Before attackers go after systems, networks, or software, they go after something far more powerful: the human mind. That’s where the real game is played. As human beings, we are wired in very specific ways. We trust. We help. We respond quickly to urgency. We don’t want to miss opportunities. We don’t want to get into trouble. These traits help society functionbut they also make us vulnerable. Attackers understand this better than most people realize. They don’t need to break technology if they can influence behaviour.And influencing behaviour starts in the mind. The Mind Is the First Attack Surface Cyberattacks don’t begin with code.They begin with emotions. Fear.Pressure.Excitement.Authority.Opportunity. Once an attacker triggers any of these, critical thinking often slows down. Logic steps aside, and reaction takes over. At that point, the hardest part of the attack is already done. Systems Are Built to Resist ,Humans Are Built to Trust Modern systems are designed with layers of protection: passwords, firewalls, encryption, and access controls. Breaking through them directly takes time, skill, and effort. Humans, on the other hand, are not built to resist they are built to connect. We assume good intent.We respond when something sounds important.We act quickly when consequences are mentioned. Attackers exploit this difference. So instead of fighting the system, they go around it by targeting the person using it. People Are the Easiest Entry Point An attacker doesn’t need advanced tools if they can simply: Once a human opens the door, the system behaves exactly as designed. No hacking required. Just manipulation. Social Engineering Is About Psychology, Not Technology Social engineering works because it speaks to emotions, not logic. Messages are crafted to sound: When emotions rise, verification drops. This is why so many successful attacks involve phishing emails, fake support calls, job offers, or warnings about account problems. The technology isn’t failing it is the human moment that is being exploited. Why Awareness Is the Real Defense Security tools matter, but they can’t replace awareness. Cybersecurity depends on people knowing when to pause, when to question urgency, and when to verify through another channel. This is why cybersecurity is not just a technical field.It’s a human one. Final Thought If attackers can control your emotions,they can control your actions. And once they control your actions,they don’t need to hack any system at all. The strongest defense isn’t fear it’s awareness, patience, and understanding how the mind is used in attacks. Remember to ‘Never Trust, Always Verify’
The Most Dangerous Word In Cybersecurity Is ‘Urgent’
In cybersecurity, many attacks don’t start with hacking tools or technical tricks. They start with one word: Urgent. That word has caused more people to lose accounts, money, and data than most viruses or malware. Why? Because the moment something feels urgent, people stop thinking clearly. Attackers know this very well. Why Attackers Use the Word “Urgent” When something feels urgent, fear kicks in. You feel pressure to act fast so you don’t lose something important. Once fear takes over, logic goes quiet. That’s why attackers use messages like: The goal is simple:make you panic so you act without thinking. Urgency Makes People Skip Checks When people feel rushed, they don’t verify.They don’t double-check links.They don’t ask questions.They don’t slow down. They click. They respond. They approve access. And once that happens, the damage is already done. Most cyber incidents happen not because someone is careless, but because they felt pressured to act quickly. Good Security Slows You Down Strong security systems are designed to slow people down on purpose. That’s why important actions need: These steps are not there to annoy you.They are there to protect you when emotions are high. Urgent Does Not Always Mean Real Not everything urgent is true.Real companies give you time to verify.Real problems can be checked through official channels. Fake urgency falls apart when you pause and question it. The Real Skill Is Control Cybersecurity is not about acting fast.It is about acting wisely. When you slow down, you take back control.And when you take back control, most attacks fail. Final Thought If a message tells you to act immediately, pause.Take a breath.Verify first….. Never Trust, always verify! Want more like this?I write about human-centred cybersecurity, risk, and career transitions.
