Program Overview

Artificial Intelligence (AI) is reshaping cybersecurity by enhancing the speed, accuracy, and predictive power of threat detection and response. For National CSIRTs, AI offers valuable opportunities to automate analysis, improve efficiency, and anticipate emerging threats. However, it also introduces new risks, including system bias, overreliance on automation, and adversarial manipulation of AI models. This presentation examines how AI-driven approaches differ from traditional methods, the benefits they bring to national cybersecurity operations, and the challenges they pose. By balancing automation with human expertise, National CSIRTs can harness AI responsibly to strengthen resilience and safeguard critical digital infrastructure.

Olgerta Prendi is specialized in offensive security operations with a focus on conduction simulated cyberattacks targeting critical national infrastructure to identify vulnerabilities and security weaknesses that could be exploited by malicious actors. She has been involved in high-profile security projects for both government and private sectors, strengthening the resilience of their IT systems against cyber-attacks.  Beyond her operational work, Olgerta is an active member of the cybersecurity community in Albania, sharing her expertise through specialized engagements, mentorship initiatives, and collaborative projects. She also serves as a founding member of CAS Algeria and is a Professional Member of Women in CyberSecurity (WiCyS), reflecting her commitment to advancing the field and empowering others in cybersecurity.

National and sectoral CSIRTs drown in alerts and uncurated intel. This session shows how to wire RTIR, MISP, and Taranis-NG into a single workflow that turns feeds into enriched events and auto-routed tickets. We’ll stand up each tool with production-safe defaults, connect them with webhooks, and enforce tagging, TLP, and dedup so handlers see fewer, higher-quality cases. Attendees leave with a working lab, config snippets, and a blueprint to automate intel intake, enrichment, ticket creation, and sharing—without buying another platform.

Luka Mafereka is an award-winning CTF player and Cybersecurity Engineer at the Lesotho Communications Authority, serving as an Incident Responder within the Ls ComCSIRT. With one year of hands-on experience in both offensive and defensive security, he specializes in incident response, threat hunting, detection engineering, and the operational use of cyber threat intelligence to strengthen national cyber resilience. He applies a strong technical foundation across penetration testing, digital forensics, malware analysis, and CTI analysis to enhance detection and response capabilities across the CSIRT. Leveraging his background in software development, Luka integrates open-source tools, automation, and structured playbooks to reduce response time and improve business continuity across critical services. He is currently pursuing the EC-Council Certified Incident Handler (ECIH) certification to further expand his incident response expertise. Passionate about cybersecurity capacity building, Luka is committed to empowering emerging cyber defenders through knowledge sharing, continuous learning, and advancing modern CSIRT practices in Lesotho and the region.

Kiprotich Mibey Amos is an IT Infrastructure and Security Specialist supporting organizations in building scalable and secure enterprise environments across Windows systems, Linux platforms, virtualization technologies, cloud services, and core network infrastructure. With extensive hands-on experience in both infrastructure engineering and security operations, he specializes in system hardening, vulnerability management, SIEM-driven monitoring, automated configuration, and incident response processes that strengthen organizational resilience.

The gap between auditors and cybersecurity practitioners often leads to misalignment between assurance and reality. This talk proposes a common language for collaboration between conformity-assessment professionals and technical incident-response teams. Using ISO/IEC 17021, 27006, 27035, and 19011 as anchors, it demonstrates how audit principles can complement operational assurance through continuous evidence-based validation. Attendees will explore methods to translate technical controls into audit-ready artifacts, align findings with maturity metrics, and enhance trust between auditors, assessors, and analysts—ultimately building a stronger, integrated ecosystem of compliance and capability.

Taher Amine is an independent information security consultant and global cybersecurity advisor with over 15 years of experience helping organizations build, govern, and defend resilient systems. As a multi-accredited auditor, certified trainer, and GRC expert, he provides leadership and guidance across information security, cybersecurity, business continuity, privacy, cloud assurance, management systems, and compliance. With 240+ certifications, multiple-time global Top-10 winner in international security and hacking competitions, and hands-on experience as a vCISO (ex-CISOx2), Taher bridges the gap between technical operations and strategic governance — aligning security with business objectives and measurable outcomes. His work spans multiple regions, industries, and frameworks — from ISO, NIST, OWASP, and CSA, to RNSI, PCI-DSS, national sectoral standards, and so much more. Known for his integrity-driven leadership, Taher combines advisory excellence with real-world operational insight, helping organizations achieve compliance, maturity, and resilience. He serves as Founding President (Chairman) of the OWASP, CSA, and CAS Algeria Chapters, and as a Global Advisory Boards Member at EC-Council, Subject Matter Expert with ISC2, and Hack The Box SME Contributor. Beyond certifications, he is driven by a mission to advance information security and cybersecurity capacity and governance across Africa, MENA, and beyond.

This workshop is designed for defenders who want to sharpen their real-world skills. Instead of theory, participants dive straight into practical scenarios that mirror how today’s attackers operate — from the very first foothold to the final stages of an intrusion. Throughout the session, we walk through the full adversary lifecycle together: initial access, payload execution, persistence mechanisms, command-and-control activity, lateral movement and data exfiltration. Each stage is supported by guided exercises using real telemetry, open-source threat intelligence and hands-on detection engineering. Participants will learn how to form investigation hypotheses, map attacker behavior to MITRE ATT&CK, craft and tune detection rules, analyze artifacts, and turn findings into clear, actionable incident reports. We also focus on how SOC and DFIR teams can work better together, especially in cloud environments or in organizations with limited resources. By the end of the workshop, participants leave with a practical, repeatable approach for spotting advanced threats earlier, responding with confidence, and strengthening their environment against future attacks.

