Program Overview

Olivier CALEFF is a FIRST Liaison member in the FIRST community, and is a member of the Board of Directors at FIRST. He has been involved in incident management and CSIRT-related organizations (FIRST, TF-CSIRT, CSIRTs Network, InterCERT-FR) since 1996. He contributed to bootstrap CSIRTs in France since 2005, and performed FIRST site visits since 2013. He is an advocate of OpenCSIRT Foundation’s SIM3 (Security Incident Management Maturity Model), and a SIM3 Certified Auditor. He also contributes to various SIGs Olivier CALEFF is currently a Cyber Resilience and CSIRT Expert at ERIUM. He previously worked for SANODI, global healthcare supplier, and CERT-FR – the French governmental CSIRT. He has been teaching security for 30 years in French and English, including the delivery of TRANSITS and FIRST security trainings. LinkedIN profile: https://www.linkedin.com/in/caleff/

This intensive session is designed for security professionals seeking practical mastery of network threat detection in environments where every second counts. Using Security Onion, participants will engage in a series of real-world labs, including automated deployment of monitoring infrastructure, replaying attack traffic, forensic malware investigations, and active alert response scenarios. Each lab is structured to simulate true-to-life incidents, giving attendees experience in configuring sensors, analyzing network data with Suricata and Zeek, leveraging Elastic and Kibana for detection, and building playbooks to automate response. Network Security Monitoring (NSM) is the backbone of modern cyber defense, providing visibility, context, and actionable intelligence when threats attempt to breach your organization. In this session, you'll learn by doing: collect evidence, pivot across data sets, and walk through the full lifecycle of incident management in a collaborative, expert-led environment. Attendees will leave confident in their ability to detect, investigate, and mitigate threats against enterprise, government, or industrial networks using the same methodologies and open-source technologies trusted by leading defenders. Guided by an experienced red team engineer and security educator, participants will walk away ready to proactively defend enterprise, government, and industrial networks against advanced threats. Whether you're a SOC analyst or a technical leader, this interactive workshop is designed to build confidence and expertise where it matters, the moment a threat emerges.

Workshop Requirements: Laptop with a browser to access the labs.

Ezeckiel B. DADJO – Cybersecurity Consultant & CSIRT Manager

Ezeckiel B. DADJO is a cybersecurity consultant and incident response specialist leading operations at Iservices CSIRT and supporting AfricaCERT’s regional coordination efforts. He focuses on threat intelligence, incident handling, and the development of CSIRT capabilities across Africa.

Ezeckiel contributes to strengthening collaboration between national teams and promoting information sharing within the African cyber defense community. Outside of work, he enjoys ambient music, AI experimentation, and reading about astrophysics and emerging technologies.

Howard Mukanda is a Senior Cybersecurity Engineer specializing in red team adversary emulation , with hands-on expertise in Network Security Monitoring (NSM), threat detection, and incident investigation across critical infrastructure environments. He holds industry-recognized certifications including CISSP, OSCP, OSEP, and CRTO, and has designed and operated advanced security labs focused on realistic attack simulation, malware analysis, and team-based incident response using Security Onion and leading open-source toolsets. Beyond his professional work, Howard is an active cybersecurity educator, delivering practical training seminars and sharing his knowledge on the I.T Security Labs YouTube channel. His tutorials and walkthroughs reach thousands of learners and working professionals, helping them build powerful detection and response skills for defending real-world systems. Howard's mission is to empower defenders through lab-driven learning and hands-on application, bridging the gap between theory and impactful security operations.

Luc Semassa Cybersecurity leader with a strong background in offensive, defensive, and governance domains, I design and implement strategic security initiatives to align organizational objectives with cybersecurity best practices. Combining hands-on expertise in penetration testing, SOC operations, incident response, and governance, I bring a comprehensive approach to information security, bridging technical depth and executive decision-making.