Why Slowing Down Is A Security Skill
In cybersecurity, speed is often praised. Fast detection. Fast response. Fast recovery. But there’s a quieter skill that prevents more incidents than most tools ever will: Slowing down. Many security incidents don’t happen because systems fail. They happen because humans move too fast. A rushed click. A hurried response. An emotional reaction to pressure. Attackers understand this deeply and they exploit it. They don’t need you to think.They need you to react. Urgency Is Designed to Create Fear Urgency is not accidental. It is deliberate. When urgency enters a message, it creates fear. And once fear takes over, rational thinking steps aside. At that point, the attacker doesn’t need access to your system they already have access to your mind. This is how control is gained. Reflect for a moment on situations in your life where it felt like if you didn’t act immediately, something terrible would happen. A missed opportunity. A lost account. A looming consequence. Now ask yourself:How many times did you fail to meet that urgency… and heaven did not fall? That realisation alone is powerful. Social Engineering Is a Mind Game Social engineering does not rely on technology. It relies on psychology. It plays on: Once emotion takes the lead, logic struggles to catch up. That’s why slowing down matters. Slowing Down Restores Control Slowing down breaks the spell. It gives you space to ask: Most malicious requests collapse under simple scrutiny. From a security perspective, slowing down reduces risk. It increases verification, limits impulsive decisions, and prevents attackers from steering your actions. Patience Is a Security Virtue In cybersecurity, patience is not weakness it is strength. Mature security systems are designed to slow people down on purpose: confirmation steps, approvals, reviews, and delays. These controls exist because humans are emotional, and emotions can be exploited. Slowing down protects not just systems, but people. Final Thought Social engineering is a mind game.Security is knowing when not to play. Slow down.Question urgency.Trust verification over fear. And sometimes you need toslow down and smell the cookie. Because control begins the moment you pause. Want more like this?I write about human-centred cybersecurity, risk, and career transitions.
Personal Digital Hygiene Tips for the Holiday Season
The holiday season is a time for joy, travel, reconnection, and celebration. It’s also a season when many of let our guard down online and offline. Unfortunately, attackers know this too. When we are distracted, excited, or eager to share good moments, our digital hygiene often slips. That is why being intentional during this season matters more than ever. Think of digital hygiene the same way you think of personal hygiene:small, consistent habits that quietly protect you. 1. Be Mindful of What You Share Especially During Travel To my fellow African brothers and sisters travelling home to celebrate:resist the urge to show off. The “I have arrived” mentality of posting locations, arrivals, gifts, or lifestyle updates in real time can expose you and your loved ones to unnecessary risk. Protect yourself and your family by: Privacy is protection. Not everything needs an audience. 2. Keep Certain Things Private for Your Own Safety Not everyone watching your posts has good intentions.Some people are observing quietly, connecting dots, and gathering context. What feels like harmless celebration can become useful information to someone with the wrong motives. Digital hygiene means knowing that: 3. Be Extra Careful with Holiday Messages and “Opportunities” During the festive season, messages increase giveaways, offers, collaborations, job promises, and quick favors. Slow down before responding. You don’t owe strangers access to your time or your trust. 4. Young Ladies: Be Intentional About Online Relationships This part matters. Please don’t fall for “he said he lives abroad” as proof of legitimacy.Photos can be edited. Stories can be curated. Lifestyles can be staged. It is incredibly easy to make life look a certain way online. And the truth is simple:you don’t need someone abroad to validate your worth or your future. If you’re earning a decent salary, building your life, and growing you can travel abroad by yourself. You don’t need illusions sold through messages and filtered photos. Digital hygiene also means emotional hygiene. 5. Use Strong Passwords and Enable 2FA Avoid passwords linked to anything visible on your social media names, dates, locations, hobbies. Make sure Two-Factor Authentication (2FA) is turned on for: That extra step protects you when emotions or distractions creep in. 6. Be Careful with Direct Messages Scammers love the holidays because people are more open and less guarded. If a message feels: Pause and Verify. 7. Awareness Is the Real Gift Digital hygiene is not about fear.It is about intentional living online and offline. Understanding that: …is one of the strongest forms of protection you can give yourself and your family. Final Thought Enjoy the holidays.Celebrate fully.Reconnect with loved ones. Just remember:what you keep private today can protect you tomorrow. Security starts with awareness and awareness is always in season. Merry Christmas!