Jamaleddine Hadini is a cybersecurity practitioner specializing in incident response, digital forensics, and SOC modernization. With more than ten years of experience supporting critical organizations, he develops resilient defense capabilities grounded in threat-informed practices, automation, and defensible architectures. His expertise spans threat hunting, detection engineering, DFIR, and OT/industrial cybersecurity. Jamaleddine holds several certifications, including SANS GCFA, SANS GRID, and CHFI, reflecting his expertise across blue-team operations. A strong advocate for capacity building in Africa, he collaborates with industry partners to strengthen regional expertise and contribute to sustainable, sovereign cyber capabilities.

This short training session is designed for CSIRT members seeking to improve the efficiency and the capabilities of their teams. The training starts with a presentation of the context of CSIRT maturity based on SIM3, and CSIRT's catalog of services using FIRST's CSIRT Framework. Based on sample target SIM3 baselines, the methodology to improve CSIRT capabilities are presented. Defining and setting-up new baselines are also presented along with as a way to set up milestones and a roadmap to enhance CSIRT maturity.

Olivier CALEFF is a FIRST Liaison member in the FIRST community, and is a member of the Board of Directors at FIRST. He has been involved in incident management and CSIRT-related organizations (FIRST, TF-CSIRT, CSIRTs Network, InterCERT-FR) since 1996. He contributed to bootstrap CSIRTs in France since 2005, and performed FIRST site visits since 2013. He is an advocate of OpenCSIRT Foundation’s SIM3 (Security Incident Management Maturity Model), and a SIM3 Certified Auditor. He also contributes to various SIGs Olivier CALEFF is currently a Cyber Resilience and CSIRT Expert at ERIUM. He previously worked for SANODI, global healthcare supplier, and CERT-FR – the French governmental CSIRT. He has been teaching security for 30 years in French and English, including the delivery of TRANSITS and FIRST security trainings. LinkedIN profile: https://www.linkedin.com/in/caleff/

Cybersecurity is a shared responsibility that requires both local engagement and global cooperation. Tunisia's approach combines public awareness initiatives and international partnerships to build a resilient digital society. Nationally, awareness campaigns target children, women, and the elderly, fostering a culture of online security. Internationally, Tunisia collaborates with partners to exchange expertise and align with global best practices. By linking local awareness with global cooperation, Tunisia is advancing toward cybersecurity excellence and a secure cyber space.

Ms Hasna TLILI Senior Administrator, National Agency for Cyber Security Joined since October 2005 I am a dedicated professional specializing in international cooperation and cybersecurity awareness. With extensive experience in leading national and international initiatives, currently serve as Head of International Cooperation in charge, fostering partnerships with governmental and non-governmental organizations, as well as industry professionals. Previously, I was in charge of cyber awareness programs, where I successfully launched impactful campaigns aimed at raising public awareness on cyber security among children, women, and the elderly as well as professionals. I participated in several events organised by UNICEF as the national campaign to fight against violence against children in collaboration with Ministry of Women, Family, Children and Seniors and designated among members in the National Action Plan to combat online violence against children . I am also a member in the steering committee of The Disrupting Harm project established by UNICEF to generate high-quality evidence on technology-facilitated sexual exploitation and abuse of children I hold a master degree in English Linguistics and literature from University of Arts and Literature in Manouba.

Cybercrime is increasingly characterized by a blurring of lines between technology-centric offenses and traditional crimes. While a division of labor between Law Enforcement (LE) and CERTs was once relevant and remains valid in some areas, the overlapping space is expanding significantly: the pursuit of criminals and their illicit funds is growing in importance. It is becoming crucial for CERTs to actively leverage policing networks. Consequently, police networks like INTERPOL are naturally moving closer to the CERT community. This presentation posits a leadership role for the CERT, proposing how policing networks (INTERPOL), key international cooperation instruments (the Budapest Convention, the UN Cybercrime Convention), and financial intelligence mechanisms (the Egmont Group) can be utilized for CERT's objectives. CERTs can proactively push information to LE to pursue criminals or actively utilize the Egmont Group through their LE partners to freeze illegally transferred funds. Projects like GLACY recognize this CERT-LE collaboration as a critical success factor. INTERPOL is committed to strengthening its cooperation with the CERT community.

Dong Uk KIM (uKim) is currently serving as the GLACY Project Coordinator in the Cybercrime Directorate of INTERPOL, dedicating his expertise to the field of cybercrime and capacity building since 2002. He previously served as a practical investigator within the Korean National Police, where he spent an extensive period working as a 24/7 cybercrime point of contact. He approaches his work with enthusiasm and a profound sense of reward, driven by the belief that genuine capacity is not delivered externally but must be created by the police agencies themselves.

This intensive session is designed for security professionals seeking practical mastery of network threat detection in environments where every second counts. Using Security Onion, participants will engage in a series of real-world labs, including automated deployment of monitoring infrastructure, replaying attack traffic, forensic malware investigations, and active alert response scenarios. Each lab is structured to simulate true-to-life incidents, giving attendees experience in configuring sensors, analyzing network data with Suricata and Zeek, leveraging Elastic and Kibana for detection, and building playbooks to automate response. Network Security Monitoring (NSM) is the backbone of modern cyber defense, providing visibility, context, and actionable intelligence when threats attempt to breach your organization. In this session, you'll learn by doing: collect evidence, pivot across data sets, and walk through the full lifecycle of incident management in a collaborative, expert-led environment. Attendees will leave confident in their ability to detect, investigate, and mitigate threats against enterprise, government, or industrial networks using the same methodologies and open-source technologies trusted by leading defenders. Guided by an experienced red team engineer and security educator, participants will walk away ready to proactively defend enterprise, government, and industrial networks against advanced threats. Whether you're a SOC analyst or a technical leader, this interactive workshop is designed to build confidence and expertise where it matters, the moment a threat emerges.

