University of Nairobi (through C4Dlab) supported by ICT Authority (ICTA) offers CyberSecurity training in Kenya.

ICTA is a State Corporation under the Ministry of Information Communication and Technology which enforces ICT standards in Government and enhance the supervision of its electronic communication under the national message, “One Government, One Voice”. ICTA has a specific mandate to promote ICT literacy and capacity.

Download Brochure

The ICT sector is linked to economic growth, with specific contributions to competitiveness, poverty reduction and productivity. Information security  (InfoSec) is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.

Organizations through technology collect, process, store and transmit a lot of data, some of which is confidential information about employees, customers, products, research and financial status.  This information must be protected , otherwise governments, public and private institutions risk suffering widespread and irreparable financial & reputational damage.

County governments, Ministries, Departments and Agencies (MDAs) need to be equipped with skills and resources to address the issue of information security. In particular the Division of Performance Contracting at the Ministry of Devolution and Planning while providing the performance contracting guidelines requires that

“allMDAsare also required to put in place an Information Security Management System (ISMS) that ensures that access to information is appropriately authorized, safeguard the accuracy and completeness of information and processing methods and ensure that authorized users have access to information when they require it.”

The University of Nairobi, through C4DLab, supported by the ICT Authority (ICTA), is offering leadership in improving the capacity of Kenyans in the area of Information Security.

Training Objectives

This training will prove that the attendee has a good knowledge and understanding of the wide range of subject areas that make up information security and its management. Aspects in the training will include technical risks and corresponding management controls, risk and its management, security standards, people and physical security as well as business continuity.

Upon successful completion of the course, attendees should expect to gain knowledge and understanding in the following areas:

  • Knowledge of the concepts relating to information security and its management (confidentiality, integrity, availability, vulnerability, threats, risks, countermeasures, etc)
  • Appreciation of the current national policy and legal structure that impact upon information security management;
  • Awareness of developments of the national and international standards, frameworks and organizations which facilitate the management of information security;
  • Understanding of the current business and common technical environments in which information security management has to operate;
  • A deep understanding of the relevant technical aspects of information security such as attacks, intrusion detection, mobile money security and Hacking USB devices
  • Knowledge of the categorization, operation and effectiveness of controls of different types and characteristics (examples will include computer forensics investigations

Target Audience

IT Professionals in government and private sector interested in learning more about Information Security. The following job titles fit very well in this course:

  • Information security professionals
  • IT Security Managers
  • Cloud Security Professionals
  • IT Architects  and Administrators
  • Risk Assessment Professionals
  • Database and Web Developers
  • Security Auditors and Compliance Managers
  • Network and System Administrator
  • Government & Intelligence Agencies interested in real world IT attack and defense
  • Technology Risk Assessment Professionals
  • Digital Forensics Investigators
  • Individuals involved in implementation, testing, security hardening of mobile devices

Project Team

Prof. Timothy Waema, Program Leader

prof_waemaProf. Timothy Mwololo Waema is a Professor of Information Systems in the School of Computing and Informatics in the University of Nairobi, Kenya. He has extensive ICT4D research and consultancy experience in many aspects of ICTs and development spanning over more than 25 years. He holds a PhD in Strategic Management of Information Systems from University of Cambridge (UK) and a Honours Degree in Electrical and Electronic Engineering from University of Bath (UK). Prof. Waema has published widely in journals, conference proceedings and in books in information systems and ICTs for development. He has edited two books, one on electronic governance and the another on ICTs and poverty. He sits on editorial boards of several peer reviewed journals and is a Professional Member of the Association for Computing Machinery (ACM).

Dr. Tonny OmwansaProgram Supervisor/Trainer

C4DLab_PortraitsDr. Omwansa holds a PhD in Information Systems and lecturers at the School of Computing & Informatics, University of Nairobi. He is author of “Money, Real Quick: Kenya’s disruptive mobile money innovation”.

He has conducted extensive research and consulted widely in information systems and published  numerous reports and academic papers in the areas of innovative technologies, adoption and impact of technology, use of airtime transfers, mobile banking, virtual currencies among others. He is a recipient of the prestigious Bellagio Fellowship from the Rockefeller Foundation where he worked on the book on mobile money.

He is currently a consultant on financial inclusion at MIT, coordinating a Pan-African innovation program. He is the current coordinator of the C4DLab, the University of Nairobi’s innovation and incubation lab. He is member of ACM, ISACA and IEEE. He is the current Vice Chair of the IEEE – Kenya Chapter.