This intensive session is designed for security professionals seeking practical mastery of network threat detection in environments where every second counts. Using Security Onion, participants will engage in a series of real-world labs, including automated deployment of monitoring infrastructure, replaying attack traffic, forensic malware investigations, and active alert response scenarios. Each lab is structured to simulate true-to-life incidents, giving attendees experience in configuring sensors, analyzing network data with Suricata and Zeek, leveraging Elastic and Kibana for detection, and building playbooks to automate response. Network Security Monitoring (NSM) is the backbone of modern cyber defense, providing visibility, context, and actionable intelligence when threats attempt to breach your organization. In this session, you'll learn by doing: collect evidence, pivot across data sets, and walk through the full lifecycle of incident management in a collaborative, expert-led environment. Attendees will leave confident in their ability to detect, investigate, and mitigate threats against enterprise, government, or industrial networks using the same methodologies and open-source technologies trusted by leading defenders. Guided by an experienced red team engineer and security educator, participants will walk away ready to proactively defend enterprise, government, and industrial networks against advanced threats. Whether you're a SOC analyst or a technical leader, this interactive workshop is designed to build confidence and expertise where it matters, the moment a threat emerges.

Workshop Requirements: Laptop with a browser to access the labs.

Ezeckiel B. DADJO – Cybersecurity Consultant & CSIRT Manager

Ezeckiel B. DADJO is a cybersecurity consultant and incident response specialist leading operations at Iservices CSIRT and supporting AfricaCERT’s regional coordination efforts. He focuses on threat intelligence, incident handling, and the development of CSIRT capabilities across Africa.

Ezeckiel contributes to strengthening collaboration between national teams and promoting information sharing within the African cyber defense community. Outside of work, he enjoys ambient music, AI experimentation, and reading about astrophysics and emerging technologies.

Howard Mukanda is a Senior Cybersecurity Engineer specializing in red team adversary emulation , with hands-on expertise in Network Security Monitoring (NSM), threat detection, and incident investigation across critical infrastructure environments. He holds industry-recognized certifications including CISSP, OSCP, OSEP, and CRTO, and has designed and operated advanced security labs focused on realistic attack simulation, malware analysis, and team-based incident response using Security Onion and leading open-source toolsets. Beyond his professional work, Howard is an active cybersecurity educator, delivering practical training seminars and sharing his knowledge on the I.T Security Labs YouTube channel. His tutorials and walkthroughs reach thousands of learners and working professionals, helping them build powerful detection and response skills for defending real-world systems. Howard's mission is to empower defenders through lab-driven learning and hands-on application, bridging the gap between theory and impactful security operations.

Luc Semassa Cybersecurity leader with a strong background in offensive, defensive, and governance domains, I design and implement strategic security initiatives to align organizational objectives with cybersecurity best practices. Combining hands-on expertise in penetration testing, SOC operations, incident response, and governance, I bring a comprehensive approach to information security, bridging technical depth and executive decision-making.

Piotr Kijewski is the CEO and a Trustee at The Shadowserver Foundation, a non-profit organization with a mission of making the Internet a more secure environment. He also manages Shadowserver's large-scale data threat collection and sharing projects, as well as National CSIRT relationships. Piotr has over 20 years of operational experience in cybersecurity and incident response. He headed CERT.PL building up its various security data gathering and analysis projects as well as managing its anti-malware operations, including numerous botnet disruptions. Piotr is also a member of the Honeynet Project (where he has also served on the Board of Directors), a well-known and respected non-profit that is committed to the development of honeypot technologies and threat analysis. Piotr Kijewski is a member of the Management Board of The Hague Chapter of the CyberPeace Institute.

This session introduces the Goal, Question, Metric (GQM) Framework and how incident response teams can use it to come out with better metrics that are actionable and meaningful to both the team and external stakeholders.