Workshop Requirements: Laptop with a browser to access the labs.

Ezeckiel B. DADJO – Cybersecurity Consultant & CSIRT Manager

Ezeckiel B. DADJO is a cybersecurity consultant and incident response specialist leading operations at Iservices CSIRT and supporting AfricaCERT’s regional coordination efforts. He focuses on threat intelligence, incident handling, and the development of CSIRT capabilities across Africa.

Ezeckiel contributes to strengthening collaboration between national teams and promoting information sharing within the African cyber defense community. Outside of work, he enjoys ambient music, AI experimentation, and reading about astrophysics and emerging technologies.

Howard Mukanda is a Senior Cybersecurity Engineer specializing in red team adversary emulation , with hands-on expertise in Network Security Monitoring (NSM), threat detection, and incident investigation across critical infrastructure environments. He holds industry-recognized certifications including CISSP, OSCP, OSEP, and CRTO, and has designed and operated advanced security labs focused on realistic attack simulation, malware analysis, and team-based incident response using Security Onion and leading open-source toolsets. Beyond his professional work, Howard is an active cybersecurity educator, delivering practical training seminars and sharing his knowledge on the I.T Security Labs YouTube channel. His tutorials and walkthroughs reach thousands of learners and working professionals, helping them build powerful detection and response skills for defending real-world systems. Howard's mission is to empower defenders through lab-driven learning and hands-on application, bridging the gap between theory and impactful security operations.

Luc Semassa Cybersecurity leader with a strong background in offensive, defensive, and governance domains, I design and implement strategic security initiatives to align organizational objectives with cybersecurity best practices. Combining hands-on expertise in penetration testing, SOC operations, incident response, and governance, I bring a comprehensive approach to information security, bridging technical depth and executive decision-making.

This intensive session is designed for security professionals seeking practical mastery of network threat detection in environments where every second counts. Using Security Onion, participants will engage in a series of real-world labs, including automated deployment of monitoring infrastructure, replaying attack traffic, forensic malware investigations, and active alert response scenarios. Each lab is structured to simulate true-to-life incidents, giving attendees experience in configuring sensors, analyzing network data with Suricata and Zeek, leveraging Elastic and Kibana for detection, and building playbooks to automate response. Network Security Monitoring (NSM) is the backbone of modern cyber defense, providing visibility, context, and actionable intelligence when threats attempt to breach your organization. In this session, you'll learn by doing: collect evidence, pivot across data sets, and walk through the full lifecycle of incident management in a collaborative, expert-led environment. Attendees will leave confident in their ability to detect, investigate, and mitigate threats against enterprise, government, or industrial networks using the same methodologies and open-source technologies trusted by leading defenders. Guided by an experienced red team engineer and security educator, participants will walk away ready to proactively defend enterprise, government, and industrial networks against advanced threats. Whether you're a SOC analyst or a technical leader, this interactive workshop is designed to build confidence and expertise where it matters, the moment a threat emerges.

Workshop Requirements: Laptop with a browser to access the labs.

Ezeckiel B. DADJO – Cybersecurity Consultant & CSIRT Manager

Ezeckiel B. DADJO is a cybersecurity consultant and incident response specialist leading operations at Iservices CSIRT and supporting AfricaCERT’s regional coordination efforts. He focuses on threat intelligence, incident handling, and the development of CSIRT capabilities across Africa.

Ezeckiel contributes to strengthening collaboration between national teams and promoting information sharing within the African cyber defense community. Outside of work, he enjoys ambient music, AI experimentation, and reading about astrophysics and emerging technologies.

Howard Mukanda is a Senior Cybersecurity Engineer specializing in red team adversary emulation , with hands-on expertise in Network Security Monitoring (NSM), threat detection, and incident investigation across critical infrastructure environments. He holds industry-recognized certifications including CISSP, OSCP, OSEP, and CRTO, and has designed and operated advanced security labs focused on realistic attack simulation, malware analysis, and team-based incident response using Security Onion and leading open-source toolsets. Beyond his professional work, Howard is an active cybersecurity educator, delivering practical training seminars and sharing his knowledge on the I.T Security Labs YouTube channel. His tutorials and walkthroughs reach thousands of learners and working professionals, helping them build powerful detection and response skills for defending real-world systems. Howard's mission is to empower defenders through lab-driven learning and hands-on application, bridging the gap between theory and impactful security operations.

Luc Semassa Cybersecurity leader with a strong background in offensive, defensive, and governance domains, I design and implement strategic security initiatives to align organizational objectives with cybersecurity best practices. Combining hands-on expertise in penetration testing, SOC operations, incident response, and governance, I bring a comprehensive approach to information security, bridging technical depth and executive decision-making.

The training will provide hands-on experience with interpreting and analysing Shadowserver datasets, using a Kibana dashboard, built on top of IntelMQ processed data. Participants will be able to access their own individual Shadowserver (training) datasets in a cloud environment in collaboration with FIRST, and gain an understanding of how to create their own Kibana Dashboards to visualize and analyse the data. As a result of the training, participants will walk away with practical knowledge on how to build their own analysis tooling and processes that they can then utilize in their own production environment.

