused view of technology in your sector? Do you recommend a business first, IT/security second approach?
Anna: I believe in applying a risk-based approach to security. This means prioritizing security controls that help protect and enable the business’s critical business processes, rather than just following a compliance drive or the latest technology trend. Sun Tzu’s Art of War “If you know the enemy and know yourself, you need not fear the result of a hundred battles” is a great analogy for this.
The first step in defending against cybercrime is getting to know both the possible threats as well as the organization’s weaknesses. Understanding what specific criminal motives might drive someone targeting your organization makes it easier to defend against. Think about the value of personal information you store, what opportunities exist to commit financial fraud or to extort a ransom payment? Who is the ideal victim within your organization and which channels might work best? What would the impact be? Questions like these allow you to identify and prioritize risks related to cybercrime.
Heath: How should IT leaders align their businesses with the need for security solutions?
Anna: The first step here is to raise awareness both amongst the IT leaders themselves as well as business decision makers and other executives about potential threats impacting their business processes. This will allow for more informed decision making when weighing up security versus functionality for example.
Heath: What’s your approach to providing information security guidance to organisations? How should risks be conveyed to boards who are not necessarily security experts?
Anna: As a security awareness company, we take internal awareness seriously. Every new joiner undergoes a rigorous induction training program, which includes all our policies and a lot of security awareness. We conduct frequent phishing simulations internally – meaning every employee will get at least one random simulated phishing email per week. People who fall for any of those have to undergo remediation training. Anyone who doesn’t take their remediation training within a week gets reported all the way up to the CEO.
In other organizations where security is not necessarily on the board’s agenda yet, I assisted in giving awareness sessions to the executives as a VIP target audience. This serves two purposes: Firstly, it raises the awareness level of the executives themselves, who are attractive targets for spear-phishing attacks. Secondly, it allows the Security team to get executive buy in and if lucky, even their involvement in further awareness campaigns across the rest of the organization. Having senior support is absolutely crucial in creating effective awareness, so this is usually the first step before starting anything else.
Heath: What KPIs or metrics do you use to measure the effectiveness of an information security program?
Anna: Measuring effectiveness of an overall security program should include different metrics for different audiences; as for example management may not necessarily understand the context of technical metrics such as vulnerabilities found, whereas they may be of value to the IT team. The metrics I’ve seen used in practice include:
- Heatmapof current threats and how the Security rates their confidence to defend against these (i.e. DDOS attacks, Advanced Persistent Threats etc.);
- Risks identified vs remediated;
- Audit findings % complete;
- Security standards assessments and health checks (i.e. against ISO 27001 standards or ISF framework or similar);
- Security Incidents and time to resolve / mitigate;
- Technical metrics, such as phishing, spam and malware blocked (in numbers), vulnerabilities found;
- Human behavior metrics.
Heath: How do you keep up with the latest security issues and methods?
Anna: I subscribe to cyber security blogs by experts such as Brian Krebs, Stu Sjouerman, and Bruce Schneier. I also follow many interesting thought leaders on LinkedIn. I’m also fortunate enough to be part of a few industry WhatsApp groups where latest news or incidents are shared. As part of our content creation process I need to research latest scams, threats or technology trends.
Heath: Is Africa ready for the exponential nature of the change and impact of the 4IR? How should ICT leaders foster this change and ready their organisations and consumers for the fast-paced change presented by technologies?
Anna: The KnowBe4 African Cyber Security Survey 2019 has shown that African’s are not prepared for cyber threats. Since security is a prerequisite for any of the new technologies that will take us into the 4IR, more work needs to be done to not just address the security skill shortage on the continent (we only have about 10000 security professionals across the whole of Africa) but to also educate the public on the potential pitfalls and risks they are exposed to, ranging from sharing too much information to being aware of mobile malware and social engineering attacks.
Heath: Women in the technology ecosystem are definitely in the minority, so why did you decide to pursue a career in tech?
Anna: I got into the cybersecurity field coincidentally, I was lucky to get a student-job at Siemens while I studied economics in Munich, Germany. They paid better than waitressing and I enjoyed the diversity and learning opportunity. Siemens also allowed me to write my thesis on the importance of information security from a business perspective back in 2001, when security was still very much a nice area.
I generally love learning new things and security requires you to learn every day as the landscape changes all the time. It’s such a fascinating field as security touches literally all the technology domains as well as the physical and human factors. There are many exciting opportunities for women in cybersecurity because of its overarching applicability.
Heath: What are some of the biggest challenges that women who want to venture in the world of technology face today?
Anna: Women sometimes tend to be less assertive as well as doubt themselves more than men do. I see this often in interviews, women too quickly highlight their shortcomings, whereas male counterparts display more confidence in tackling new challenges, even if they are not qualified yet.
As employers, we need to be aware of these subtle differences and encourage women more to take risks and trust their abilities. I always tell women who have self-doubts that if they mastered how to apply a smoky eye from watching it on YouTube, they can learn anything. Security might be complex, but it’s not rocket science and there are many areas in the field that are really interesting.
Heath: What do you think are the biggest misconceptions about working in the tech sector as a woman today?