Dr. Chris ChepkenTrainer

C4DLab_Portraits-2Christopher is an IT career professional, a lecturer and a researcher at the School of Computing and Informatics, University of Nairobi, with over 10 years of experience in Software development and ICT Training in Kenya and South Africa. He holds a PhD in Computer Science from the University of Cape Town, South Africa. He also has a Master of Science (Applied Computer Science), where he worked on a project to find out how mobile text (SMS) can be encrypted and a Bachelor of Science (Computer Science), both from the University of Nairobi.

Christopher has worked on a number of projects which include an ongoing one on Mobile Phone-Based Personal Health Record System for Resource Constrained Environment. The objective of this project is to contextualize Personal Health Records in the developing world.  The key contribution for Christopher was implementing encryption algorithms and the general security design of the medical records.

He has published a number of papers both in peer reviewed journals and international conferences. Currently, Christopher the Coordinator for the School of Computing and Informatics MSc. programmes and the Silensec academy based at the School of Computing and Informatics.

Mr.Evans KahuthuTrainer

evansEvans Kahuthu is an Information Security Specialist with over 10 years’ experience in the IT industry. He works as an Independent Contractor with the ICT Authority in the area of Information Security.

In this capacity, he has spearheaded the development of the National Cyber Security Master Plan and Strategy and the establishment of the National Public Key Infrastructure. From 2001 until June 2009, he worked as the Web and Application Development coordinator at the California State University, San Bernardino where he was in charge of over 150 websites and database applications. Security and accessibility of these applications was his core job function. In addition, Kahuthu was a member of the IT team that was tasked with Security Awareness and Training at the California State University. This team was the author of the Web Security Policies for the California State University. Between September 2006 and December 2008, he was a part time Lecturer at the California State University, San Bernardino College of Business and Public Administration where he taught database security and e-commerce.
Kahuthu is a Certified Information System Security Professional (CISSP) and a member of International Information Systems Security Certification Consortium (ISC) 2, and the Open Web Application Security Project (OWASP).

Topics to be Covered

Topic Sub-Topics
Fundamentals of Information Security and its managements 
  • Fundamentals (confidentiality, integrity, availability, vulnerability, threats, risks, countermeasures, etc)
  • Impact of IS security breaches
  • Economic impact of security breaches/ disruptions to IT operations
  • Case studies of attacks and their impact.
National agenda on Information Security
  • Current policy and legal structures/documents
Internal Best Practices on Information Security
  • National and international standards, frameworks
  • Organizations facilitating management of information security as well as resources available
  • Business and technical environments for Information Security
  • Information Security Strategy
Threats and Attacks
  • Security Risk Trends
  • Programmed Threats (Denial of Service, Programmed Threats e.g. virus, worms, trojans, backdoor)
Preventing and Detecting Attacks 
  • Intrusion detection
  • Spying technologies
  • Web application & vulnerability testing
  • Penetration testing
  • Preventing Data Loss (PDL)
Hackers techniques and control  
  • Theory and practice of ethical hacking
  • Hacking and securing routers, cables, wireless networks, USB Devices, mobile phones, PDAs & handheld devices, firewalls
Computer Forensic and Incident handling 
  • Computer forensics investigations
  • Incident handling
Mobile Security
  • Securing mobile phones, PDAs, laptops and other handheld
  • Securing mobile applications e.g. Mobile money security

Delivery method

The training will be offered in form of lecturers, tutorial and exercises.  The classes will address both theoretical essentials and hands-on aspects as well as real-life attack scenarios. There will be significant emphasis on student’s individualized involvement.

The training is offered in three different options as described below.

Option Time Frame Benefits Cost per person
Full Time
  • 3 full days
  • 8AM  to 5PM
  • Offered once every quarter
  • Package of Training Materials
  • Published case studies and reports
  • Access to computer lab and practical tools
  • 10 AM and 4 PM Tea with snacks (3 days)
  • Lunch (3 days)
  • Certificate of Attendance
  • Package of Training Materials
  • Published case studies and reports
  • Access to computer lab and practical tools
  • 10 AM and 4 PM Tea with snacks (3 days)
  • Lunch (3 days)
  • Certificate of Attendance
KES. 50,000
  • To be discussed with client
  • Offered on client site
  • Certificate of Attendance
  • Package of Training Materials
  • Published case studies and reports
  • Other benefits in discussion with client
  • Offered on client site
  • Certificate of Attendance
  • Package of Training Materials
  • Published case studies and reports
  • Other benefits in discussion with client
To be discussed with client


Courses in 2016

June October
Full time 8th – 10th 28th -30th November 2016

For inquiries, please contact:

Selina Ochukut

Phone: +254 723 030 134
Email :