Piotr Kijewski is the CEO and a Trustee at The Shadowserver Foundation, a non-profit organization with a mission of making the Internet a more secure environment. He also manages Shadowserver's large-scale data threat collection and sharing projects, as well as National CSIRT relationships. Piotr has over 20 years of operational experience in cybersecurity and incident response. He headed CERT.PL building up its various security data gathering and analysis projects as well as managing its anti-malware operations, including numerous botnet disruptions. Piotr is also a member of the Honeynet Project (where he has also served on the Board of Directors), a well-known and respected non-profit that is committed to the development of honeypot technologies and threat analysis. Piotr Kijewski is a member of the Management Board of The Hague Chapter of the CyberPeace Institute.

This hands-on training focuses on investigating ransomware incidents in Windows environments by correlating system artifacts with event logs to reconstruct attack timelines and understand attacker behavior. During incident response, one of the most challenging phases is the analysis stage, where investigators must correlate fragmented evidence from multiple sources under time pressure. This workshop specifically addresses that difficulty by guiding participants through the core forensic process—collection, examination, analysis, and reporting—with a focus on practical data correlation techniques.

NOTE: The training also considers the nature of ransomware incidents, where attackers may intentionally delete or tamper with logs and artifacts to hinder forensic investigation.

Yacin Djibril Waberi is the DJ-CERT Manager and a senior cybersecurity analyst who was part of the core team that established DJ-CERT. He will lead the overview of ransomware trends, attack life cycle, and MITRE ATT&CK mapping.

Chireh Mohamed Abdi is a member of the DJ-CERT DFIR (Digital Forensics and Incident Response) team, with extensive experience investigating complex cyber incidents impacting critical national operators. He will lead the technical portion of the training, guiding participants through hands-on artifact analysis and correlation to reconstruct ransomware attack timelines.

Co-founder of the Africa Forum of Incident Response and Security Teams (AfricaCERT) Jean-Robert Hountomey works as a Cybersecurity and Product Security researcher for a global technology leader with more than two decades of practice. His investigation areas include Cybersecurity Health and Maturity, Product Security, Privacy Engineering, Secure Software Development Life Cycle, Incident Management, Vulnerability Research, and Technology Policy. Mr. Hountomey contributes to the community as a co-founder of the Africa Forum of Incident Response and Security Teams (AfricaCERT) and the African Anti-Abuse Working Group. He also contributes to FIRST SIGs, CVE Outreach, AUCSEG, ISOC, ICANN, AfriNIC, AfNOG, etc... At AfricaCERT his focus covers issues and opportunities related to law, technology, Internet Governance, standards on digital security, cyber workforce, and recently ICS/OT Cybersecurity.

Most organizations say they “do CTI,” but the reality is often a few feeds in a SIEM and a PDF report no one reads. This session focuses on how to turn Cyber Threat Intelligence into something that truly drives SOC decisions, even in small or resource-constrained teams. Building on recent CTI summits and maturity models that show how essential structured, staged growth is for intelligence programs, the session walks through a simple roadmap: from basic enrichment and IOCs, to hypotheses and ATT&CK-aligned use cases, up to partnering with incident response and risk teams. Participants will see how to use lightweight CTI maturity models and open-source tooling to assess where they are today, pick the next realistic step, and avoid over-engineering. We’ll discuss concrete examples from financial, industrial and government environments: prioritizing what to track, turning local incidents into reusable intelligence, and using CTI to focus limited SOC capacity on the threats that really matter. Attendees leave with a practical blueprint to move from “feeds and reports” to an intelligence-led SOC that supports faster detection, better triage and more meaningful conversations with leadership.

Imane Bachane is the Founder and CEO of BLUESEC, where she focuses on SOC transformation, cyber governance, and intelligence-driven security operations across Africa and the Arab regions. Before creating BLUESEC, she led Cyber Threat Intelligence activities for a major banking group, helping build and align an intelligence function that directly supported detection, response, and strategic decision-making. Her expertise bridges CTI, SOC maturity, and threat-informed defense, with a strong focus on turning frameworks and models into practical workflows that real SOC teams can execute. She works with financial institutions, industrial operators, and national organizations to help them move from reactive monitoring to structured, intelligence-led operations. Imane is an active contributor to the regional cybersecurity ecosystem, advocating for sovereign, resilient, and maturity-focused SOC capabilities, and for making cyber intelligence useful, usable, and rooted in operational reality.

This session introduces the Goal, Question, Metric (GQM) Framework and how incident response teams can use it to come out with better metrics that are actionable and meaningful to both the team and external stakeholders.

Stephen Sena Yao Cudjoe-Seshie is a versatile Technology Manager with over twenty years of experience in ICT infrastructure strategy, planning, design, deployment, and operations. He is currently the Ag. Deputy Director-General at the CSA with responsibility for technical operations encompassing the national CERT operations, critical information infrastructure protection, cybersecurity technology standards development, law enforcement liaison activities, and IT services. Alongside professional certifications from ISC2, SANS and CompTIA, he holds an MBA in Engineering Management from Coventry University, UK and a Bachelor of Engineering (Hons.) in Electronics Engineering from the Multimedia University, Malaysia.

Kaleem Ahmed Usmani: I am heading the Computer Emergency Response Team of Mauritius (CERT-MU), a national CERT since May 2010. It operates under the umbrella of the National Computer Board, an autonomous body under the Ministry of Information Technology Communication and Innovation, Republic of Mauritius.

