In late 2013, I was a fresh graduate with a Bachelor of Science in Information Technology from Jomo Kenyatta University, three months out of university and hungry to make my mark. I had spent four years studying technology in the abstract, and I was convinced that my passion for cybersecurity would be enough to open doors. When I applied for an internship position at Serianu Limited, then a two-year-old cybersecurity startup in Nairobi, I believed that my academic foundation and my hunger to learn would carry me through. What happened in that interview room changed the trajectory of my career and, ultimately, led to the book you are holding.
The story you will just read is true.
Not literally, perhaps. James Ochieng is a fictional name, and Nexus Financial Services doesn't exist on any registry. But the journey you'll witness — the struggles and breakthroughs, the basement and the climb — all of that is real. I know because I lived it.
It was December 2013, when I walked into an interview at Serianu, now arguably one of Africa's leading cybersecurity firms. I was young, eager, and convinced that my technical passion would grant me a clear pass. I had walked in with the confidence of a fresh graduate who had spent four years studying technology.
Then the interviewer asked me to explain what a ping command does. I couldn't answer.
I did not know what a ping command was.
I walked out humbled, realising I knew almost nothing about the field I was about to enter.
I didn't fully understand why they hired me. Perhaps they saw curiosity where I saw inadequacy. But that moment of not knowing became the foundation of everything that followed. It became the first brick in my foundation. I learned that day that confidence without competence is a house built on sand, and promised myself that I would never be caught unprepared again.
The Basement Years
Like most cybersecurity practitioners entering the field, I started at the bottom. The typical entry point is unglamorous — monitoring dashboards, triaging alerts, running vulnerability scans, and learning to read log files that seem to stretch on forever. You are the first responder to incidents that no one outside the security team will ever hear about. You work odd hours, learn on the fly, and measure your progress not in promotions, but in the problems you can now solve. For the next three years, I lived in what I've come to call the basement — absorbing everything I could: network protocols, security frameworks, incident response, vulnerability assessment. I stayed late, arrived early, and filled notebook after notebook with knowledge I didn't yet know how to use, striving to become technically competent.
By the time Serianu decided to set up its own Managed Security Operations Center (SOC), I was among the team that helped build it from the ground up. That SOC was not just a technical project; it was a milestone for the cybersecurity industry's evolution in Kenya and across the African region. I was becoming technically excellent. I could find vulnerabilities others missed, design solutions that were protecting client networks, responding to customer issues and incidents with precision. By every technical measure, I was growing.
The Moment Everything Changed
The boardroom moment came sooner than I expected. It was two years into my career at Serianu when I walked into my first management presentation. We had just completed a penetration testing engagement and were to present the project report to the company's senior executives. Having handled the technical execution, I had accompanied our CEO, William Makatiani, for the report presentation, expecting him to deliver it as he always did.
But that morning, as we walked into the building, he turned to me and asked: “Martin, I hope you are ready.”
I had two choices. I could retreat, defer, insist that he should present as planned. Or I could take the bull by its horns.
I chose to present.
It was the first time I stood before executives and felt my technical expertise stripped naked. I watched their faces as I spoke. They were gracious and listened with patience. Strangely, I sensed a disconnect forming, as a gap emerged between what I was saying and what they needed to hear. Despite the facts, the data, and the numbers — none of it was landing.
When I sat down after my delivery, I observed how my boss presented. With him, everything was different. He was a storyteller. People lit up to his humour. Yet beneath this humour was a master who had learned to speak in ways that caused executives to lean forward instead of politely endure. He didn't just communicate facts — he connected with his audience.
On that day, I learned of what I later came to know as the translation gap. And it took me years to cross it. I was technically excellent, but strategically naive — a realisation that became the turning point that changed everything.
The Long Climb
The years that followed were a second period of education, one that no certification could provide. I learned to stop talking about vulnerabilities and started referring to business risk. I learned to connect every security initiative to the company's strategic priorities. I learned that while executives may need to understand how I protected them, they primarily needed to trust that I understood what they were trying to build first.
Slowly, the conversations changed, and I became more relevant to the businesses we consulted for. Without those hard lessons, I would still be in that first executive boardroom, wondering why no one was listening.
Today, as I write this book twelve years later, I serve as Country Director for Serianu Botswana and Regional Expansion Lead across Africa. I have served governments and enterprises, built teams, designed security operations centres, and helped shape cybersecurity strategy across the continent.
— Martin M. Kamethu
Gaborone, Botswana
Who This Book Is For
I wrote this for the cybersecurity professional who is tired of being invisible.
If you are early in your career, this book will help you avoid the trap many professionals fall into — the belief that technical excellence alone will be recognised and rewarded.
If you are experienced but stuck, this book will show you the path I discovered: how to translate your hard-won expertise into language that resonates with business leaders.
If you aspire to lead — not just manage systems, but shape organisations and your industry — this book will guide you toward that transformation.
This is not a technical manual. There are no configuration guides or certification prep materials here. This is a book about redefining your identity: transforming who you are becoming.
Confidence without competence is a house built on sand.