Kelly Onu is a vibrant young tech talent, one of the few women in the global cybersecurity workforce who stands out with a distinct edge. A Senior Cybersecurity Consultant at Ernst & Young, she leads secure-by-design and AI security for Fortune 500 companies, her strides earning top honours including the Canadian Security Emerging Leader award, Cybersecurity Woman of the Year, and a place among the Global 30 under 30 in Cybersecurity. Onu’s rise in a male-dominated field reflects resilience. As the only woman and African at her U.S. alma mater, she endured biases that foreshadowed what awaited her in the field, dynamics she notes are typical for women and persist because of leadership gap she is now determined to bridge. In this conversation with Omolabake Fasogbon, the Canada-based Nigerian shares insights on the self-imposed barriers that limit women’s chances. Excerpts:
You’re thriving in a space long defined by male dominance. What is it that drives and sustains your motivation?
It goes back to 2004. I was in Primary 4 when my mum bought our first home desktop. Home internet was not easily accessible in Nigeria then, but I was fascinated. I spent hours figuring out how to connect to the web and stream music. Fast forward to secondary school, at Vivian Fowler Memorial College for Girls, Lagos, I was one of the inquisitive ones during computer classes. The school was remarkably forward-thinking; by SS1, I was designing websites with Adobe Dreamweaver, and by SS2 I was learning programming languages like SQL, HTML, and Java. That foundation made choosing Information Technology for university a straightforward decision. Then, in my third year, an ethical hacking class changed everything. The moment network security concepts, like encryption, jail breaking, penetration testing all clicked, I knew cybersecurity was my path.
Have you always envisioned this career, or did it evolve?
It evolved. I began taking security and hacking classes at university out of curiosity, not conviction. Two years into my first professional role, I decided to get serious and completed a Master’s in Cybersecurity at Georgia Tech. The clarity came gradually through doing, failing, and pushing further.
Were there moments of self-doubt?
Absolutely, especially when I attended Florida International University for my Bachelor’s degree. Culture shock and imposter syndrome are very real. What kept me going was the clarity of my goal and the honest realisation that I could not give up. I had come too far to turn back, and too many people were watching. That accountability matters.
So you were the only woman and African in your cybersecurity classrooms. Did you feel intimidated?
Well, this has become my reality, even in the corporate world. In many professional settings, I am often the only African and one of very few women. The gap was obvious at university because picking a tech major was not common for women then. I sat in classes where the demographic difference was stark. Rather than feel intimidated, I used it as motivation. I want women to understand that cybersecurity is not just for tech enthusiasts of a particular mould, it requires creativity, psychology, and storytelling, skills women naturally bring.
Reports show women represent about 25 percent of the global cybersecurity workforce. In Africa, it is one in ten. What to you is responsible for this imbalance?
It starts with exposure. My school was forward-thinking, but that is the exception, not the norm, particularly in Nigeria, where accessibility compounds the problem. Government-funded programmes for women with financial need could create a serious talent pipeline. Organisations like CyberSafe Foundation in Nigeria and CyBlack in the UK are doing valuable work, but the scale of the gap demands more. The will has to come from the top.
From your experience, can you brief us on the unique risks women face in navigating this space?
I have noticed that women and minorities routinely have to put their best foot forward just to be recognised. In a male-dominated field, ideas get ignored or quietly absorbed by others, and promotions stall because there is nobody in leadership who looks like you to sponsor your case. What I think what is needed are more Black executives in global companies willing to be outspoken about this gap, not just sympathetic, but vocal and active. Moreover, it is wrong to believe cybersecurity is only about “hacking” or that you must be a coder. The industry needs sales executives, marketers, and professors; it is open to all backgrounds.
So how do you navigate working with male contemporaries and clients?
It’s all about resilience. One just has to be undeniable in one’s expertise. Once one proves to know one’s craft, the dynamic shifts. But the initial burden of proof is almost always higher for women.
What leadership gaps do you think still needs to be addressed for women to rise and thrive in this space?
More specifically, sponsorship. Mentorship is giving advice. Sponsorship is putting your reputation on the line to pull someone up. Those are very different things. My goal is to be the sponsor that I wish I had when I was starting out.
On whom does the responsibility then fall to build stronger pipelines for women in cybersecurity?
In a perfect world, everyone shares it. In practice, change happens when local initiatives, nonprofits, and private organisations commit their resources, not just their words. Companies need to stop just talking about inclusion and start funding scholarships, internships, and targeted hiring programmes. Intention without investment changes nothing.
As an ADPList Top 10 Mentor in Security Engineering 2025 and a scholarship reviewer who has helped award over $40,000 to underrepresented tech talent, what key qualities do you seek in scholarship applicants?
Career intention, existing accomplishments, and what I call the multiplier effect. I look for candidates who have already dipped their toes in the field, but most critically, I look for a commitment to keeping the door open for the next person. Talent that circulates is far more valuable than talent that accumulates.
You’ve observed recurring mistakes among early-career women professionals. Can you identify them and what practical advice would you give to female professionals who want to build a strong career in this field?