My experience of 18 years in the ICT industry spans over cybersecurity , network engineering, system administration, IT management and project implementation. Currently, I am involved in implementing the national level cybersecurity projects for Mauritius and also involved in initiating regional cybersecurity projects for IOC, SADC and COMESA region. I am the Mauritian representative to UN Group of Governmental Experts (UNGGE) on Cyber for the period 2019-2021.

Mr Abdul-Hakeem Bolade Dirisu Ajijola (AhA) is a globally respected cybersecurity and digital-governance strategist whose work spans Africa and the wider Global South. Recognised as IFSEC Global’s Number One Cybersecurity Influencer (2020), he chairs the African Union Cyber Security Expert Group (AU-CSEG), the Institute of Information Protection and Privacy (IIPP), and Consultancy Support Services (CS2) Limited in Nigeria.

At the continental level, Mr Ajijola co-authored the African Digital Compact (2024) and co-drafted the African Continental Cybersecurity Strategy (2026–2030) for the African Union Commission. His expertise also informs discussions at the United Nations Open-Ended Working Group on Security of and in the Use of Information and Communications Technologies and the United Nations Ad Hoc Committee on Cybercrime, where he has contributed to the development of global norms for responsible state behaviour in cyberspace. Previously, he served as a Commissioner of the Global Commission on the Stability of Cyberspace (GCSC), the first global multi-stakeholder body addressing cyber stability, and was the Founding Chair of the Global Forum on Cyber Expertise (GFCE) Working Group on Cyber Incident Management and Critical Infrastructure Protection. His current focus is to strengthen Africa’s cybersecurity ecosystem and to create sustainable digital jobs for young Africans under thirty-five.

Industrial cyber incidents are rarely just technical failures; organisational and cultural failures contribute to the compromise of these critical processes. The impact is felt on the balance sheet as downtime, unsafe operating conditions and regulatory exposure is felt throughout the business. This session reframes OT cyber risk as a leadership and operations discipline. We focus on how asset owners prepare their environments and their businesses from a governance, behaviours, incentives, operating procedures, third party management, and investment imperatives, so controls actually work. This is not a just a technology discussion but shows how leaders they can harden their organisation so technology supports production cyber resilience.

As managing director at Octarity, Michelle Govender partners with global cybersecurity companies to develop fit-for-purpose OT Cyber risk management solutions for industrial environments, driving innovation at the intersection of technology, processes, and organisation culture. She believes that Industrial Cybersecurity is about safeguarding cyber-physical processes that generate business value — where safety, reliability, and integrity are of the utmost importance. Her career spans roles at Eskom, where she helped shape national OT cybersecurity strategy and standards, to Deloitte Africa, where she led cyber risk strategies for Industrial environments globally. She also serves as a Board Member at the Council for Scientific and Industrial Research (CSIR), contributing to South Africa’s national science and innovation agenda.

This hands-on training delivers an end-to-end exploration of digital forensics workflows tailored to Africa's investigative realities. Participants will engage in simulated case studies, including mobile money fraud and network intrusion incidents, to practice acquisition, artifact extraction, log correlation, and forensic reporting using accessible commercial and open-source tools. The session emphasises proper chain-of-custody management, evidence encryption, and documentation aligned with international standards while addressing the infrastructure and data access challenges common across African investigations. By combining real-world lab experience from the WIUC Digital Forensics Laboratory with regionally relevant scenarios, this training equips attendees with the practical skills and frameworks needed to establish and operate forensic labs in resource-constrained environments, strengthening the region's collective forensic readiness and investigative capability.

Attendee Requirements: Laptop with at least 8GB RAM Pre-installed forensic virtual environment (Autopsy, FTK Imager, Volatility, and Python) Basic understanding of operating systems and file structures

Dunstan Guba is the Cyber Intelligence Lead at the Ghana Police Service and a Digital Forensic Analyst at the Wisconsin International University College (WIUC) Digital Forensics Laboratory, Ghana. He is also a lecturer at the Detective Training Academy of the Ghana Police Service, where he oversees instruction in cybercrime investigations and digital forensics. Dunstan plays a central role in Ghana's national cybersecurity ecosystem, leading high-impact forensic investigations, cyber intelligence operations, and inter-agency collaborations with global partners such as Meta Platforms, INTERPOL, and the FBI. He pioneered Ghana's Amber Alert partnership with Meta and serves as the Single Point of Contact (SPOC) for Meta's Law Enforcement Outreach and the FBI International Task Force in Ghana. An accomplished cybersecurity trainer and practitioner, Dunstan teaches advanced modules in Penetration Testing, OSINT Investigations, Malware Analysis, and Cyber Threat Intelligence at both university and law enforcement levels. He represented Ghana at the INTERPOL Digital Security Challenge 2025 in Kuala Lumpur, ranking third globally among experts from over 90 countries. He also hosts "Cybercrime Alert" on Ghana Police TV (DStv 362), a national program raising public awareness on digital safety and cyber resilience. Through his technical leadership and teaching, Dunstan champions responsible digital practices, capacity building, and the advancement of Africa's cyber defence capabilities.

Maxwell Selorm Amuzu is the Lab Manager for the Digital Forensics and Cybersecurity Laboratories at Wisconsin International University College (WIUC), Ghana. Home to West Africa’s first academic-based forensic facility integrating Digital Forensics, Cybersecurity, Artificial Intelligence, and VR simulation into a unified ecosystem for applied research and capacity building.

