What’s in the SOSS? Podcast #61 – S3E13 Beginner to Builder: Shaping the Conversation in Open Source Security

In this episode of What’s in the SOSS, Yesenia Yser interviews cybersecurity analyst Ejiro Oghenekome about her journey from UI/UX design to becoming a key contributor to the OpenSSF. Ejiro shares the inspiration behind her public “100 Days of Cybersecurity” challenge, which has helped her maintain discipline and consistency while making the field less intimidating for beginners. She discusses how connecting with the OpenSSF community led her to the BEAR Working Group, where her authorship of the “Beginner to Builder” blog series has allowed her to move from consuming content to actively shaping the open source security conversation. Ejiro also offers advice to the next generation, emphasizing that open source contribution is not just about coding but is a welcoming space for anyone to learn and grow, regardless of their current expertise.

00:00 – Music, Promo clip, & Welcome
01:11 – Ejiro details her transition from UI/UX design to cybersecurity and connecting with OpenSSF.
03:39 – Ejiro explains her motivation for starting the 100-day challenge, including receiving advice to learn publicly and a previous rejection from an internship.
06:49 – Ejiro shares that she is currently on day 44 and expects to complete the challenge around April.
07:50 – Ejiro discusses her biggest personal lesson: understanding consistency and discipline, and learning from the community.
10:45 – Ejiro describes her authorship of the “Beginner to Builder” blog series, which shifted her from consuming content to shaping the open source conversation.
15:47 – Ejiro shares the impact of her work, noting that it has made cybersecurity feel less intimidating for beginners and helped her grow in confidence.
18:22 – Rapid Fire Questions: Ejiro shares her preferences on books, cooking, social media, and more.
21:13 – Ejiro offers advice to the next generation, emphasizing that open source is welcoming, not just about coding, and provides great opportunities for learning and growth.
24:46 – Yesenia concludes the interview, thanking Ejiro for her time and contributions

• Ejiro (Sonia) Oghenekome LinkedIn page
• Ejiro’s GitHub page
• BEAR Working Group
• Ejiro’s OpenSSF Beginner to Builder Blog Series:
  • Blog #1: From Beginner to Builder: Understanding OpenSSF Community and Working Groups
  • Blog #2: From Beginner to Builder: Your First Code Contribution
  • Blog #3: From Beginner to Builder: Free OpenSSF and Linux Foundation Education Courses
• Get involved with the OpenSSF
• Subscribe to the OpenSSF newsletter
• Follow the OpenSSF on LinkedIn

Intro Music (00:00:00)

Ejiro Oghenekome (00:01.366)
So I have embarked on a 100-day cybersecurity challenge where I post whatever I learn about cybersecurity in the open. I posted both on LinkedIn and on Twitter, currently known as X. I was told to learn publicly. It has really helped me to stay consistent and it has also helped me to stay disciplined.

Yesenia Yser (00:23.662)
Hello and welcome to What’s in the SOSS, OpenSSF’s podcast where we talk to interesting people throughout the open source ecosystem, sharing their journey, experience, and wisdom. So Yesenia, one of your hosts, and today I have the utmost pleasure of interviewing Jiro, who has been such a great part of the open source community and has done a lot for us already from part of the FAIR program.

writing a few blogs that we have seen out in the wild, and much more. don’t want to share details of the upcoming podcasts, but welcome, Ejiro. Please, you know, let’s start with you for listeners that are meeting you for the first time. Can you introduce yourself and share your journey into open source cybersecurity? Like what really pulled you into this space?

Ejiro Oghenekome (01:11.822)
Thank you very much for having me here. Hello everyone. My name is Ejiro Oghenekome. I’m a cybersecurity analyst. Currently I am contributing to the OpenSSA. So for how I got into this space and where I am at right now, I’d like to give a little backstory on myself so that I would better understand how I got to this particular phase of my career. I used to be a UI UX designer a couple of years.

But I think about 2024, I started to like not see myself doing UI UX in a long time. And as at that point, I was already interested in security. I was already curious to know how data is secured and a lot of other things about security. So I decided to dive in and take it as a career to learn about security. And the first course I took was the Google Cyber Security Certification course on

Coursera and it was a very interesting course. I took that. had other little courses that I took some on YouTube and other very, very not so prominent courses that I took that helped my career helped shape my career going forward. And something I didn’t have, I didn’t mention was the fact that I’ve always known about open source, even during my UI UX design time, but I really did not partake in open source contribution as at that point.

