Dr Jabu Mtsweni, research group leader for cyber defence at the CSIR, describes his career as a life-time opportunity where a lot of learning has taken place and many long-lasting relationships have been built.
He became involved in the IT industry by chance. When he finished secondary school in 1999, there were various university study options that attracted him, although IT and computer science were not among them. "I got to study computer systems because there was no space at the university where I was applying to study my first or second choices, which were a national diploma in accounting and electrical engineering respectively."
He describes his career journey of 13 years as a blessing that has taught him a lot and exposed him to various domains. "I started my career as a basic IT technician during my in-service training at Eskom in 2002, but in 2003, changed direction completely, when I got a rare opportunity to lecturer at a higher learning institution in the computer systems department, although I had no training in this area whatsoever."
Community engagement
This was how Mtsweni discovered his passion. "I enjoyed this period tremendously because it allowed me to be independent, but learn as much as possible. I also interacted with a lot of people and mentored many students who are now holding high positions in various places."
In 2009, he decided to resign from lecturing to further his PhD studies full-time at SAP Research Africa. "This was done because many of us in academia, particularly African scholars in computer science and IT, did not have the relevant qualifications to contribute to human capital development, for example, the supervision of masters and PhDs."
Just before nearing the completion of the PhD, Mtsweni needed to go back to full-time employment and he returned to Unisa, where he led a number of initiatives, such as Random Hacks of Kindness, that focused on community engagement and human capital development for computer science and IT students.
A move to security
Talking of his move into the IT security sphere, he says: "By this time, I had developed strong passion for applied research and development, so when the opportunity came to join the CSIR, I could not resist, and took up the opportunity, albeit in a completely different domain than that of cyber defence."
In this ways, becoming involved in IT security was not a conscious decision, but a decision by chance. "When I was approached to join the cyber defence research group at the CSIR, I had limited understanding and experience in IT security, but had a strong R&D background. Since, then I have had to learn so much by being involved in various strategic R&D projects that interfaces well with the national government and private sector."
His involvement in applied research activities such as reverse engineering, malware analysis, Web security, threat intelligence, and cyber warfare made his involvement in IT security significant, and during this time he says he has also learnt a lot from veterans in the field, and continues to learn every day, since this field is forever changing.
The good, the bad
On what he loves about his job, Mtsweni says: "I love the fact that I am learning new things every day, but also I can work on 'real-stuff', and get the opportunity to transfer my research into reality. Second, we work and interact with different clients and personnel, so each day is a really a new day in our work environment. Having opportunities to be involved in developing emerging IT security researchers is also what makes want to be in the research lab every day until late nights."
On the down side, he says cyber security is not well understood by the general masses, and sometimes it is difficult to convince decision-makers why investment in this domain is critical.
In terms of the events and developments in SA's tech sector stand out the most for him, he says there are a few, but hackathons stand out because of their impact and involvement of people from different disciplines. "Innovation in the security arena needs to speed up, and I am of the opinion that hackathons, if done correctly, can contribute into this space."
A defining point in his career, he says, was the completion of his PhD, as this has opened many opportunities for him, and at the same time has broadened his horizons in the R&D space.
Would Mtsweni have done anything differently? "I think my journey has been more of a pre-destination, and although I at times think that I should have focused into IT security earlier in my career, I also believe that the knowledge I have gained working in other areas is an advantage for me in the IT sector."
Mtsweni will be presenting on 'Malware as a service: sharing TTPs to kill the supply chain' at the ITWeb Security Summit 2016 at Vodacom World in Midrand, from 17 to 18 May.
Share