Anna Collard is founder and Managing Director of Popcorn Training, which promotes IT and information security awareness training using innovative, story-based techniques. Collard has been working in the information security field for 15 years assisting corporates across South Africa, Europe and the US keeping their information assets safe. Collard is a Certified Information Systems professional, an ISO 27001 Implementation & Lead Auditor consultant, and a business analyst. At one time a Visa/Mastercard Qualified Security Auditor. In this interview with Heath Muchena, Collard discusses leadership, information security, challenges women face in the IT sector, and shares insights on how to establish a successful career in the tech ecosystem.
Heath: How do you balance the need for technical security solutions with the potential friction it can create for businesses?
Anna: Security’s ultimate goal is to help business stay in business and is an enabler rather than a “restrictor”. This requires security to sit at the decision maker table from day one and not just be invited as an after-thought. Many technology trends, such as mobile, cloud, AI etc will only deliver the value if the solution has been built with adequate protection. It’s a bit like the analogy of the sports-car, it can only really race fast if it has good breaks.
Where it becomes difficult is when compliance or security starts to stifle business objectives. In those cases, the business needs to make the ultimate decision, which includes taking full responsibility for and accepting any risks highlighted by the compliance or security team.
Heath: How important is it to take a business-focused view of technology in your sector? Do you recommend a business first, IT/security second approach?
Anna: I believe in applying a risk-based approach to security. This means prioritizing security controls that help protect and enable the business’s critical business processes, rather than just following a compliance drive or the latest technology trend. Sun Tzu’s Art of War “If you know the enemy and know yourself, you need not fear the result of a hundred battles” is a great analogy for this.
The first step in defending against cybercrime is getting to know both the possible threats as well as the organization’s weaknesses. Understanding what specific criminal motives might drive someone targeting your organization makes it easier to defend against. Think about the value of personal information you store, what opportunities exist to commit financial fraud or to extort a ransom payment? Who is the ideal victim within your organization and which channels might work best? What would the impact be? Questions like these allow you to identify and prioritize risks related to cybercrime.
Heath: How should IT leaders align their businesses with the need for security solutions?
Anna: The first step here is to raise awareness both amongst the IT leaders themselves as well as business decision makers and other executives about potential threats impacting their business processes. This will allow for more informed decision making when weighing up security versus functionality for example.
Heath: What’s your approach to providing information security guidance to organisations? How should risks be conveyed to boards who are not necessarily security experts?
Anna: As a security awareness company, we take internal awareness seriously. Every new joiner undergoes a rigorous induction training program, which includes all our policies and a lot of security awareness. We conduct frequent phishing simulations internally – meaning every employee will get at least one random simulated phishing email per week. People who fall for any of those have to undergo remediation training. Anyone who doesn’t take their remediation training within a week gets reported all the way up to the CEO.
In other organizations where security is not necessarily on the board’s agenda yet, I assisted in giving awareness sessions to the executives as a VIP target audience. This serves two purposes: Firstly, it raises the awareness level of the executives themselves, who are attractive targets for spear-phishing attacks. Secondly, it allows the Security team to get executive buy in and if lucky, even their involvement in further awareness campaigns across the rest of the organization. Having senior support is absolutely crucial in creating effective awareness, so this is usually the first step before starting anything else.
Heath: What KPIs or metrics do you use to measure the effectiveness of an information security program?
Anna: Measuring effectiveness of an overall security program should include different metrics for different audiences; as for example management may not necessarily understand the context of technical metrics such as vulnerabilities found, whereas they may be of value to the IT team. The metrics I’ve seen used in practice include:
- Heatmapof current threats and how the Security rates their confidence to defend against these (i.e. DDOS attacks, Advanced Persistent Threats etc.);
- Risks identified vs remediated;
- Audit findings % complete;
- Security standards assessments and health checks (i.e. against ISO 27001 standards or ISF framework or similar);
- Security Incidents and time to resolve / mitigate;
- Technical metrics, such as phishing, spam and malware blocked (in numbers), vulnerabilities found;
- Human behavior metrics.
Heath: How do you keep up with the latest security issues and methods?
Anna: I subscribe to cyber security blogs by experts such as Brian Krebs, Stu Sjouerman, and Bruce Schneier. I also follow many interesting thought leaders on LinkedIn. I’m also fortunate enough to be part of a few industry WhatsApp groups where latest news or incidents are shared. As part of our content creation process I need to research latest scams, threats or technology trends.
Heath: Is Africa ready for the exponential nature of the change and impact of the 4IR? How should ICT leaders foster this change and ready their organisations and consumers for the fast-paced change presented by technologies?
Anna: The KnowBe4 African Cyber Security Survey 2019 has shown that African’s are not prepared for cyber threats. Since security is a prerequisite for any of the new technologies that will take us into the 4IR, more work needs to be done to not just address the security skill shortage on the continent (we only have about 10000 security professionals across the whole of Africa) but to also educate the public on the potential pitfalls and risks they are exposed to, ranging from sharing too much information to being aware of mobile malware and social engineering attacks.
Heath: Women in the technology ecosystem are definitely in the minority, so why did you decide to pursue a career in tech?