He leads WIUC’s regional collaboration with the Cyber Security Authority (CSA), law enforcement agencies, industry partners, and global bodies. His work has driven the development of Africa-specific forensic case pilots covering mobile money fraud, breach analysis, digital policy, and telecom-driven cyber investigations. Under his leadership, WIUC is advancing CREST-aligned laboratory processes and national competency frameworks for digital evidence handling.

Selorm’s focus spans technical capability development, academic-industry integration, youth talent acceleration, and the creation of a pan-African forensic research and training network. He teaches cybersecurity, digital forensics, and applied AI, and continues to lead innovation efforts shaping the next generation of cyber professionals in Ghana and across Africa.

The ransomware economy is changing, so is the experience of the victim. This webinar will cover the current threat landscape, the risks today, what’s changed, and what the threat actors are doing. We will touch briefly upon the great many resources for enterprises to prepare and work to prevent ransomware, and how to mitigate the impacts of this, but the primary focus of this webinar is to address how to engage when you are a victim. What do you do when you realize that, despite all your preparation, you are still subject to a ransomware event that is going to be your life for the foreseeable future. Who do you need to engage (boards, executives, law enforcement, regulators)? When do you communicate with each group (different stages of response, insurance, negotiators)? Which decisions need special care (insurance, ransom payment, reporting)? How should you proceed through the Four Rs (Recognize, Respond, Report, Recover)? What activities need to happen at each stage? Three Take Aways from the seminar:

1. Increased confidence in your ability to navigate ransomware complexities
2. Comprehensive view of the landscape for planning/directing response activities
3. Practical grounding to help refine preparation/mitigation efforts in your enterprise

Brian Scriber serves on the Board of Directors for the Messaging Malware Mobile Anti-Abuse Working Group (M3AAWG) and is presenting on behalf of the M3AA Foundation (m3aaf.org) through collaboration with AF-AAWG - the African Anti-Abuse Working Group regional affiliate of M3AAWG. Brian is the Chief Information Security Officer and a Distinguished Technologist at CableLabs leading the Security and Privacy Technologies. He works with technology policy, wired, and wireless networking leaders on security strategy and implementations using advanced technologies and techniques including AI, PKI, blockchains, encryption, and privacy enhancing tools. Brian brings his extensive experience in software, security, privacy, and cryptographic governance to both the economic and technical analysis activities. With a focus on protecting data and privacy across networked environments, his background also includes technical and executive leadership roles creating and protecting strategic network communications at companies including Nortel, Lockheed Martin, FedEx, and Sun Microsystems. Brian holds a B.S.E in Computer Engineering (University of Michigan) a M.S. in Computer Science (University of Colorado), and an M.B.A. in Technical Strategy (University of Colorado). Brian is an assignor on 28 patents in cyber security technology and his research publications have been widely cited.

Kaleem Ahmed Usmani: I am heading the Computer Emergency Response Team of Mauritius (CERT-MU), a national CERT since May 2010. It operates under the umbrella of the National Computer Board, an autonomous body under the Ministry of Information Technology Communication and Innovation, Republic of Mauritius.

My experience of 18 years in the ICT industry spans over cybersecurity , network engineering, system administration, IT management and project implementation. Currently, I am involved in implementing the national level cybersecurity projects for Mauritius and also involved in initiating regional cybersecurity projects for IOC, SADC and COMESA region. I am the Mauritian representative to UN Group of Governmental Experts (UNGGE) on Cyber for the period 2019-2021.

Sachindra Reechaye: With over 17 years of experience as Cybersecurity Consultant and Ag. Head at the National CERT of Mauritius, I have been shouldering diverse roles and responsibilities at the Management and Operational level with the aim of countering the evolving Cyberthreat Landscape. My duty consists of devising and implementing methods, strategies and procedures to minimize Cybersecurity risks and coming up with appropriate preparedness plans in the fight against Cybercrime for government and the private sector. My engagements include assistance in overlooking and coordinating CERT-MU operations, Managing the National Security Operations Centre (SOC) Drafting of the National Cybersecurity and Cybercrime Act 2021, Concept development of setting up the Senegalese National CERT, Coordination and, Building Capacity for Professionals globally in the area of Cybersecurity through International Telecommunication Union's (ITU) Centre of Excellence, Organisation of Local and International Cybersecurity drills, Development of National Cybersecurity & Cybercrime Strategy among others. I also had the privilege to share my expertise regionally and at the international level in collaboration with entities such as Council of Europe, SADC, ITU, AfricaCERT and Interpol in areas such as Capacity Building, Enhancement of Incident Response Capabilities, Information Sharing, Setting up National CERTs and Organization of Cyber Exercises, Public and Private Partnership and International Collaboration among others.

Coordinated Vulnerability Disclosure (CVD) is a process of gathering, coordinating, and disclosing of vulnerability information. As the world becomes more interdependent, the importance of CVD is increasing rapidly. Its importance is widely being recognized by different stakeholders around the globe today - E.g., the new EU regulation requires CVD readiness and processes to be implemented. With such situation, a large number of new players are expected to enter the CVD ecosystem, and Africa and Arab region is no exception. As a Coordinator, JPCERT/CC has been conducting CVD for over 20 years. The organization also has been making efforts to promote and adopt CVD, both domestically and internationally, and considers this opportunity to present as a chance to communicate CVD and welcome new Africa and Arab stakeholders into the CVD ecosystem. In this presentation, the CVD basics, JPCERT/CC's CVD and the related activities, and the CVD framework of Japan will be explained. Also, particularly for, but not limited to the start-ups, information such as the essential points when getting started with CVD, and JPCERT/CC's experiences, including the challenges and lessons learned through maintaining its CVD program, will be shared.