But I really, did not want my cybersecurity journey to be that way. So I was looking for every means to get into this space, to try to contribute to open source with my cybersecurity career. So fortunately for me during that time, I think about 2025, met a friend, told me, or I saw a post from a friend where she had an interview with someone that was talking about open source and open source security. I found that very interesting and I reached out to her.

I like to connect to the person so that they would share more light on contributing to open source, especially with my focus, which is cyber security. And she actually did that to me. She actually did that for me. And I connected with the person. The person was Sal. I a couple of meetings with Sal and she got to know where I was in my career, which led her to introduce me to the OpenSSF. And yeah, I am today trying to contribute to the OpenSSF in whichever way I can.

Yesenia Yser (03:39.854)
That’s such a great story how one friend, one webinar connected you to one individual that opened up the space of open source and it’s brought you to where you’re at today. Such a great story to hear. And one of the little birdies in the open source told me that they gave you a hundred days of cybersecurity challenge that you’ve been publicly documenting on LinkedIn. Like what inspired you to start that journey and

What do you hope would come from it?

Ejiro Oghenekome (04:10.67)
So I have embarked on a 100-day cybersecurity challenge where I post whatever I learn about cybersecurity in the open. I posted both on LinkedIn and on X. Twitter, currently known as X. So my journey can be documented. What’s made me do this was the advice I got from friends and loved ones. I was told to learn publicly. And that really has shaped me over time coming out.

because looking back, it has really helped me to stay consistent and it has also helped me to stay disciplined in terms that I feel so indebted to the cause of posting because I’ve seen a lot of people grow interest in what I have posted about my career, everything I do about cyber security. It has really been an interesting journey for me. Also, another reason why I embarked on the 100 day of cyber security challenge was because

I would say I got a rejection from an internship. I really did not get a feedback from them. So I would know, I don’t know if I should say that’s a rejection, but technically it is because I didn’t get the feedback. I really wanted to get a practical knowledge of what I was already learning. I’ve learned for a while and I wanted to get into the practical space. I wanted to get into the real world space to practice what I have been learning. Applied for the internship. Unfortunately.

I did not get it, so I had to take some step back and make a curriculum for myself where maybe I would be able to create something that feels really practical. The internship I applied for was a three-month internship, which is 90 days, if I would say technically. So I just had to do it, 90 days for an internship that I did not get. So I had to make it a 100-day for myself. Looking at all I have done, what I hope

to come out from this, which I am already saying is for people to know me for what I do. For people to know me for open source, for people to know me for open source security, for people to know me for cybersecurity, and for people to know me for preaching and being an enthusiast of open source. People should come into the open source space to contribute to open source and see the opportunity it comes with. And people to also know that

Ejiro Oghenekome (06:34.734)
I’m a cyber security analyst and I also give best practices. I also give basic knowledge of what cyber security is and all of that. Yeah, that is what I hope to get my 100 day challenge. And it has really been turning out well for me.

Yesenia Yser (06:49.836)
I love that because getting online and really just sharing what you’re learning, you know, on a cadence, whatever cadence that is for you is such an important way just for your own accountability and for others to connect to you, connect with you and learn what you’re learning, especially if you’re looking for jobs. I’m just curious right now it’s, you know, mid February. What day are you in for this challenge?

Ejiro Oghenekome (07:13.774)
Yeah, I think I’m in day 44. Nice. Yeah, day 44. It’s been a great journey. Yeah.

Yesenia Yser (07:22.574)
24 days. So when do you envision, it’s 100 days, so when do you envision this challenge ending?

Ejiro Oghenekome (07:29.39)
Let me try to do a rough calculation right now in my head. So we have a couple of these. So let’s see the beginning of around April. I’m not sure the dates for April. I’m not going to give an exact estimate, but yeah, by April I should be done with the 100 day cybersecurity challenge.

Yesenia Yser (07:50.85)
Very nice. Okay, so we’ll keep watching. you’re deep into this challenge. 44 days is a great time because that’s built in that habit to get it done and share out what you’ve learned. But I’m curious, what’s your biggest lesson that you’ve learned so far? And not just like technically, but like personally, like how have you changed how you see your learning, your discipline, or just like your community growth?