Why 2FA and Multi-Factor Authentication Matter More Than You Think
For a long time, I believed a strong password was enough. If it was long, unique, and “hard to guess,” I felt protected. What I didn’t understand back then is this: Passwords don’t fail people do.And attackers know that. After experiencing social engineering firsthand, I learned a painful but important lesson: once an attacker convinces you to hand over access, your password becomes irrelevant. That’s where Two-Factor Authentication (2FA) and Multi-Factor Authentication (MFA) step in not as an inconvenience, but as protection for very human moments. What 2FA and MFA Really Are….. Two-Factor Authentication (2FA) means proving your identity in two different ways.Multi-Factor Authentication (MFA) simply adds even more layers. These layers usually fall into three categories: When more than one of these is required, stealing just one is no longer enough. Why Passwords Alone Are Not Enough Social engineering doesn’t crack passwords it bypasses them. Attackers rely on: Once they convince you to share a code or approve access, the system believes the request is legitimate. I have lived this. That is why 2FA and MFA exist, not because users are careless, but because humans are human. We get distracted. We get hopeful. We trust. We move fast. Security has to account for that reality. 2FA as a Human Safety Net One of the most important apps on my phone today is my authenticator app.Without it, even I cannot log into some of my own accounts. And that’s a good thing. Till today, I still receive authentication prompts, emails or messages asking me to verify my identity because someone, somewhere, is trying to log in. Those alerts are reminders that threats don’t stop just because time has passed. 2FA acts like a second voice asking:“Are you sure this is really you?” Even if an attacker gets your password: That pause, that interruption is often enough to stop an attack in its tracks. Security Is Everyone’s Responsibility Security isn’t just for tech professionals or cybersecurity teams.It is a shared responsibility. Being secure doesn’t mean being paranoid but it does mean being intentional.It means slowing down.Verifying before trusting.And understanding that convenience should never come at the cost of control. Don’t be too trusting.Trust, but always verify. In my next post, I’ll go deeper into social engineering, using my personal experiences to show how attackers think and how easily trust can be manipulated when we’re not paying attention. Because understanding the human side of security is where real protection begins.
The Psychology Of Trust: How Attackers Exploit Human Nature
Before I started learning cybersecurity, I believed attacks were loud systems breaking systems. What I didn’t understand then is that many cyberattacks don’t begin with technology at all. They begin with trust. Trust is what allows us to believe the best in people. But when trust is manipulated, it becomes one of the most powerful attack tools there is. I learned this the hard way long before I ever opened a cybersecurity textbook. When Trust Cost Me My Google Account At the time, I had posted an advert online to promote a product. Not long after, I received a phone call from a man who claimed to be a staff member of the platform where I had placed the advert. He sounded confident, knowledgeable, and helpful. He spoke my language. He explained how I could boost my sales and improve visibility. Naturally, I listened. I wanted my product to succeed. He asked for my email address, and moments later a code was sent to me. He told me the code was needed to activate the boost. Without thinking too deeply, I shared it. Within minutes, I was logged out of my Google account and the platform where I had advertised my product. That was the moment reality hit.Nothing had been “hacked” in the way most people imagine.I had been socially engineered. It took time, persistence, and patience, but I eventually recovered my account. What stayed with me, though, wasn’t just what happened but it was the realisation of how easily trust can be weaponised. And Then It Happened Again, This Time on Facebook Not long after, I experienced something similar with my Facebook page. I was contacted by someone who said I would be writing content for their company and would be paid $20 per post. It felt like recognition. Like opportunity. Like progress. I was excited. They sent me a link. Facebook warned me clearly that clicking “yes” would grant administrative access to my page. I saw the warning. I understood it. And still, I proceeded because in my mind, it made sense. I thought, I will be writing for them anyway. That click cost me my page. Again, there was no system breach.No technical exploit.Just trust, urgency, and optimism used against me. What These Experiences Taught Me Both situations had the same pattern: And the systems did exactly what they were designed to do.The vulnerability wasn not the platform it was the human decision in the moment. This is when cybersecurity stopped being theoretical for me. Why This Changed How I See Cybersecurity These experiences made one thing painfully clear:humans are the first attack surface. Attackers don’t always need advanced tools. They need understanding of behaviour, emotion, fear, ambition, and trust. In both of my experiences, the threat was social engineering.The vulnerability was trust.The risk was underestimated. Why I Didn’t Quit and Why That Matters Losing my Facebook page hurt me but it didn’t end me. I started again.I rebuilt from scratch.Because what was taken was a page not my skills, not my creativity, not my mind. And that resilience matters. Cybersecurity is not about never making mistakes.It is about learning from them and designing systems and behaviours that reduce the chances of repeating them. Trust Isn’t the Enemy Unquestioned Trust Is These experiences didn’t make me paranoid.They made me aware. Cybersecurity doesn’t require us to stop trusting it requires us to verify, slow down, and think critically when emotions are involved. Once I understood this, cybersecurity stopped feeling distant.It became personal. Because at its core, cybersecurity is about protecting humans from attackers, from systems, and sometimes from ourselves. And that is the work I understand deeply.