One common misstep is specializing too early without exploring the breadth of the profession — whether it’s governance, risk and compliance (GRC), application security, or penetration testing. Another mistake is ruling out technical roles because of a perceived lack of tech background. Cybersecurity is vast, and many skills can be learned with persistence. Don’t let assumptions close doors before you even try. Networking is another area. Too often, it’s transactional, focused only on landing a job. I encourage mentees to build genuine, long-term relationships that open doors to mentorship, sponsorship, and collaboration. Finally, don’t let anyone box you into roles you don’t want. Women are often pigeonholed into softer functions like project management. If your passion is penetration testing or forensic analysis, pursue it boldly. Never self-reject before anyone else has had the chance to say no.
What do you consider the single greatest cybersecurity threat facing Nigerian businesses today?
A lack of visibility and data. We do not have authentically sourced, transparent reporting on breaches: how many occurred, what they cost in naira, how many people were affected. Without that data, we cannot improve our defences or our reputation. Current figures suggest Nigerian firms experience an average of 4,200 attacks per week, 60 percent above the global average. That number should alarm everyone.
Which economic sectors would you say carry the most complex cyber risk?
Globally, financial services and healthcare carry the most complex cyber risks, not just because of regulations like laws that protect patient records (HIPAA) and standards that protect credit card data (PCI DSS), but due to the sensitivity of their data and the need for constant availability.
Both sectors handle highly confidential information, making them prime targets for cyberattacks, and any breach can have immediate and long-term consequences. Their environments are also highly interconnected, which increases the attack surface and complexity of securing them.
What’s your take on Nigeria’s pace of digital transformation and the state of its cybersecurity infrastructure?
There is a gap which leaves Nigerians exposed to daily cybersecurity risks. The risks range from romance scams and phishing to sophisticated threats like prompt injection in AI agents. We are moving faster than we can safely handle. Regulations like the Cybercrime Prohibition and Prevention Act of 2024 and the Nigeria Data Protection Act of 2023 are steps forward, but they need to be comprehensive enough to cover not only traditional IT risks but also emerging ones like AI, quantum computing, and beyond.
You’ve also spoken extensively about internal security threats. What would you say concerns you most about the future of cybersecurity?
State-sponsored attacks are my biggest concern. Governments need to brace for these threats and embrace AI-driven defenses. Cybersecurity is no longer just about protecting companies, it’s about national resilience. At the same time, scams like phishing and romance fraud will continue to thrive because they exploit human psychology. Technology alone won’t solve this; awareness and vigilance are equally critical.
In light of evolving risks, which emerging AI threats should organisations be preparing for now?
AI agents are fast becoming the new norm, but they introduce risks that many organisations are not ready for — prompt injection, model poisoning, and adversarial inputs, to name a few. There is also the question of data bias. If AI systems are trained predominantly on Western data, they lack the cultural context needed for decisions that affect African communities: medical diagnoses, law enforcement, and financial access. That gap is not theoretical. It is already causing harm.
So Nigeria is experiencing a significant exodus of cybersecurity professionals just like in the medical space. Why do you think this is so?
The truth is that this will persist until there are proactive initiatives to retain talent. Graduates wait years for stable employment or compensation comparable to what the diaspora offers. Naturally, people look to study abroad where job prospects are more reliable. NYSC exists, but there is no solid pipeline to absorb talent after service year. Infrastructure challenges also push tech companies to neighbouring countries, shrinking the local job market further.
You’re one of Nigeria’s own making impact in another country’s economy. How are you contributing back home?
My commitment to Nigeria remains strong through mentorship and partnerships. I’ve mentored women via global cybersecurity organizations like Black Girls in Cyber and ISACA, and I collaborate with African-founded startups like HackerProof HQ to publish regional educational content. Together, we’ve built a community of over 5,000 individuals and are developing an AI-enabled platform to help Black professionals globally prepare for technical interviews and secure employment. So while I may be based outside of Nigeria, in terms of where my effort goes, I am very much at home.
How do you get to balance your corporate assignment with leading a startup community?
By maintaining control of my peace of mind — mental, spiritual, physical. If any of those are compromised, I reprioritize. I have learned to listen to my body and accept that a hectic schedule has an ebb and flow. Balance is not a fixed state; it is something you keep returning to.
Outside your job, what passions fuel your creativity?
Travelling. This teaches me to respect other cultures and broadens how I see problems. I also love reading African literature. I recently finished Buchi Emecheta’s ’The Joys of Motherhood’ in a book club I hosted.
You’ve risen rapidly in your career and earned some of the most prestigious honours in your field. What would you say has been the most defining moment for you so far?
While I value those awards and recognitions, especially from industry-respected bodies like IEEE that made me feel truly seen in my over eight years of practice, the most defining for me is watching my mentees land dream roles at Apple or top consulting firms. That is what I am building towards: a sustainable ecosystem where Nigerians are supported financially and academically to reach their tech potential.
Leave a comment