Anna: That it is a male dominated industry. I know many successful women in the tech sector and it’s an exciting field to get into for young girls and boys alike. Women, especially mums, are generally great jugglers- a skill that is needed in a demanding industry. This is a bit of a generalization, but a lot of women have great communication and creative skills, something that is absolutely key in running security awareness programs, project or change management programs.
Empathy and listening skills, another typical female trait comes in handy when trying to communicate technology or security to end users, upper level management or executives.
Heath: What influences your leadership style and what values are important to you?
Anna: I love learning, research and innovation and I’m not a typical people’s person. This makes me a more distanced leader as I leave my team to do what they do best. I strongly believe in hiring great people and giving them the freedom to become high performers by providing the vision and some guidance but not interfering in the way they do things. Unless they need assistance of course.
Heath: Who are your role models for women in tech?
Anna: I once was lucky enough to sit next to Cathy Smith, CEO of SAP Africa on a flight. She really inspired me to remain authentic. We don’t have to be highly extroverted and loud alpha type personalities to be good leaders. Being soft-spoken, calm and relying on our female intuition is an often-underestimated superpower. Cathy reminded me of that, it was a very inspiring conversation for which I’m very grateful for.
Visit Popcorn Training
Alassane Sakho: The Senegalese Serial Entrepreneur
Alassane Sakho is a young and brilliant Senegalese entrepreneur, Telecommunications engineer specialized in the Technical-Commercial field, He founded KALIMO GROUP in January 2023, with the ambition to contribute to the development of Senegal. A graduate of ESMT in Dakar, Alassane is passionate about sales, ICT, Mobile Money and real estate. He began his career in 2010 with the Orange Money Senegal and Orange Business Service projects. Later, he joined large real estate companies as a commercial developer, (SIPRES SA, SENEGINDIA, TEYLIUM Group and the company Fimolux, where he held the position of General Manager of the commercial subsidiary.
Alassane Sakho has also supported many Senegalese and international companies in their development in Senegal, including Wizall Money, ATPS, MOODS, etc. Its vision extends beyond national borders, initially targeting West Africa, with projects planned in Mali, Gambia, Guinea and Côte d’Ivoire, before expanding to other parts of the continent.
Kalimo is involved in various areas of activity, including real estate development, digital communication, sales, rental and asset management, construction, training, advice and assistance. In addition, the company plans to enter the film industry, with its subsidiary K7film, which will produce short and feature films, animated films, corporate communication, documentaries, etc.
Apart from his professional activities, Alassane SAKHO is involved in sports, especially football. He coaches youngsters from 8 to 20 years old and has the honour of winning the “Universal Youth Cup” tournament in 2019 in Italy, against big clubs such as Inter Milan, Ajax Amsterdam, Atletico Madrid and AC Milan. Its main objective is to consolidate Kalimo’s presence in Africa and to help foreign companies wishing to set up in Senegal.
Finally, its digital team is ready to help companies or public figures increase their notoriety and visibility on social media. Other areas of activity, such as agribusiness and mass distribution, are currently being explored.
Violaine SAGNA: African Circular Designer
Violaine SAGNA emerges as the rising designer to watch, bringing her expertise from the world of large international groups, to a new creative horizon at the service of women’s development, social inclusion, beauty and authenticity. Atelier 22B is committed to celebrating West Africa’s cultural heritage, supporting the sustainable development of communities of women artisans, and offering innovative, elegant and responsible objects.
Each creation is the result of a harmonious collaboration, where artisanal skills meet the creative vision of Violaine Beh Sagna. In this approach, Atelier 22B ensures fair remuneration and we invest in an innovative way in mutual health insurance for these women, thus guaranteeing their well-being.
Violaine Beh Sagna breathes a unique dimension into Atelier 22B through limited-edition capsule collections. Each piece tells a story, full of meaning, excellence and aesthetics. These creations, to be discovered urgently, redefine the world of African design with a minimalist and singular aesthetic.
Explore the captivating world of Atelier 22B, where each creation is a living testimony to the union between beauty, goodness, and happiness, contributing to the innovative vision of contemporary African design led by Violaine Beh Sagna.
FindMe is making postal addressing accessible in Africa
FindMe was launched in 2020 to solve the problem of postal addressing in Africa by Cameroonian entrepreneur Brandon WANGUEP and his associates. The application allows you to create a standardized address in a matter of minutes. Currently based in Dakar, Brandon seeks to expand his activities to other countries on the continent. FindMe allows you to generate a postal address for a home or business in two (2) minutes.
According to Brandon WANGUEP: “One of my friends lived through an ordeal during a trip to Congo, spending more than 45 minutes looking for the Cameroonian embassy with Google Maps. I met a friend who lost her father because the ambulance couldn’t find her home in time, despite all the directions provided. I wanted to create an innovative project that would have a major and positive impact on society.”
The way the app works is simple. All you have to do is take a photo of your home or office, which will allow the delivery person to recognize it when making a delivery. If necessary, the user can also add the location number. Then, by hovering the red pointer over their living area via Google Maps, they can pinpoint the exact location. Then, all they have to do is order their address plate for installation.
FindMe has improved the quality of service of Poste Senegal, one of the start-up’s partners (along with Google Maps and TomTom). “FindMe makes it much easier to pinpoint the precise location of streets for mail and parcel delivery and our commitments are now able to be fulfilled much more quickly,” says Fatou Mbaye, project coordinator at Senegal Post.