Stephen Sena Yao Cudjoe-Seshie is a versatile Technology Manager with over twenty years of experience in ICT infrastructure strategy, planning, design, deployment, and operations. He is currently the Ag. Deputy Director-General at the CSA with responsibility for technical operations encompassing the national CERT operations, critical information infrastructure protection, cybersecurity technology standards development, law enforcement liaison activities, and IT services. Alongside professional certifications from ISC2, SANS and CompTIA, he holds an MBA in Engineering Management from Coventry University, UK and a Bachelor of Engineering (Hons.) in Electronics Engineering from the Multimedia University, Malaysia.

Kaleem Ahmed Usmani: I am heading the Computer Emergency Response Team of Mauritius (CERT-MU), a national CERT since May 2010. It operates under the umbrella of the National Computer Board, an autonomous body under the Ministry of Information Technology Communication and Innovation, Republic of Mauritius.

My experience of 18 years in the ICT industry spans over cybersecurity , network engineering, system administration, IT management and project implementation. Currently, I am involved in implementing the national level cybersecurity projects for Mauritius and also involved in initiating regional cybersecurity projects for IOC, SADC and COMESA region. I am the Mauritian representative to UN Group of Governmental Experts (UNGGE) on Cyber for the period 2019-2021.

Industrial cyber incidents are rarely just technical failures; organisational and cultural failures contribute to the compromise of these critical processes. The impact is felt on the balance sheet as downtime, unsafe operating conditions and regulatory exposure is felt throughout the business. This session reframes OT cyber risk as a leadership and operations discipline. We focus on how asset owners prepare their environments and their businesses from a governance, behaviours, incentives, operating procedures, third party management, and investment imperatives, so controls actually work. This is not a just a technology discussion but shows how leaders they can harden their organisation so technology supports production cyber resilience.

As managing director at Octarity, Michelle Govender partners with global cybersecurity companies to develop fit-for-purpose OT Cyber risk management solutions for industrial environments, driving innovation at the intersection of technology, processes, and organisation culture. She believes that Industrial Cybersecurity is about safeguarding cyber-physical processes that generate business value — where safety, reliability, and integrity are of the utmost importance. Her career spans roles at Eskom, where she helped shape national OT cybersecurity strategy and standards, to Deloitte Africa, where she led cyber risk strategies for Industrial environments globally. She also serves as a Board Member at the Council for Scientific and Industrial Research (CSIR), contributing to South Africa’s national science and innovation agenda.

The ransomware economy is changing, so is the experience of the victim. This webinar will cover the current threat landscape, the risks today, what’s changed, and what the threat actors are doing. We will touch briefly upon the great many resources for enterprises to prepare and work to prevent ransomware, and how to mitigate the impacts of this, but the primary focus of this webinar is to address how to engage when you are a victim. What do you do when you realize that, despite all your preparation, you are still subject to a ransomware event that is going to be your life for the foreseeable future. Who do you need to engage (boards, executives, law enforcement, regulators)? When do you communicate with each group (different stages of response, insurance, negotiators)? Which decisions need special care (insurance, ransom payment, reporting)? How should you proceed through the Four Rs (Recognize, Respond, Report, Recover)? What activities need to happen at each stage? Three Take Aways from the seminar:

1. Increased confidence in your ability to navigate ransomware complexities
2. Comprehensive view of the landscape for planning/directing response activities
3. Practical grounding to help refine preparation/mitigation efforts in your enterprise

Brian Scriber is the Chief Information Security Officer and a Distinguished Technologist at CableLabs leading the Security and Privacy Technologies. He works with technology policy, wired, and wireless networking leaders on security strategy and implementations using advanced technologies and techniques including AI, PKI, blockchains, encryption, and privacy enhancing tools. Brian brings his extensive experience in software, security, privacy, and cryptographic governance to both the economic and technical analysis activities. With a focus on protecting data and privacy across networked environments, his background also includes technical and executive leadership roles creating and protecting strategic network communications at companies including Nortel, Lockheed Martin, FedEx, and Sun Microsystems. Brian holds a B.S.E in Computer Engineering (University of Michigan) a M.S. in Computer Science (University of Colorado), and an M.B.A. in Technical Strategy (University of Colorado). Brian is an assignor on 28 patents in cyber security technology and his research publications have been widely cited.

