Evelyn Chepkirui Kilel is a cybersecurity expert currently working as the Principal Cyber Security Engineer at Safaricom PLC. She is also a co-founder of SheHacksKE, a community of women in Cybersecurity from various backgrounds and counties in Kenya.

The 26-year-old shared her career path with Sunday Nation.


Briefly tell us about yourself

My name is Evelyn Chepkirui Kilel. I have been working in the cyber security industry for close to five years as a cyber security engineer, Consultant and Pentester. Currently, I work as a Principal Cyber Security Engineer at Safaricom PLC where I majorly undertake security testing of the products going to market and periodic security reviews, vulnerability assessments and penetration tests across all of the company’s systems/infrastructure.

I also co-founded SheHacksKE alongside two ladies Laura Tich and Patricia Jepkoech. SheHacksKE is a community of over 1000+ women in cyber security which seeks to educate more students and women about cyber security and also bridge the gender gap in the cyber security ecosystem. The community works to ensure that ladies are trained in cybersecurity through boot camps, training and campus outreach.

I am very passionate about technology, network and application security, software development (Web Applications), penetration testing and business intelligence.

I enjoy playing chess in my free time.

Tell us about your childhood and family life

I am the third born in a family of five, I have three brothers and one elder sister. We grew up in Sotik where I went to a Catholic boarding primary school. I later attended Kipsigis Girls in Kericho for my high school education.

My parents and siblings have been very supportive and instrumental in my education and career journey. My elder sister has majorly been my roommate in both primary school and at the university. We have grown as a very close-knit family. We play a lot with my brothers and I love my siblings very much!

One of my memorable childhood memories was a visit to Thomson Falls with my family when I was about seven years old.

Educational background

I graduated from Kabarak University in 2016 with a Bachelor’s Degree in Computer Science, Software Engineering. I have also pursued various professional certifications including IBM Security Intelligence Analyst, IBM Business Intelligence Analyst, IBM Application Security Specialist and CCNA Routing and Switching.

Share with us your career journey

My interest in cybersecurity developed through one of my school professors, the late Prof Kefa Rabah. He was great in cryptography and started learning more when I was in my third year.
IBM MEA University came to our university to train us more about cybersecurity more so the application security using AppScan and SIEM management using QRADAR. After successfully completing these programmes, I was hired by IBM as a part-time Application Security Trainer.

Once I completed my undergraduate degree, I joined Safaricom for my internship as a cybersecurity SOC analyst. In 2017 July, I joined EY (formerly Ernst & Young) as a cybersecurity consultant. In 2019 I joined Safaricom, where I currently work as a Principal Cyber Security Engineer.

In August 2016, I co-founded SheHacksKE, a community of women in cybersecurity which we seek to educate more students about cybersecurity and also bridge the gender gap in cybersecurity.

Besides, I have also undertaken various voluntary roles with Kenya Web Designers as a Software Development Engineer, Google as a Google Developer Groups Lead Nakuru region, Lead Organizer for Women Techmakers Kabarak University Chapter and Kabarak University IHUB organizer and Strategic Planner.

I would encourage anyone in the cybersecurity and tech industry to keep learning as there are many resources available online. Also volunteer as much as you can in tech community-related work as that is how I started my career as I was a computer science student as I started.

How have you progressed over the years career-wise?

I have perfected my skills and expertise in security monitoring for anomalies, intrusions and events of interest, penetration testing which revolves around application, mobile and network security assessments in the banking, telcos and fintech industries.

Over the years, through significant exposure and experience, I have honed my IT security governance skills and can assist organisations to implement security controls such as ISO 27001.

I have also become very proficient with DevSecOPs usage, a technique that ensures security for microservices and cloud infrastructure in use.

Working with Safaricom PLC, has also been very transformative to my career journey through significant exposure, capacity-building and support for cybersecurity in tech communities.

I was also recognised among the top 50 women in cybersecurity in 2020 by CyberInAfrica.

I also spoke at the BlackHat conference in 2020 alongside Laura Tich fellow co-founder on Building Cyber Security Strategies for Emerging Industries in Sub Saharan Africa.

What has been the key driver to your growth? 

Continuous learning as there new technologies coming up and also keeping up with current technological developments, research as well as Certifications in this space such as CCNA Security, AWS Security and also through online learning platforms such as LinkedIn, Microsoft Learn and Oreilly.

There are a bunch of resources available online to expand knowledge, skill sets in the Technology and cybersecurity field. Being part of tech communities has also played a significant role in not only exposing me but also SheHacksKE globally.

Running SheHacksKE activities alongside the founders and team and in collaboration with partners such as Microsoft, Safaricom, COMAE, EKRAAL, AH, Huawei, Liquid Telecom and Strathmore University has also been a great experience which I have learnt a lot.

Who are the people or relationships that you can single out that were useful in your career growth and how did they influence your trajectory?

My University School Professor, the late Kefa Rabah guided me through my career journey. My parents, siblings and mentor have also significantly supported me especially when I was out.

My siblings are all in the technology, engineering, finance, and Fintech space and therefore we have significantly a lot of knowledge, information and trends to keep abreast of especially given the interconnectedness of these fields.

Key decisions you might have taken along your career?

Innovation, creativity, flexibility and going above and beyond your expectations is very crucial to succeed in the career world. Continuous learning and pro bono work is also important for anyone starting out in the tech world especially if and when the job search is hard.

Your current role and scope?

I am a Principal Cyber Security Engineer at Safaricom PLC. My role encompasses, but not limited to security testing of the products going to market, undertake periodic security reviews, vulnerability assessments and penetration tests across all of the Company’s systems/infrastructure.

I also ensure all new and existing systems/products/services comply with Company’s security policies & standards and other industry best practices e.g. ISO27001, PCI, GDPR, etc.

Additionally, I provide timely and quality security assurance reports and advice to the business when required as well as undertaking regular follow ups with system custodians/owners to ensure any security risks identified are addressed within the agreed timelines.

What would you tell your younger self?

I would echo these phrases: ‘Be kind to yourself’, ‘Don’t shy away from opportunities’, ‘Seek out avenues and channels to improve yourself daily’, and ‘Quality over quantity, always!’

What would you advise the youth in Kenya and Africa today?

Technology and related disruption is the future for Kenya, Africa, and globally and therefore the youth should seek to align their skills, businesses, and efforts in that direction. Diversify your skills and go above and beyond your call of duty.

Future plans career-wise?

My current role in Safaricom is quite exciting and also portends significant opportunities for growth. I plan to enroll in a Master’s degree programme in the near future and also seek out certification programs that would broaden and diversify my skill set in technology and finance.

Anything else you’d want to add?

I am happy to see more women join and take on opportunities in the cybersecurity industry. In line with the core motivation for SheHacksKE is to inspire, engage and empower women to take up positions in the cybersecurity industry.