Shifting the organisational culture to embrace shared responsibility for cybersecurity remains one of the most complex challenges for any cybersecurity leader. Yet, it is a critical success factor: cybersecurity programmes only achieve meaningful impact when they are embraced by all stakeholders, from entry-level employees to executive leadership.

• The cultural vision we aimed to cultivate and why it matters.
• The Cyber Safe Campaign: its objectives, achievements, setbacks, and key lessons learned.
• The role of cybersecurity champions: how they were selected, what worked, what did not, and how they influenced change.
• Practical strategies for fostering an environment where employees feel psychologically safe to report mistakes and take ownership of cybersecurity.

GRC has previously been and associated with rigid, compliance-driven processes that are often reactive rather than strategic. However, in an era defined by regulatory volatility, rapid digital disruption, heightened cybersecurity threats, and intensifying environmental, social, and governance (ESG) demands, the ability to embed agility into GRC functions has become a critical differentiator for organisations.Agility in GRC refers not to bypassing regulatory rigor but to strengthening responsiveness, resilience, and adaptability across governance frameworks. This approach enables organisations to detect emerging risks early, implement iterative controls, and foster cross-functional collaboration while leveraging technologies such as automation, data analytics, and artificial intelligence. Importantly, agile GRC transforms compliance from a perceived cost centre into a value driver—delivering measurable benefits including reduced compliance breaches, enhanced stakeholder confidence, improved crisis response capabilities, and significant cost savings by shifting from reactive firefighting to preventative risk management.For decision-makers, agile GRC provides a strategic advantage by ensuring timely, informed, and risk-aware decision-making that balances compliance obligations with business performance. Regulatory agility is particularly crucial in South Africa, where frequent updates to legislation such as POPIA, the FIC Act, and ESG reporting standards demand rapid adaptation. Organisations that fail to evolve remain exposed to higher operational costs, financial penalties, reputational harm, and competitive disadvantages.Looking ahead, agile GRC functions will increasingly adopt advanced RegTech tools, real-time risk monitoring, blockchain-enabled compliance records, and scenario planning frameworks. These innovations will not only streamline compliance but also allow GRC teams to anticipate risks and support sustainable, long-term growth. By embracing agility, organisations can turn GRC into a proactive enabler of resilience, regulatory compliance, and strategic decision-making in a rapidly shifting risk landscape

The emphasis on the practical value of security governance and compliance beyond theory, showing its role in building a secure and resilient business culture in any organisation with security as its strategy

 Attackers target identity first, making it the most critical security battleground. Defenders must evolve from static governance to real-time identity threat detection and response. This talk highlights how identity compromise fuels modern breaches, why traditional IAM isn’t enough, and what it takes to build resilience against identity-driven attacks.

Identity is not new — it’s always been the attacker’s entry point. What’s changed is the scale and impact of identity compromise in cloud and hybrid environments.

Governance alone is not enough. Traditional IAM controls (certifications, provisioning, MFA) can’t keep pace with attackers who exploit identities in minutes.

Identity Threat Detection & Response (ITDR) is essential. Real-time monitoring, anomaly detection, and rapid containment must become core to enterprise security.

Privilege is the real prize. Attackers don’t just steal accounts — they weaponize entitlements, service accounts, and federated trust to move laterally.

Resilience beats prevention. Assume identities will be compromised; build layered defenses, just-in-time access, and recovery strategies to minimize blast radius.

Kenneth is an experienced IT Assurance, Risk, Security and Governance Consulting Professional with a demonstrated history of working in the information technology and financial services industry. He is skilled in IT Audit, Enterprise and IT Risk Management, Internal Audit, IT Strategy and Governance, Business Continuity and Project Management.

Galeboe Mogotsi is the Chief Information Security Officer (CISO) at the University of the Witwatersrand, where he oversees and manages all facets of cybersecurity to ensure the protection, integrity, and availability of the institution’s infrastructure and information assets. With over 18 years of experience in digital technology and cybersecurity, Galeboe is both a visionary strategist and a hands-on leader, adept at steering organizations through dynamic technological landscapes.

He has a proven track record of fostering security-conscious cultures and leading impactful digital transformations across diverse sectors, including education, defense, and finance. As a Certified IT Business Professional, a Chartered CIO, and an MBA graduate specializing in the management of information security, Galeboe brings both deep technical expertise and strong business acumen to his leadership roles.

Beyond his CISO role, Galeboe is the Co-Founder and Vice Chair of the Cloud Security Alliance (CSA) South African Chapter Board, where he contributes to shaping the future of cloud security and advancing cybersecurity practices across the region.

Passionate about innovation, he actively explores and leverages emerging technologies and cybersecurity solutions to create value and enhance organizational performance. Widely regarded as a trusted advisor and thought leader, Galeboe is a sought-after industry speaker on topics such as cybersecurity resilience, emerging technologies, and business transformation.Galeboe.jfif

Bio: Jenny  leads strategic initiatives in digital transformation, IT infrastructure modernisation,
and enterprise cybersecurity. Recognised as one of the Top 50 Women in Cybersecurity in
Africa (2020), Jenny brings over two decades of experience in aligning technology
leadership with business objectives, fostering innovation, and driving organisational
resilience.
Her expertise spans the design and implementation of robust cybersecurity frameworks,
risk management, data privacy, and regulatory compliance in high-stakes environments.
She is especially skilled in integrating strategic foresight with operational execution,
elevating cybersecurity maturity while ensuring scalable and secure digital ecosystems.
Jenny has consistently demonstrated an ability to deliver secure, agile, and future-proof
IT infrastructures, underpinning successful digital transformation journeys across
complex enterprises.
Under her leadership, organisations have achieved marked improvements in cybersecurity
posture, infrastructure reliability, and cross-functional collaboration.

Koketso is an award-winning Chief Information Security Officer (CISO) with over ten years of experience helping organizations strengthen their cybersecurity posture. Her career has spanned roles in banking, consulting, and telecommunications, and she currently leads the information security function at Bayobab, Formerly MTN GlobalConnect.

With a strong background in penetration testing, she brings a deep understanding of how attackers think, insight that has shaped her proactive approach to cyber defence. Known for her practical leadership style and technical expertise, she has led high-impact security initiatives, responded to complex cyber incidents, and championed awareness programs that make security more accessible and relatable across all levels of an organization.

She holds globally respected certifications including C-CISO, CISSP, CEH, GCIH, Security+, Pentest+, and CNVP, and was recently named MTN CISO of the Year, a recognition of both her expertise and her commitment to making a meaningful difference in the field.