ONGOZA
CYBER HUB
Back home
The OCH Way

Cyber careers,
rebuilt for Africa.

Most cyber education is shaped like this: buy a course, study for an exam, hope an employer trusts the certificate. For Africans, that path is expensive, distant, and slow — and the credentials at the end aren’t even verifiable. We’re building the opposite of that.

Why we exist

African cyber learners face a shape mismatch. The dominant paths — OSCP, CEH, OSCE, CISSP — are built around US regulators, US case studies, US pay scales, US employer expectations. They cost $1,000–$5,000 each and take months. Even when an African learner finishes one, the content rarely maps to the threats they’ll see in Lagos or the regulators they’ll answer to in Nairobi.

Meanwhile, the continent is short on cyber talent. Banks, telcos, fintechs, and the public sector are hiring. The problem isn’t that there aren’t learners — the problem is that there’s no learning path shaped for them, and no credential model an African employer can actually trust without phoning the issuer.

We started OCH because that asymmetry is fixable. A learning system grounded in African context, validated by cryptographic credentials, paid in M-Pesa, and reachable from a feature phone via WhatsApp — that doesn’t exist anywhere else, because nowhere else needed it as badly.

What we believe

Five principles that shape every product decision.

01

The daily 5-minute habit beats the 4-hour weekly cram.

Habit-based learning compounds; cram-based learning evaporates within weeks. We've designed the entire product around that asymmetry — one short drill a day, every day, for a year — instead of episodic study sessions that only happen when life cooperates.

02

Demonstrable skill beats accumulated knowledge.

You don't earn a credential by studying for the exam. You earn one by solving the problem. Every milestone validates against actual drills (incident-response, regulator-defense, exec-comms) — not by memorizing facts you'll forget the day after.

03

Africa-context isn't a localization layer. It's the foundation.

Lagos smishing waves, NDPR breach windows, Safaricom KYC patterns, JSE ransomware postmortems — these are the canon, not the edge cases. Western scenarios appear when relevant; they don't define the curriculum.

04

Verifiable beats prestigious.

An employer who's never heard of OCH should still be able to confirm your credentials are real in 10 seconds, offline. Cryptographic signatures travel further than brand recognition — especially across borders, time zones, and trust boundaries.

05

A coach who knows your context beats a course you bought.

Debbie reads your spine, your country, your last drill, and what just escalated on the continental pulse. She gives different advice to a junior SOC in Lagos than to a CISO in Cape Town — because their next move is genuinely different. Generic content can't.

How we work — 3 layers

Most cyber-learning products do one of these well. We do all three because they’re each useless without the others.

Layer 1 · The daily drill habit

  • One short auto-graded drill picked for you every morning, on WhatsApp or web
  • Tied to a specific milestone on your career spine — drills feed milestones, milestones mint credentials
  • Driven by what's happening on the continent today — drill matches today's threat / event whenever it can
  • 5–15 minutes — fits between meetings, on the commute, during the kettle boil

Layer 2 · The career spine

  • 6 career tracks: Defender, Offensive, GRC, Innovation, Leadership, Entrepreneurship
  • Each track has 8 milestones — Foundation → Specialization → Mastery
  • Validate a milestone, mint a verifiable credential. Browse other tracks read-only; switch anytime in Settings
  • Cross-track pivots are mapped explicitly — your detection-engineering work crosses to Offensive's AD red-team

Layer 3 · Debbie + the Talent Passport

  • Debbie — your AI cyber career coach, on WhatsApp + ⌘/ web drawer
  • Public Talent Passport — one URL with QR code; share with any employer
  • Cryptographically-signed JWT credentials any third party can verify offline against /api/credentials/jwks
  • Built to reach a feature phone — WhatsApp ingress, low-bandwidth PWA, M-Pesa / MoMo / Airtel Money rails

What this means for you

If you're a learner
  • 5 minutes a day, every day, beats 4 hours a week, sometimes.
  • Your verifiable career profile starts existing the moment you pass your first drill.
  • An employer who Googles you finds your Passport with credentials they can verify — not just your LinkedIn brag.
If you're an employer
  • Hire from a pool of Africans whose skills you can verify cryptographically in 10 seconds.
  • Every credential is signed, dated, scoped to a specific milestone — never 'what does this cert even mean?'
  • Filter candidates by validated track + milestones, not by where they bought a course.
If you're an institution
  • Sponsor learner cohorts at $20K/year for 100 seats. Co-brand the Passport. Audit progress.
  • Real outcomes — credentials issued, milestones validated — not seat-time and completion percentages.
  • Want details? Email partners@cybochengine.africa.

What we're not

Honest framing matters. OCH is one shape of solution. Here’s what we explicitly do not try to be:

  • Not a video-course platform.

    If you want to watch lectures, Pluralsight / Cybrary / TryHackMe are great. We don't do videos.

  • Not a credential mill.

    You can't pay your way to a milestone. Validation requires passing real drills, every time. No discounts on rigor.

  • Not a job board.

    We don't host listings or take placement fees. Your Passport is the bridge — what an employer does with it is between you and them.

  • Not a labour broker.

    We never represent learners commercially. Your account, your context, your data, your credentials. Always.

Build the muscle. Mint the proof.

Claim the cyber operator African banks haven’t met yet.

Fourteen days, full access, no card. Your spine and credentials are yours to keep — even if you don’t continue.

Enter OCH
Or read the docs first.