Before anything, I want to make this clear: I do not in any way support breaking the law. Unauthorized hacking is a crime, and it should not be glorified. But that said, there is always more beneath the surface, and maybe it’s time we rethink how we approach cybercriminals in our country.

The Case That Sparked Debate

The headlines have been everywhere: a 26-year-old “Gen Z,” described as a “university drop-out,” hacked into a betting company and siphoned off 11.4 million shillings. The law eventually caught up with him, but what followed was a flood of opinions, some condemning and some lamenting “wasted talent.”

I listened in on a discussion about it but the conversation quickly shifted from crime to education. Why? Because of that label “university drop-out”.

Some argued that tech inclined individuals don’t thrive in four-year degree programs heavy with theory. Instead, bootcamps and short-term training make more sense: practical, hands-on, and focused. That’s a valid point.

But theory has its place too. Every hacker has motives. While money drives most, there’s also psychology and ethics involved in choosing a target. Without a theoretical foundation, those ethical boundaries blur. Self-taught hackers fall back on their personal moral compass, and we all know how different that looks depending on someone’s background. Case and point our 26-year-old cyber security engineer.

Additionally, not everyone in a degree program is there to hack either. A university degree introduces governance, entrepreneurship, and policy which are all crucial areas if you want to shape the future of cybersecurity. So, while bootcamps are great for skills, degrees give the bigger picture. In the end, both are crucial.

Wasted Talent or Untapped Potential?

Now comes the bigger question: what will happen to this young man?

Many believe his only future is prison. If that’s all, then yes, it’s wasted talent. But honestly, we don’t really know what happens after such arrests in Kenya. Once someone is caught, the story disappears. Were they jailed? Were they quietly recruited by some state body or a private company? The stories disappear as fast as they appear.

I would like to believe that some of them are redirected. And if not, then maybe they should be. Because here’s the uncomfortable truth: the same person who broke into a betting system could, under the right circumstances, be the one protecting a bank, a hospital, or even a national power grid.

Cybersecurity as Modern Warfare

We cannot ignore the world we live in today. Battles are no longer fought only with guns and boots on the ground; they are fought with keyboards.

• On 17^th of December 2016 , Ukraine experienced a malware attack targeting their power grid. This attack was done automatically making it clear that it is possible to affect a whole country’s power without being physically there.
• Stuxnet , one of the most popular cyber-attacks. This is the attack most believe was orchestrated by Israel in collaboration with the U.S on Iranian’s nuclear enrichment facility. Although the facility was off grid, somehow someone was able to sneak the worm into the facility load it on the systems leading the worm o propagate itself to other systems. The result of it was that it tricked the centrifuges to spin faster while sending no alert to indicate that there was something wrong in the systems. The results were catastrophic as some of the centrifuges blow up in the process.

History gives us lessons too. Switzerland stayed out of World War II partly because it was too well-armed to be an easy target. In the same way, countries today need to be armed not just with weapons, but with cyber capability. And yet, here we are, throwing away the very minds we might need.

The Bigger Picture

This problem is not just about individuals it’s about the ecosystem we’ve created.

• We overvalue degrees and undervalue skill. Many gifted people don’t even bother applying for jobs because they don’t meet the “Bachelor’s degree required” checkbox and if they do have a bachelor’s degree, it is not “related” to the field.
• We don’t have structured national programs to identify, train, and absorb cybersecurity talent.
• Our laws are heavy on punishment but light on innovation, leaving us reactive instead of proactive.

Other countries run bug bounty programs rewarding hackers who find vulnerabilities instead of prosecuting them. Why? Because punishing one person doesn’t fix the hole. Another hacker will always come.

Elsewhere, what we dismiss as “Kamiti scams” is studied as social engineering. Companies even sponsor competitions to test how easily people can be tricked, all to ensure that their employees are ready for any form of intrusion.

I am not defending crime. Cybercrime must have consequences. But punishment alone is not enough.

We need an approach that incorporates accountability addressed through legal means and capability through recognizing talent, even when discovered in the wrong way, is redirected into serving national defense and strengthening industries.

Because let’s be honest wars today are already being fought online. In that kind of world, the future will not be decided only by soldiers in uniform, but also by the minds behind keyboards.

Conclusion

The case of this young man has stirred emotions because it forces us to face two truths at once: our systems are vulnerable, and we have untapped talent.

We can keep doing what we have always done, label, condemn, imprison or we can start thinking differently. If we want Kenya to compete globally and protect itself in the digital age, we need to punish crime and create pathways to channel such talent for the good of the country.

Because in the end, ignoring the potential of our own cyber talent is not just a waste it’s a risk. And wasn’t it said once to keep friends close and enemies even closer?

Thank you for reading this post, don’t forget to subscribe!