Anna: I got into the cybersecurity field coincidentally, I was lucky to get a student-job at Siemens while I studied economics in Munich, Germany. They paid better than waitressing and I enjoyed the diversity and learning opportunity. Siemens also allowed me to write my thesis on the importance of information security from a business perspective back in 2001, when security was still very much a nice area.
I generally love learning new things and security requires you to learn every day as the landscape changes all the time. It’s such a fascinating field as security touches literally all the technology domains as well as the physical and human factors. There are many exciting opportunities for women in cybersecurity because of its overarching applicability.
Heath: What are some of the biggest challenges that women who want to venture in the world of technology face today?
Anna: Women sometimes tend to be less assertive as well as doubt themselves more than men do. I see this often in interviews, women too quickly highlight their shortcomings, whereas male counterparts display more confidence in tackling new challenges, even if they are not qualified yet.
As employers, we need to be aware of these subtle differences and encourage women more to take risks and trust their abilities. I always tell women who have self-doubts that if they mastered how to apply a smoky eye from watching it on YouTube, they can learn anything. Security might be complex, but it’s not rocket science and there are many areas in the field that are really interesting.
Heath: What do you think are the biggest misconceptions about working in the tech sector as a woman today?
Anna: That it is a male dominated industry. I know many successful women in the tech sector and it’s an exciting field to get into for young girls and boys alike. Women, especially mums, are generally great jugglers- a skill that is needed in a demanding industry. This is a bit of a generalization, but a lot of women have great communication and creative skills, something that is absolutely key in running security awareness programs, project or change management programs.
Empathy and listening skills, another typical female trait comes in handy when trying to communicate technology or security to end users, upper level management or executives.
Heath: What influences your leadership style and what values are important to you?
Anna: I love learning, research and innovation and I’m not a typical people’s person. This makes me a more distanced leader as I leave my team to do what they do best. I strongly believe in hiring great people and giving them the freedom to become high performers by providing the vision and some guidance but not interfering in the way they do things. Unless they need assistance of course.
Heath: Who are your role models for women in tech?
Anna: I once was lucky enough to sit next to Cathy Smith, CEO of SAP Africa on a flight. She really inspired me to remain authentic. We don’t have to be highly extroverted and loud alpha type personalities to be good leaders. Being soft-spoken, calm and relying on our female intuition is an often-underestimated superpower. Cathy reminded me of that, it was a very inspiring conversation for which I’m very grateful for.
Visit Popcorn Training
Joan Nwosu- helping entrepreneurs and corporate professionals create meaningful lives
Joan Nwosu is a serial entrepreneur, business consultant and career transition coach based in Toronto, Canada. She is the CEO of Joan Nwosu Coaching and My SoftLanding Canada, both birthed from a deep desire to help people, using her life and career experience over 20 years.
Born and bred in Lagos, Nigeria, where she spent the earlier part of her childhood. Upon completing high school, she moved to the United Kingdom in 1997, to pursue a Bachelor’s degree in Internet Computing at London Southbank University. Her journey as a career woman also emanated from the UK, where she spent a considerable amount of the first 35 years of her life. In those years, she shuffled between the UK and Nigeria.
Joan would say, “In the era where I grew up, the societal norm was to get educated, find a job, climb up the ranks, work till the age of 65, and then retire. I followed this trend and became an overachiever, often transitioning through different careers and industries.”
In a bid to find fulfilment, she said “I explored roles in Management, Consulting, Marketing, Communications, Business Development, Operations, and even Artist Management, amongst others, all to no avail. Although I enjoyed the human relations aspect of my career, some of these environments were toxic for me, and I was never satisfied. After working 20 jobs and making 6 career changes across 3 continents, I quit.”
While transitioning through careers, she noticed the void of dissatisfaction and lack of fulfilment in many professionals including herself, which led to the birth of her coaching business, Joan Nwosu Coaching (JNC). Founded in 2019, JNC is an organization that helps corporate professionals and independent entrepreneurs start, grow, and scale purpose-driven businesses they are passionate about. She said, “In just over a year of operation, we’ve helped hundreds of professionals. My experience in different fields plays a vital part in the execution of my role as the Lead Business Coach at JNC.”
In her words, “I have always had the entrepreneurial drive in me having ventured into entrepreneurship at the age of 19, and launched a total of six businesses since then; a bakery, lifestyle business, political consulting firm, an NGO, coaching practice, and an immigration consulting firm, of which the last two are still in operation today.”
In 2015, she moved to Canada and two years later, founded My SoftLanding Canada, an organization focused on helping new immigrants to comfortably settle in Canada. Today, My SoftLanding Canada has helped hundreds of Canadian immigrants transition safely and get good jobs quickly.
Over the years, she has embraced Public Speaking as an avenue to express herself, amplify her voice and message. Again, her vast professional experience has contributed immensely to her success in inspiring and motivating people through seminars, webinars, conferences, events, and other platforms.
Entrepreneurship fuels her desire to make a difference in the world through social impact. According to her, identifying voids, proffering solutions, and providing value is king.