The Moment I Realised That Cybersecurity Isn’t just Tech: It’s Human Behaviour
I always assumed that cybersecurity was entirely about machines, codes, systems, networks, firewalls. It felt distant, technical, almost like another language spoken on another planet. But along my learning journey, something shifted, I learnt that there is more to Cybersecurity and so many roles come with this field.A truth surfaced quietly, and once I saw it, I couldn’t unsee it: Cybersecurity isn’t just technology.Cybersecurity is people.It’s behaviour. It’s emotion. It’s psychology. There was a single moment where this clicked for me. I was studying social engineering; how attackers manipulate people long before they attack systems and suddenly it felt familiar. I have seen these patterns before. I have lived them. I understood the way humans act under stress, how they hide things, how they panic, how easily trust can be exploited, how fear can make someone hand over information without thinking twice. Aviation had trained me for this without me realising it. In aviation security, we are taught a simple but powerful chain: Threat – anything or anyone that poses danger to civil aviation.Vulnerability – the target exposed to the threat (passengers, aircraft, airline staff, airport).Risk – the likelihood of the threat becoming reality. A formula etched into every cabin crew’s mind: RISK = THREAT + VULNERABILITY And suddenly, it hit me:The weakest link in any system is rarely the system but the human behind it. Once that clicked, everything about cybersecurity changed for me. I started paying attention differently.Not only to the technical steps but to the human steps:the emotional triggers, the motives, the pressures, the subtle manipulation techniques attackers use. It felt familiar, almost like watching an old movie with new subtitles.Aviation had already taught me how to read people, how to sense tension, how to spot inconsistencies, how to evaluate behaviour before words even formed. And that’s when the fear of “starting from scratch” melted a little.Because I realised I was not coming in empty-handed.I was not an outsider.I had been studying human behaviour for years without knowing it was one of cybersecurity’s most valuable skills. In that moment, cybersecurity stopped feeling like a world of machines and started feeling like a world of humans: humans making mistakes, humans being manipulated, humans needing protection, humans creating loopholes without realising it. And I understood something simple but powerful: I am not just learning cybersecurity.I am learning people and I have been doing that all along. Want more like this?I write about human-centred cybersecurity, risk, and career transitions.
How My Aviation Experience Secretly Prepared Me for Cybersecurity
When people hear I am transitioning from aviation to cybersecurity, they often look surprised. But the deeper I go into this field, the more I see the connections.Aviation didn’t just prepare me for cybersecurity…it trained me for it. For over a decade, I lived in a world built on safety, psychology, procedures, and risk awareness. As a Purser, my role went far beyond what most people imagine. Many reduce the flight attendant job to smiling and serving food, but that’s the smallest piece of the picture.I always understood why I was truly on board: Safety. Security. Compliance. Protection. And that mindset mirrors cybersecurity more than people realize. 1. Safety Culture → Security Mindset Aviation teaches one foundational truth:Safety must be intentional. Every checklist, every briefing, every drill exists because one small mistake can lead into something big. That awareness constantly assessing risk, thinking ahead, anticipating problems is exactly what cybersecurity demands. Security frameworks are just digital versions of the safety culture I have lived in for years. 2. Reading People → Understanding Social Engineering Aviation sharpened my instincts like nothing else. I learned the art of body language how a passenger’s posture, tone, or choice of words reveals what they’re not saying. I can spot nervousness, dishonesty, or hidden intentions in seconds.As passengers boarded, I was already profiling them quietly and professionally, not to judge them but to ensure safety. I also learned how to use words strategically how to get people to comply with instructions without being rude or confrontational.That is pure social engineering: Cybersecurity deals with attackers who exploit human weakness, not just system weakness.Aviation trained me to see those weaknesses before they are exploited. 3. Procedures and Drills → Structured Incident Response Aviation does not believe in “winging it.” You train for emergencies you pray will never happen.You follow procedures that keep chaos from becoming catastrophe. Cybersecurity incident response uses the same structure: Identify → Contain → Act → Review. My muscle memory for structured action already existed long before I opened my first cybersecurity textbook. 4. Crisis Management → Remaining Calm During Security Incident Turbulence. Medical emergencies. Unruly passengers.I’ve seen them all. That ability to stay centred in chaos transfers perfectly into cybersecurity, where breaches, alerts, and system failures require calm, not panic. Aviation taught me that. 5. Compliance in Aviation → GRC in Cybersecurity Here’s the part most people never see: Flight attendants must memorize and obey strict aviation compliance laws.If I violate them, I risk losing my cabin crew licence full stop.My job depended on understanding and applying policies flawlessly. This is exactly what GRC (Governance, Risk & Compliance) in cybersecurity is built on. Aviation trained me to treat compliance as non-negotiable.Cybersecurity simply gives that mindset new tools and a new environment. 6. Global Exposure → Understanding Global Threats Flying to different countries teaches you to think globally.Threats, behaviours, and risks differ across cultures.Cyber threats behave exactly the same way shaped by region, motive, and environment. My global lens gives me a head start here too. I am Not Starting From Zero,I am Bringing Everything With Me For a while, I thought starting cybersecurity meant wiping my past clean.But now I see the truth: Aviation laid the foundation. Cybersecurity is the evolution. Safety → SecurityPassenger behaviour → Social engineering awarenessCrisis management → Incident responseCompliance laws → GRCLeadership → Collaboration in techBody language → Human-based threat detection I am not abandoning one career for another.I am carrying the best of aviation into a field where it fits surprisingly well. And honestly?I think I am exactly where I’m meant to be. Want more like this?I write about human-centred cybersecurity, risk, and career transitions.