In his role as Engineering Fellow at Comcast, Tony Tauber focuses on Backbone and Core network architecture and engineering with particular attention to measurement, manageability, and automation as well as network and routing security. He also partners with the research and education communities on projects and previously chaired the North American Network Operators Group (NANOG) Program Committee. He is the lead engineer and architect for Comcast’s RPKI and Anycast routing initiatives. He was a founding contributor to the MANRS initiative and is a current member of the MANRS Steering Committee. In the past, he held senior network engineering positions at BBN, GTE Internetworking, Genuity, Level3 Communications and MIT Lincoln Lab as well as served as co-chair of the Routing Protocol Security working group in the IETF.

Kaleem Ahmed Usmani: I am heading the Computer Emergency Response Team of Mauritius (CERT-MU), a national CERT since May 2010. It operates under the umbrella of the National Computer Board, an autonomous body under the Ministry of Information Technology Communication and Innovation, Republic of Mauritius.

My experience of 18 years in the ICT industry spans over cybersecurity , network engineering, system administration, IT management and project implementation. Currently, I am involved in implementing the national level cybersecurity projects for Mauritius and also involved in initiating regional cybersecurity projects for IOC, SADC and COMESA region. I am the Mauritian representative to UN Group of Governmental Experts (UNGGE) on Cyber for the period 2019-2021.

Sachindra Reechaye: With over 17 years of experience as Cybersecurity Consultant and Ag. Head at the National CERT of Mauritius, I have been shouldering diverse roles and responsibilities at the Management and Operational level with the aim of countering the evolving Cyberthreat Landscape. My duty consists of devising and implementing methods, strategies and procedures to minimize Cybersecurity risks and coming up with appropriate preparedness plans in the fight against Cybercrime for government and the private sector. My engagements include assistance in overlooking and coordinating CERT-MU operations, Managing the National Security Operations Centre (SOC) Drafting of the National Cybersecurity and Cybercrime Act 2021, Concept development of setting up the Senegalese National CERT, Coordination and, Building Capacity for Professionals globally in the area of Cybersecurity through International Telecommunication Union's (ITU) Centre of Excellence, Organisation of Local and International Cybersecurity drills, Development of National Cybersecurity & Cybercrime Strategy among others. I also had the privilege to share my expertise regionally and at the international level in collaboration with entities such as Council of Europe, SADC, ITU, AfricaCERT and Interpol in areas such as Capacity Building, Enhancement of Incident Response Capabilities, Information Sharing, Setting up National CERTs and Organization of Cyber Exercises, Public and Private Partnership and International Collaboration among others.

Africa's digital future depends not only on connectivity, but on trust, sovereignty, and resilience. This presentation introduces the White Paper "Sovereign by Design: Africa's Data Security Governance Playbook – Advancing Data Sovereignty, Security, Resilience & Trust for Africa's Digital-Intelligence Era." It outlines an actionable policy-to-practice framework for embedding data sovereignty within Africa's cybersecurity and digital governance architecture. The session explores how African nations can translate national strategies and continental norms—including the AU Digital Transformation Strategy, the Malabo Convention, and emerging regional instruments—into operational data security governance systems. It highlights approaches for aligning cybersecurity, data protection, and digital trade regimes to ensure both economic competitiveness and strategic autonomy. Participants will gain practical insights into:

1. The Data Security Governance Quadrant, linking policy coherence, institutional capacity, technological assurance, and local value creation.
2. Pathways to finance and operationalise cybersecurity as a sustainable economic sub-sector.
3. Lessons from national and regional case studies demonstrating trust-based data collaboration across borders.

The presentation is designed for open sharing (TLP:CLEAR) and aims to stimulate discussion between CSIRTs, policymakers, regulators, and private-sector leaders on how Africa can strengthen cyber and data resilience by design, not by reaction. Learning Objectives (3)

1. Understand how data governance and cybersecurity frameworks can reinforce one another.
2. Explore models for sustainable funding and institutional capacity for cyber resilience.
3. Identify actionable policy levers for operationalising data sovereignty in African contexts.