Her purpose is to help people live full lives and not just exist. To live life on their terms doing only what they love while making a difference in the world. She believes everyone deserves to have this regardless of age, background, or environment, you too can have the life of your dreams.
Chynna Morgan – helping brands create memorable experiences using sound + music with GIF Out Loud
Chynna Morgan is the Founder at GIF Out Loud, an experiential technology startup that creates unique experiences and allows customers to spontaneously create and share your brand, sound and music. Chynna shares her story with Alaba Ayinuola of Business Africa Online.
As a young girl, I have always been a dreamer- dreaming of ideas that I can bring to life to help or shape the world that I live in. Somehow, I always knew I would be an entrepreneur, but never in a million years did I see myself in tech. I like to say; I didn’t look for tech, tech found me. In the middle of finishing my master’s in healthcare management, I suddenly had the idea to start my tech company (GIF Out Loud). I noticed the lack of shareable experiences that amplified a brand’s voice or sound that fans or consumers could interact with and share during events or brand activations.
As a professional actress, and coming from a family of musicians- I have always understood the importance of creating a storytelling experience, and how it connects with people on a deeper level especially using your voice or music. Since my childhood, I saw first-hand, the power and healing that music could bring to the world, just by listening and watching my family perform.
Historically, as an African American, music has always been a pillar of healing, whether that was bringing us through slavery or bringing us together. Because music is so powerful, I always wondered why brands were not creating full experiences to amplify their brand’s sound while simultaneously capturing analytics and data that they need, to stay in touch with their target consumer. This is why I created GIF Out Loud, we work
with brands and music artists to develop interactive, digital, and shareable experiences using music and sound during events and brand activations.
Since I started my company, we have partnered and worked with big brands such as Shell and Pennzoil, and we are currently working on some cool partnerships in the music, retail and sports industries. My goal is to partner with brands in all types of industries to create unforgettable experiences and memories that consumers would want to share using the power of sound.
When I started to immerse myself in the tech industry, I quickly realized that this space was not intended for people like me, but it was my job to be the one to help elevate this space and let our faces and brilliance be seen. I am looking forward to creating more opportunities for black people in tech and how I can tap into my heritage and create opportunities in Africa. This will help amplify Africa’s brands and most importantly, Africa’s voice all over the world.
I am more than ecstatic to be on this journey, and this only the beginning.
Visit: GIF Out Loud
Save App: Helping you share moments, send and receive distress alerts real-time
Samuel Thierry Njock is the Founder of Save, an App that helps you locate in real time, share moments, send and receive distress alerts from your family and friends. Samuel shares with Alaba Ayinuola of Business Africa Online, more about Save, what sparked the interest and the long term goals. Excerpts.
About Save App
Save App helps you locate in real time your loved ones, share moments, send and receive distress alerts.
Save is a great location sharing app for your family and friends. It’s now more easy and simple to know where the people who matter most to you are in real time, and if they are safe, even when they are far away. With Save, see in real time where your loved ones, and get easily to them, and share what you do through pictures and videos.
Save also offers health and safety features. You can:
– Display the closest hospitals and pharmacies from your location
– Send distress alerts to your loved ones in case of car crash, car breakdown, and insecurity
– Receive in real time data about health and safety issues (dangerous areas, low network in an area, other health and safety recommendations or warnings).
Since the covid19 pandemic started, we have added real time data about the spread for every country in the world, with protective measures against the virus, for users to keep them on mind all day long.
Here are your first steps on Save:
– Invite your loved ones on Save, then add them to your group
– See in real time each other’s location on the map
– Join easily each other with roads
– See live pictures and videos of your loved ones, share yours with them.
The Save project arises from the fact that Samuel works in the Northern Cameroon at the beginning of the Boko Haram crisis. His relatives are constantly worried about his safety, and his girlfriend was living in Yaoundé. There was sometimes no way of knowing in real time whether she was doing well or not, whether she was in the office or at home. Samuel then thought of creating an app, which would allow him to share his position with his relatives, publish photos and videos of what they are doing in real time, and send alerts in the event of an accident, insecurity, car breakdown.
Save has two major long-term goals:
– Allow individuals to navigate more easily and more simply towards each other, especially in the event of a perilous situation such as an accident, an insecurity problem
– Makepeopleenjoy real time location sharing: make it interesting enough for them to forget the tracking part, which most scares them as soon as they hear real time location sharing.
– Samuel Thierry Njock: Founder of Save, a 32 years old Cameroonian and holds a license degree in Management and a Masters in Finance. During his first professional experience in a brewing company, he was passionate about information systems. He is strongly influenced by Steve Jobs, who thought that technology should make it possible to do more simply what constitutes the daily life of men: to move from a place to another, to listen to music, to use a phone, etc. Samuel is great at conception and simple problem modeling, and he’s passionate about design.
– Bertrand Evina: with a master’s degree in international marketing, Bee as he is called joined Save. He attended with Samuel between 2000 and 2004. Passionate about marketing, he is at the origin of all our campaigns, and manages our online community
There are also people who intervene on an ad hoc basis, such as Thierry, the graphic designer, Jef and Stéphane, who lend a hand in development.