FAQ

A vulnerability scan identifies security weaknesses and flaws in a system, while a penetration test goes further by exploiting those vulnerabilities to assess the potential impact of a cyber attack.

It is recommended that a organization conduct penetration testing at least annually or after any major changes in infrastructure or applications.

A security audit is a comprehensive review and evaluation of an organization's security controls to identify vulnerabilities and recommend measures to improve the security posture.

Common frameworks and standards used for security audits include ISO/IEC 27001, NIST Cybersecurity Framework, and PCI DSS.

A vulnerability assessment is a process of identifying security weaknesses and flaws in an organization's systems and applications.A vulnerability assessment focuses on identifying potential vulnerabilities, while a penetration test goes further by simulating a real-world cyber attack to assess the actual risk and impact of an attack.

Yes, cybersecurity jobs are in high demand in Kenya, and this directly benefits companies like Fanan Limited, which operates in the cybersecurity sector.

Cybersecurity Job Demand in Kenya

• Kenya is estimated to need at least 10,000 cybersecurity professionals by 2025 to address increasing digital threats.
• The cybersecurity market in Kenya is projected to reach $92.64 million by 2029, indicating strong growth and investment.
• Entry-level roles such as Security Analysts and SOC Analysts are particularly sought after, with salaries ranging from KES 48,000 to KES 588,000, depending on experience and certifications.
• Over 60% of Kenyan companies have reported cyberattacks in the past year, prompting a surge in hiring cybersecurity experts.

Global Trends Supporting Local Growth

• Globally, there are nearly 4 million unfilled cybersecurity positions, with companies struggling to find qualified talent.
• The rise of cloud computing, AI, and remote work has intensified the need for cybersecurity professionals.
• Organizations are increasingly focused on building long-term cybersecurity teams, emphasizing skills in areas like GRC (Governance, Risk, and Compliance), DevSecOps, and incident response.

What This Means for Fanan Limited

As a cybersecurity company:

• Fanan Limited is well-positioned to attract skilled professionals and offer services to a growing market.
• The demand for roles such as penetration testers, security consultants, and incident responders is increasing, aligning with the services typically offered by firms like Fanan.
• With strong branding (such as the preferred white and blue colors), Fanan can stand out in a competitive and opportunity-rich environment.

Yes, many cybersecurity jobs are remote, both globally and in Kenya. Here's a breakdown:

Remote Cybersecurity Jobs Globally

• Roles such as Security Analysts, Penetration Testers, Incident Responders, and Cloud Security Engineers are commonly offered as remote positions.
• Global companies are increasingly hiring cybersecurity professionals from anywhere, especially for roles that involve monitoring, auditing, and consulting. [jobgether.com]
• Remote work is supported by the nature of cybersecurity tasks, which often require secure access to systems rather than physical presence.

Remote Cybersecurity Jobs in Kenya

• Kenyan professionals have access to fully remote cybersecurity jobs offered by international companies, including positions like:
  • Security Engineer
  • Cybersecurity Analyst
  • Incident Response Specialist
  • Digital Forensics Expert [jobgether.com], [himalayas.app]
• Platforms like Jobgether and Himalayas list hundreds of remote cybersecurity jobs open to Kenyan applicants.
• Some local companies also offer hybrid or remote roles, especially in consulting, training, and SOC operations. [ict.go.ke]

What This Means for Fanan Limited

If you're hiring or positioning Fanan Limited:

• You can tap into remote talent pools to find skilled professionals beyond Nairobi or Kenya.
• Offering remote or hybrid roles can help attract top talent and reduce operational costs.
• You can also partner with remote consultants or freelancers for specialized tasks like penetration testing or compliance audits.

Yes, cybersecurity bootcamps are generally worth it, especially for those looking to enter the field quickly or switch careers. Here's a detailed look at their value:

What Cybersecurity Bootcamps Offer

• Intensive, hands-on training focused on real-world skills like threat detection, ethical hacking, and network security. [www.springboard.com]
• Short duration: Most bootcamps last a few weeks to several months, making them faster than traditional degrees. [tolumichael.com]
• Career support: Many programs include resume help, interview prep, and job placement assistance. [www.utsa.edu]
• Certifications: Bootcamps often prepare students for industry-recognized certifications like CompTIA Security+, CEH, and CISSP. [www.infose...titute.com]

Pros

• Beginner-friendly: No prior IT experience is usually required. [www.springboard.com]
• Job-ready skills: Focused on practical tools and techniques used in the industry. [www.utsa.edu]
• Flexible formats: Available online or in-person, full-time or part-time. [tolumichael.com]
• Cost-effective: Typically cheaper than a university degree, ranging from $1,500 to $20,000. [www.infose...titute.com]

Cons

• Limited depth: May not cover advanced theory or research topics found in degree programs.
• Entry-level focus: Best suited for roles like Security Analyst or SOC Analyst; higher-level roles may require more experience or education. [tolumichael.com]
• Success depends on effort: Networking, continuous learning, and certification exams are key to landing a job. [www.springboard.com]

Career Outcomes

• Many bootcamp graduates land entry-level cybersecurity jobs within months of completing the program. [www.coursereport.com]
• Average salaries for entry-level roles can be competitive, with some bootcamp grads earning over $70/hour in contract roles. [www.coursereport.com]

Is It Right for You?

A bootcamp is a good fit if:

• You want to enter cybersecurity quickly.
• You prefer hands-on learning over academic theory.
• You're switching careers or upskilling without pursuing a full degree.

Cybersecurity jobs are relatively safe from AI automation, though the field is evolving rapidly. Here's a breakdown of how AI is impacting cybersecurity roles:

Jobs Most Resistant to AI

Certain cybersecurity roles are considered highly resilient because they require human judgment, creativity, and ethical decision-making:

• Security Analysts: While AI can detect known threats, analysts are needed to interpret ambiguous data, respond to novel attacks, and make strategic decisions. [digitaldefynd.com]
• Penetration Testers (Ethical Hackers): These professionals simulate attacks creatively, adapting to real-time findings—something AI struggles to replicate. [digitaldefynd.com]
• Forensic Analysts: Investigating breaches and tracing digital evidence involves nuanced thinking and legal considerations. [gameofjobs.org]
• Network Security Engineers: Designing and maintaining secure systems requires a deep understanding of infrastructure and evolving threats. [gameofjobs.org]

How AI Is Changing the Field

• Automation of Routine Tasks: AI is increasingly used for log analysis, threat detection, and vulnerability scanning. [purplesec.us]
• Human-AI Collaboration: The future of cybersecurity involves humans overseeing AI systems, ensuring ethical use and strategic alignment. [purplesec.us]
• New Roles Emerging: AI is creating demand for professionals who can manage, audit, and secure AI-driven systems. [www.gsdcouncil.org]

Risks and Opportunities

• Some manual or repetitive roles may be reduced or transformed by AI, such as basic malware detection or log review. [www.gsdcouncil.org]
• However, AI also creates new opportunities in areas like AI security, adversarial testing, and ethical oversight. [www.nist.gov]

Bottom Line

Cybersecurity jobs are not being eliminated by AI—they're being reshaped. Professionals who adapt by learning AI-related skills and focusing on strategic, creative, and ethical aspects of security will remain in high demand.