Ejiro Oghenekome (08:17.614)
Okay, that’s a very interesting question. I would really say if I’m going to put it short, I’ll say it has not been an easy journey. It’s not been easy because it’s not easy to stay consistent and trying to like, remodel my expectations of what I have to post, what I have to do. It is not easy. I’ve come to see that everything cannot go on the same pace every day.

I’ve had to stay consistent. I’ve had to understand what consistency and discipline means. I’ve come to get that. Consistency does not mean I have to be in the same place every day. I do not do the same thing every day. Some days I might not even feel motivated to want to partake in that particular challenge for that day. But have to stay disciplined. I have to stay consistent, which might make me cover less than what I covered the previous day.

Other days I might feel so motivated that I might cover more every other thing I’ve covered in the past. It just happens. One thing I’ve learned is staying consistent, what consistent really mean, being very disciplined in the space. Also it has given me a very good routine. In terms of community, I’ve come to understand that community is where I learn.

This learning can come by interacting with projects and interacting with people in the community that have more experience than I do. During my 100-day challenge, I’ve been able to have the opportunity to be part of the OpenSSF. This has gone hand in hand with the 100-day challenge that I’m doing. For the fact that I’m part of the OpenSSF and doing my 100-day challenge, I’ve seen the impact that the OpenSSF community has had on me. I’ll give a very simple example.

We had a blog post or we had a blog post that talks about a lot of things that we might go over eventually. Because of one research I did for one part of one series of the blog post, I a course on the OpenSSF and the Linux Foundation Education that I took in and I benefited from. That is the LFD121, that is developing secure software.

Ejiro Oghenekome (10:34.274)
want to understand from this journey that I’ve taken that I could learn from community, I could learn from interacting with people, want to understand what consistency and discipline mean.

Yesenia Yser (10:45.678)
That’s awesome. Yeah, I when you started being involved in the Bear Working Group, you and Saul were working on a blog series and I you just lightly mentioned it. It’s beginner to builder. What has that experience been like moving from learning to actually contributing publicly? And you know, this blog, it’s a big deal. It’s a three series blog. Like what does this authorship mean to you in the aspect of open source?

Ejiro Oghenekome (11:13.208)
Again, I would try to give an example to put what I have learned and how contributing to open source has been to me. During my design career, I’ve always known about open source, but I was not involved in open source contributions because as I did, I would say I did not know where to start. I did not know what to do. I did not know how to get into the space. I also felt most of the times that I did not know enough to be able to partake in open source contributions.

all of that and that’s feeling of mine is something I feel like a lot of other persons also do have. It was a problem for me and that problem I felt that a part of the blog post was able to solve it. One thing about me is if I experience a particular challenge or problem going forward in my career I try my best to solve it so that when people come behind me and they experience such problems they would not find it difficult to solve because they are

cases or maybe they are documentations that will help them go through this problem. That is one thing that I’ve been able to do with the blog posts and that is how, that is why the blog post publication was made public. And for me, Autorship in open source is more than just putting my name on the blog post or making contribution. It represents ownership of my learning and my voice. When I started my cyber security,

I was mostly consuming content. was reading documentations, watching tutorials and following experts. questions, I did all of that. But authorship changed the dynamics of everything for me. It shifted me from being just someone that consumed information to someone that is actively shaping the conversation, even if it was in small ways. Authorship made me feel responsible. I know that something I am going to write

is going to be published and the knowledge I share is going to be put out in the ecosystem. It would make me more focused. It would make me more thoughtful. It would make me more intentional about what I’m going to post. And this led me to call back, questions, ask people from the community to give me feedback on the blog post I wrote. I think you must have experienced that because

Ejiro Oghenekome (13:35.916)
During the first part, the second part and the third part, we were always very intentional to make sure that we got feedback from the community so that the best resources can be put out there to solve the actual problem we saw that we wanted to solve. And also, Authorship for me means visibility. As someone from Nigeria and someone who transitioned from design to cyber security, Autorship allows me to exist in a public space where people like me

are not highly represented. It shows that contributions does not have to fit a specific style or character. Also, it also makes me confident. It means that I am no longer waiting until I know everything before I can speak and before I can contribute in the open source space. Comfortable contributing while I am learning.