Koichiro "Sparky" Komiyama is the Director of the Global Coordination Division at JPCERT/CC, the Japanese Computer Emergency Response Team. His current focus are norms in cyberspace, confidence building and capacity building in developing countries.

He has worked as a security analyst and led the gathering of security information and publishing multiple security alerts and advisories at JPCERT/CC. Prior to joining JPCERT/CC, he worked as a systems engineer for Internet Security Systems (IBM ISS), where he was in charge of enterprise IDS/IPS system operations.

In 2014-2018, he served as a member of the Board of Directors of FIRST, the global Forum for Incident Response and Security Teams. From 2017, he also works for the Global Commission on the Stability of Cyberspace, a multi-stakeholder forum aims to propose norms and policies to enhance international security and stability. He holds a Ph.D. in Media ang Governance from Keio University.

Africa’s digital future depends not only on connectivity, but on trust, sovereignty, and resilience. This presentation introduces the White Paper “Sovereign by Design: Africa’s Data Security Governance Playbook – Advancing Data Sovereignty, Security, Resilience & Trust for Africa’s Digital-Intelligence Era.” It outlines an actionable policy-to-practice framework for embedding data sovereignty within Africa’s cybersecurity and digital governance architecture. The session explores how African nations can translate national strategies and continental norms, including the AU Digital Transformation Strategy, the Malabo Convention, and emerging regional instruments, into operational data security governance systems. It highlights approaches for aligning cybersecurity, data protection, and digital trade regimes to ensure both economic competitiveness and strategic autonomy. Participants will gain practical insights into:

• The Data Security Governance Quadrant, linking policy coherence, institutional capacity, technological assurance, and local value creation.
• Pathways to finance and operationalise cybersecurity as a sustainable economic sub-sector.
• Lessons from national and regional case studies demonstrating trust-based data collaboration across borders.

Mr Abdul-Hakeem Bolade Dirisu Ajijola (AhA) is a globally respected cybersecurity and digital-governance strategist whose work spans Africa and the wider Global South. Recognised as IFSEC Global’s Number One Cybersecurity Influencer (2020), he chairs the African Union Cyber Security Expert Group (AU-CSEG), the Institute of Information Protection and Privacy (IIPP), and Consultancy Support Services (CS2) Limited in Nigeria.

At the continental level, Mr Ajijola co-authored the African Digital Compact (2024) and co-drafted the African Continental Cybersecurity Strategy (2026–2030) for the African Union Commission. His expertise also informs discussions at the United Nations Open-Ended Working Group on Security of and in the Use of Information and Communications Technologies and the United Nations Ad Hoc Committee on Cybercrime, where he has contributed to the development of global norms for responsible state behaviour in cyberspace. Previously, he served as a Commissioner of the Global Commission on the Stability of Cyberspace (GCSC), the first global multi-stakeholder body addressing cyber stability, and was the Founding Chair of the Global Forum on Cyber Expertise (GFCE) Working Group on Cyber Incident Management and Critical Infrastructure Protection. His current focus is to strengthen Africa’s cybersecurity ecosystem and to create sustainable digital jobs for young Africans under thirty-five.

The rapid expansion of digital technologies is redefining the interface between Information Technology (IT) and Operational Technology (OT) systems. Historically, these domains functioned independently, resulting in isolated architectures and complex management challenges. However, increasing customer expectations and the necessity for efficient, personalized production workflows have placed digital innovation at the forefront of manufacturing strategies. While these developments pave the way for enhanced operational efficiencies, they also introduce new cybersecurity concerns. Effectively securing these interconnected environments from cyber threats represents a critical concern for Chief Information Security Officers (CISOs) globally.

As industries increasingly embrace digitization, critical infrastructure is now woven into unified digital ecosystems, thereby expanding the potential attack surface. The fundamental differences between OT and IT systems often mean that IT-centric security approaches are insufficient for OT settings.

Focus areas.

• Common Threats: Key attack vectors and actionable solutions.
• Applicable laws and regulations
• Common Pushbacks and solutions
• Strategies to reduce vulnerabilities and enhance cyber resilience.
• Standardized frameworks and essential layers of defence.
• Avoiding Common Pitfalls
• Lessons learned from CISOs, including strategic investments to address • and ensure long-term resilience. • Cyber Security Insurance Issues

Target Audience: CISOs, CIOs, OT professionals, and Critical infrastructure teams from Energy, Manufacturing, Health industries, and so forth.

Sithembile Songo has been crowned as the Cyber leader of the year 2024 in Africa, CISO of the year 2024, one of the 50 Top of Mind Global Executives, Top 50 cyber professionals, Top 50 manufacturing leaders, Top 100 global women in cybersecurity, international speaker, Top 100 influential women, mentor and is serving as a member of the board and advisory board member. She holds a Master of Science in Information Security from the University of London. She has spoken at major local, national and global IT and cyber security conferences. She has been specializing in information security for more than 20 years now and her experience is augmented by several executive leadership roles in both public and private sectors, including Financial, Telecom, Public Sector, Consulting firm, Energy sector and other State-owned entities.

Sithembile currently works as the Chief Information Security Officer, CISO, heading the information security pillar at the state-owned energy entity, which produce 95% of South Africa’s electricity. Her strategic role primarily focuses on protecting the national critical infrastructure from potential cyber-attacks, thus preventing a negative impact on the economy. She also enables secure business operations, including secure generation, transmission, and distribution of electricity, which depend on operational technology (OT) that largely depends on secured computer networks and systems to produce electricity.

