“With cyber threats, it’s never a question of if – only when,” warns John Paul Onyango. And if anyone knows how to read the digital danger signals, it’s him. As East Africa manager for Check Point Software Technologies, Onyango sits at the frontline of the region’s cybersecurity battles, where every click, every login, and every data exchange could be a potential breach.
His own journey into tech wasn’t a straight line. He began in Uganda as a young engineer pulling cables – before moving into systems, then sales, and finally into the high-stakes world of cybersecurity in 2015.
“Everyone in the industry starts out cabling,” he says with a laugh.
That leap would ultimately land him at Check Point, where he now oversees operations across Eastern Africa, guiding clients through an era where ransomware, phishing, and state-backed attacks are no longer fringe concerns but boardroom priorities.
In a recent conversation with Expression Africa editor Rwandet Choge, Onyango broke down the evolving threat landscape and why both individuals and organisations must take cyber defence seriously – because data is the new currency.
EXPRESSION AFRICA: First, tell us a bit about Check Point Software Technologies
JOHN PAUL ONYANGO: Founded in Israel in 1993, Check Point Software Technologies Ltd is a big player in the enterprise market, protecting businesses against cyber threats. It’s headquartered in Redwood City, California, and Tel Aviv, Israel. The company’s main African operations are run from Johannesburg, South Africa, with satellite offices in Morocco, Nigeria, and Kenya.
The company is best known for pioneering FireWall-1 – the firewall as we know it – and engages in a variety of tasks including securing user e-mails, cloud transitioning, external risk management, and more.
What are the biggest cybersecurity threats facing Africa?
Threats are worldwide; it is not just about Africa. The biggest threat is the AI-driven cyberattacks which bypass traditional security. Ransomware is also another one and has been there for quite some time, where files are encrypted and the attackers ask for money before or they sell your data to the dark web. Cloud vulnerabilities are also another challenge since most organisations are transitioning to it.
Using the Kenyan government as an example, how prepared are African governments to tackle cybersecurity in your own assessment?
The Kenyan government is trying its best through the Ministry of Information and Communication Technology (ICT) and the ICT Authority to employ the best tools to secure the nation.
But there is still room for improvement. One thing that needs to be done is training and educating the users since most of these threats come from them. We have to start looking at cybersecurity not just at the entry level but we need to ask ourselves have we secured the users and our data centres?
Anonymous Sudan attacks really helped in creating cybersecurity awareness.
How widespread are the attacks?
They are hundreds, if not hundreds of thousands, because they vary. Some get attacked and they are not even aware. Some are attacked and talk about it. Others get attacked and decide to remain silent about it because of the risk involved; for example, if there is a case of a cyberattack in a bank and customers get to know, chances are high they will switch banks. In short, attacks happen daily in thousands.
How are you leveraging AI in cybersecurity and cloud security?
Check Point has incorporated AI in our tools. We recently acquired Lakera, an AI company, to help us secure our customers. One thing people should know is that cloud security begins with you.
What would you advise organisations when it comes to mobile phone use and security?
Mobile phones are going to be the next biggest threats to organisations in terms of cybersecurity. Almost 99% of mobile phones in Africa are not protected and organisations need to come up with policies where, for workers to access the office Wi-Fi, there has to be some sort of security.
What are some of the operational challenges you face?
We have no major difficulties since Kenya is among the leading countries in digital transformation. We, however, still have room for improvement and organisations need to know that data is the new currency.
What is Check Point’s broader strategy in Africa?
As we work with enterprises, we would also like to work with authorities and governments to formulate the right policies and ensure that people are also trained to adapt to the rapidly evolving technology.
Do you have collaborations or partnerships helping you achieve this?
We have local players, which means we also give back to the countries we operate in, since those partners also have a workforce. They are our first line of support.
How does success look like for Check Point in the next 3-5 years?
Success is when every cyber threat is prevented. Remember, the threat actors are also not sleeping.
How are you addressing skill gaps in the sector and what would you advise young people trying to build careers around cybersecurity?
Because this is a dynamic field, the issue of skill gaps will always be there, and we are doing our best to fill them. We have academies across Africa and here in Kenya, we have a learning centre that offers Check Point certification. We hope that in the near future we will work with colleges and universities to design the curriculum.
To the students, this is a huge industry. In Kenya, we have cybersecurity-oriented manufacturers, and they can take advantage of this. There are also trainee and graduate programmes as well as learning centres which can be helpful.
Looking into the future, what are some of the digital shifts in cybersecurity and some of the things that excite you?
The beauty is that this is a fast-changing industry, so we have to prepare and have the right tools in terms of prevention rather than detection.
What would you tell any CEO or people in government about cybersecurity?
With cyber threats, it is not a matter of ‘if’ but ‘when’. Are you ready?
Tell us about your leadership style and what aspect of it would you like to change?
I always like when people are self-starters; mine is to help and guide. The problem is I am a workaholic and this is something I need to change.