How I am Overcoming Imposter Syndrome while starting Cybersecurity at 43
Imposter syndrome has a talent for showing up right when I’m trying my best to grow. As a beginner in cybersecurity, I often catch myself wondering: Will I ever measure up? Will I ever be good enough? Is there even space for me in this field? Those questions used to sit heavily on my chest. I remember one of my first attempts to gain experience I applied for a remote internship. I was excited at first, but the moment I got inside, I felt completely stuck. No clear explanations, no guidance, just assignments that left me staring at the screen wondering if I was in over my head. I almost quit.But something in me refused to let the story end there.So I pushed through and completed it, even though I didn’t feel confident. That small win reminded me that progress doesn’t always feel good it just needs to be consistent. A little later, I applied for another internship, this time at my base. This one required an interview, and I walked in believing I was ready. Let’s just say the interview politely reminded me that there was much more to learn. Instead of breaking me, it opened my eyes: growth isn’t a straight line, and “not ready yet” doesn’t mean “never.” One thing this journey has taught me is not to depend on my feelings. Feelings change. They swing. They whisper doubts that don’t match reality. Whenever imposter syndrome tries to convince me I don’t belong, I go back to the promise I picked for the year John 14:1: Do not let your hearts be troubled (distressed, agitated). You believe in and adhere to and trust in and rely on God; believe in and adhere to and trust in and rely also on Me (Jesus). That verse steadies me.And so does the truth in Philippians 4:13: I can do all things through Christ who strengthens me. I hold onto that on the days I feel small.On the days I feel behind.On the days I’m tempted to compare my Chapter One to someone else’s Chapter Twenty. I’m learning that being a beginner is not a flaw it’s a season.And seasons change. I will keep showing up.I will keep learning.I will keep giving myself room to grow. And slowly, brick by brick, the woman who once wondered if she could survive cybersecurity will become the woman others look up to.
How I Built a Study Routine That Actually Works While Switching Careers at 43
Being a flight attendant means my life doesn’t follow the neat little Monday to Friday rhythm most people have. Some days I report for duty at 5:30am or 6:30am, and on those weeks, my schedule looks like a game of Tetris played by someone who refuses to lose. So I made peace with one truth: if I want to switch careers, my study routine has to bend with my lifestyle not the other way around. On days I meant to report early to work, I do something a little wild… I wake up at 3am.This is because I refuse to let an entire day slip by without learning something new. It’s quiet at that hour. My mind is fresh. And somehow, cybersecurity concepts feel less intimidating when the rest of the world is asleep. My off days? Those are my secret weapon.While everyone imagines I spend them brunching or binge watching shows, I am usually buried in my classes. I don’t work a 9–5, so I use the gaps in my schedule to catch up on anything I missed and on a good off day, I can study for ten hours. Not in one stretch though; I am dedicated, not robotic. I break it up, breathe, stretch, snack, and then get back into it. I have sacrificed a lot of “fun” things like visiting friends, watching movie at the cinema etc not because I enjoy being serious, but because time feels different now. I am building a second career, and I want to show my kids what determination looks like in real life, not just in talks only. Of course, there are lazy days. Days where my brain says, “Let’s just scroll and forget cybersecurity exists.” But then I remember my why: two little humans watching me with wide eyes, learning what resilience looks like from my choices. That usually snaps me right back into focus… gently. But I am also learning to be kind to myself. I rest on Sundays (unless I’m flying), and I remind myself that even determination needs room to breathe. I am juggling motherhood, aviation, and cybersecurity if my routine isn’t perfect, that’s fine. What matters is that I keep showing up. And honestly? I’m proud of the rhythm I am creating.