Enhancement of Cybersecurity Ecosystems though Third-party Cyber Risk Management and Collaboration (TLP: CLEAR) Cybersecurity is no longer confined within organizational boundaries as it extends across interconnected networks of partners and suppliers. Third-party vendors significantly expand the attack surface, making effective risk management critical for organizational resilience. This presentation and discussion shares strategies for mitigating these risks through structured assessment, continuous monitoring, and collaborative frameworks. By leveraging shared threat intelligence, standardized security practices, and coordinated incident response, organizations can strengthen their collective defense against evolving cyber threats. The presentation underscores the importance of transparency, automation, and trust in building resilient supply chains against sophisticated cyber threats.

Cornelia Shipindo is currently the Acting Executive: NAM-CSIRT (Namibia Cybersecurity Incident Response Team) operating under (CRAN) Communication Regulatory Authority of Namibia. Ms. Shipindo is a seasoned Cybersecurity and ICT professional with over 13 years of experience across governmental, regulatory, and private sector. As a Certified Information Systems Auditor, she specializes in IT Risk & Compliance, Cybersecurity Strategy and Awareness, and Data Protection. Though the national CSIRT, Cornelia is committed to strengthening Namibia’s digital resilience and advancing national cybersecurity index through online safety & awareness advocacy, collaboration and partnerships, capacity building and commitment to regional and international affiliations such as FIRST, AFRICA-CERT, SADC(SR-CIRT), GFCE, and ITU Academy participation.

In today’s digital-first world, attackers increasingly log in with stolen credentials rather than breaking through firewalls. This shift makes identity the foundation of cybersecurity. Every digital interaction, whether accessing enterprise systems or public services, begins with identity. As organizations and governments expand digital services, protecting identities - human and non-human - has become a national and organizational priority. Managing and securing those identities is the foundation of cybersecurity.

Kuleni Tamerat is a Senior Vice President of Cybersecurity at a Fortune 500 company based in the United States. She specializes in Identity Management, Privacy & Data Protection and Vulnerability Management, leading enterprise-wide strategies that secure digital identities, protect sensitive data and mitigate vulnerabilities across complex global environments. Kuleni is passionate about reimagining cybersecurity and developing new ways to secure organizations. She champions forward-thinking approaches that anticipate emerging threats while ensuring identity remains the cornerstone of a secure and thriving digital ecosystem.

Threat Actor Engagement is the process of engaging with cybercriminals in order to better manage the risk of a digital extortion attack – usually ransomware. Neil will describe the TAE capability encompassing OpSec, Ransom Negotiation (the 6 Objectives), Sanctions Checks, Ransom Settlement and Cryptocurrency Tracing. With a focus on negotiation techniques, Using case studies from real incidents, Neil will explain the benefits and the pitfalls of TAE and why the discipline can significantly assist a victim organisation, regardless of whether settlement is made.

Neil Hare-Brown is the Chief Executive Officer of STORM Guidance, a specialist advisory firm in cyber investigations and risk management. With over 40 years of experience spanning law enforcement, military, and commercial sectors.

As author, keynote speaker and expert on UK TV programmes, Neil is recognised as one of the UK’s pioneers in cyber incident response and digital investigations. Founder of the UK’s first commercial digital investigations team in 1996 and architect of the CyberCare Incident Response service, Neil has led thousands of complex investigations, negotiated major ransom cases, and helped organisations recover from serious cyber incidents.

An innovator in cyber risk management, Neil has developed leading methodologies to assess and measure Cyber Risk Management Maturity (CRMM) across industries. With an MSc in Information Security Management from Royal Holloway University, he continues to advise C-level executives globally - including Mauritius, where STORM Guidance actively supports organisations to strengthen resilience, enhance governance, and transform cyber risk into a successful business capability.

WHOIS is an indispensable tool for Incident Response Teams (IRTs) in their e(orts to identify, track, and mitigate cyber threats. IRTs frequently initiate their investigations with a WHOIS lookup, finding it the quickest and most useful method for obtaining critical ownership and registration details of an IP address involved in a security incident.

Session Objectives: This session will provide a comprehensive look at utilizing WHOIS data by:

1. Exploring the capabilities of the WHOIS protocol for gathering information about Internet Number Resources.
2. Covering how to use WHOIS records to pinpoint registration details, including administrative and technical contacts.
3. Discussing the practical applications of WHOIS lookups for understanding the infrastructure underpinning online resources.
4. Touching upon the use of historical WHOIS data to monitor changes in registration information over time.
5. Reviewing the different WHOIS clients available for use. By the end of this session, attendees will be proficient in effectively utilizing publicly available WHOIS data for various informational and investigative purposes.

Madhvi Gokool, Senior IP Resource Specialist at AFRINIC Since July 2010, Madhvi has held several key positions at AFRINIC, including Senior IP Analyst, Registration Services Manager, and currently serves as Senior IP Resource Specialist. Her responsibilities have encompassed extensive engagement with the African Internet community regarding policy development, the onboarding of organisations to get and manage Internet Number Resources, and the promotion of services offered by AFRINIC. Madhvi possesses an MBA degree from Open University Mauritius and a Bsc Electronic Engineering degree from the University of Natal, South Africa. Prior to joining AFRINIC in 2010, she accumulated ten years of experience in the ICT sector, initially as a Network & Systems Administrator and subsequently as a Manager for a prominent conglomerate in Mauritius.