In today’s rapidly evolving digital landscape, cybersecurity threats are becoming more sophisticated, making it crucial for response teams to stay ahead. To strengthen national cybersecurity resilience, a training workshop was held from February 24–28, 2025, at Sunbird Nkopola in Mangochi. The event brought together members of the National CERT (Computer Emergency Response Team) and emerging sectoral CERTs for an intensive program designed to enhance their skills in incident response and forensic analysis. Participants not only deepened their technical expertise but also improved communication strategies essential for managing cybersecurity incidents effectively.

The training covered two key areas. The first day focused on strengthening communication strategies for managing security incidents, ensuring efficient information relay to stakeholders. On the second day, participants engaged in practical exercises using forensic tools to identify and respond to cyber threats effectively. The key objectives included enhancing incident communication, understanding forensic methods, utilizing open-source tools, and adopting best practices for risk mitigation.

Effective communication was highlighted as a critical factor in cybersecurity incident response. Participants were introduced to an Incident Response Framework, which provided a structured approach to handling incidents. Discussions emphasized clear role definitions within response teams, internal communication efficiency, and transparency with external stakeholders such as customers, regulators, and the media. Joana Mhone, a cybersecurity engineer at MAREN, noted that the training significantly improved their ability to communicate effectively during cybersecurity incidents. “The training enhanced our ability to ensure clear and structured messaging to both internal and external stakeholders. We also learned how to manage potential panic and misinformation during incidents. Moving forward, we plan to develop a cybersecurity incident response communication strategy based on globally recognized frameworks and standards,” she explained.

Additionally, participants engaged in practical exercises using advanced forensic tools. They worked with Windows Event Viewer and KAPE (Kroll Artifact Parser and Extractor) to analyze security logs and collect forensic data. Other tools explored included Timeline Explorer, Hayabusa, Wazuh, Velociraptor, and CyberChef, which were used for threat detection, log analysis, and malware script decoding. These exercises equipped participants with essential skills for investigating and managing cybersecurity threats.

To enhance cybersecurity readiness, follow-up actions were proposed. These included developing an incident communication plan, adopting standardized frameworks such as those from the National Institute of Standards and Technology (NIST) or SANS, and integrating open-source tools into daily operations. Strengthening logging and real-time monitoring capabilities was also identified as a priority for improving threat detection.

Mhone emphasized that MAREN should explore integrating these forensic tools with its existing infrastructure to enhance incident response capabilities. “Additionally, developing a comprehensive and efficient incident response plan will be crucial. Our role will involve contributing to the evaluation, implementation, and optimization of these tools and strategies to strengthen MAREN’s cybersecurity posture,” she added.

The training played a vital role in preparing CERTs to handle cybersecurity threats more effectively. Through structured communication strategies and hands-on forensic training, teams are now better equipped to detect, analyze, and respond to incidents. Regular training and continuous improvement will ensure CERTs maintain resilience in the face of evolving cyber threats.