Key Takeaways (3)

• Data sovereignty is security sovereignty.
• Policy coherence, capacity, and coordination are the cornerstones of resilience.
• Africa must define its own governance benchmarks rather than adopt external yardsticks.

Intended Audience: Incident response teams, national CERTs, cybersecurity policymakers, data protection authorities, digital regulators, and regional cooperation platforms across Africa and the Arab regions.

Traffic Light Protocol (TLP) TLP:CLEAR — suitable for open community sharing.

Abdul-Hakeem Ajijola (AhA) is a globally recognised cybersecurity strategist, data protection expert, and policy advisor. He chairs the African Union Cyber Security Expert Group (AUCSEG) and serves as Executive Chairman of Consultancy Support Services (CS2) Ltd., Nigeria. With over 30 years of leadership in cybersecurity, privacy, and capacity building, he has advised the African Union, United Nations, ECOWAS, OIC, and GFCE. Mr Ajijola co-drafted Nigeria's National Cybersecurity Policy & Strategy (2021) and the NDPC Strategic Roadmap & Action Plan (2023–2027) and contributes to the African Continental Cybersecurity Strategy (2025–2030). His current focus lies in data governance, privacy integration, and workforce development to create Africa's cybersecurity economic sub-sector. Guided by the African proverb, "Wisdom is like fire, people take it from one another," he continues to share knowledge that strengthens Africa's digital sovereignty and trust architecture.

The rapid expansion of digital technologies is redefining the interface between Information Technology (IT) and Operational Technology (OT) systems. Historically, these domains functioned independently, resulting in isolated architectures and complex management challenges. However, increasing customer expectations and the necessity for efficient, personalized production workflows have placed digital innovation at the forefront of manufacturing strategies. While these developments pave the way for enhanced operational efficiencies, they also introduce new cybersecurity concerns. Effectively securing these interconnected environments from cyber threats represents a critical concern for Chief Information Security Officers (CISOs) globally.

As industries increasingly embrace digitization, critical infrastructure is now woven into unified digital ecosystems, thereby expanding the potential attack surface. The fundamental differences between OT and IT systems often mean that IT-centric security approaches are insufficient for OT settings.

Focus areas.

• Common Threats: Key attack vectors and actionable solutions.
• Applicable laws and regulations
• Common Pushbacks and solutions
• Strategies to reduce vulnerabilities and enhance cyber resilience.
• Standardized frameworks and essential layers of defence.
• Avoiding Common Pitfalls
• Lessons learned from CISOs, including strategic investments to address • and ensure long-term resilience. • Cyber Security Insurance Issues

Target Audience: CISOs, CIOs, OT professionals, and Critical infrastructure teams from Energy, Manufacturing, Health industries, and so forth.

Sithembile Songo has been crowned as the Cyber leader of the year 2024 in Africa, CISO of the year 2024, one of the 50 Top of Mind Global Executives, Top 50 cyber professionals, Top 50 manufacturing leaders, Top 100 global women in cybersecurity, international speaker, Top 100 influential women, mentor and is serving as a member of the board and advisory board member. She holds a Master of Science in Information Security from the University of London. She has spoken at major local, national and global IT and cyber security conferences. She has been specializing in information security for more than 20 years now and her experience is augmented by several executive leadership roles in both public and private sectors, including Financial, Telecom, Public Sector, Consulting firm, Energy sector and other State-owned entities.

Sithembile currently works as the Chief Information Security Officer, CISO, heading the information security pillar at the state-owned energy entity, which produce 95% of South Africa’s electricity. Her strategic role primarily focuses on protecting the national critical infrastructure from potential cyber-attacks, thus preventing a negative impact on the economy. She also enables secure business operations, including secure generation, transmission, and distribution of electricity, which depend on operational technology (OT) that largely depends on secured computer networks and systems to produce electricity.