This is very powerful in the open source space because the open source space does not work with one person’s perfection, but it works with individuals putting together their efforts and their knowledge to try to make things work. The bear walking group and generally the OpenSSF community has really been helpful in this part. I’ve been encouraging, they’ve been friendly and they have pushed me to understand things. They have guided me each step of the way.

to understand what I am doing so that whatever resources we put out there will be the best quality for people that are going to have that.

Yesenia Yser (15:08.448)
It reminds me a lot of when I started, like just grabbing whatever kind of resources I could find and just learning. And when I realized that I was able to use my voice or my penmanship, so to speak, to share out information, I realized the power and the impact that I can have, you know, just not for my own credibility, but also you never know who’s going to read it down the line. Like I have articles that I wrote years ago or that I published that people still reference.

Nowadays that they’re like, this was an amazing article that you wrote. learned so much. So big kudos to you for that.

Ejiro Oghenekome (15:45.55)
Thank you.

Yesenia Yser (15:47.17)
Before we get into the rapid fire, I would love to know what impact you’ve seen in the community, either from your 100 day posts or your bear working group, like the work you’ve done with the blog. I know you mentioned a bit in this session, but I would love to learn, know a little bit more of looking at your journey so far. Like what impact have you seen?

Ejiro Oghenekome (16:08.634)
Genuinely speaking, I really did not think about impact when I started all of this. When I started my 100-day challenge, I was not thinking about the impact it was going to have on anyone. I just wanted to learn. When I started contributing to open source, I just wanted to learn. But over time, I started to notice little impact on people. I saw that for my 100-day challenge, people would message me saying things like, they started learning because they were following my post.

Some people asked me questions on the tools that I use and if I will be able to share resources with them. Other people said that made cyber security feel less intimidating because of course, a lot of cyber security posts we see online are from experts that would tell us in cyber security knowledge and try to express things in very technical terms for us, which could be very intimidating for beginners.

for people that are beginners that could relate to what I was saying, that could relate to very basic things in cyber security. It really felt nice. It really felt welcoming. It gave them confidence to say, okay, I could learn this. I could start somewhere. I could get some of this knowledge and get to that point of expertise where I would be able to have this opposed, intimidating knowledge also to myself. Also talking about the community.

The impact has been slightly different. I’ve been able to be part of so many decision-making. I’ve connected with experts that are very kind and friendly, and they want to see me grow. From publishing the blog series, this has made me more aware of my words, that my words could guide people that are just starting up, and this makes me feel so happy. I’m growing in the community in terms of

confidence and experience and also in transferable skills, in terms of receiving feedbacks and all of that growing. And I see that when resources are put out there, it’s really encouraging to me.

Yesenia Yser (18:22.126)
That’s awesome to hear the impacts from, I think he started maybe like a year or so ago into the organization. So it’s great to see and hear what has happened within a year.

So let’s go ahead and move on to the rapid part of the interviews. You gotta have fun with some of these parts. So I’m gonna ask you a series of this or that kind of questions or what’s your favorite X and then you just go ahead and respond. So first question, books or podcasts?

Ejiro Oghenekome (18:38.776)
FIRE!

Ejiro Oghenekome (19:02.117)
I don’t really like reading. I just have to read because I need to get those informations in my head.

Yesenia Yser (19:08.258)
Yeah, I get that. A favorite off-computer activity.

Ejiro Oghenekome (19:18.51)
enjoy cooking a lot. Yeah, enjoy cooking a lot.

Yesenia Yser (19:22.158)
What’s that one meal you cook often that you enjoy?

Ejiro Oghenekome (19:27.926)
I know if you would know, but I cook fried rice. I like seafood a lot. So I cook fried rice, prawns, salad.

That’s my favorite meal. That’s my favorite. Maybe one will see one of these days, I’ll make it and you will definitely testify to its greatness.

Yesenia Yser (19:48.086)
am ready for that. Next question. Best way to grow a project. it social media, conferences, or contributors?

Ejiro Oghenekome (19:57.44)
is social media yeah if I’m going to be very honest social media can do that

Yesenia Yser (20:03.726)
I feel like social media drives the other two. Next question, sweet or sour?

Ejiro Oghenekome (20:12.014)
No, sir, I don’t like sweets like that.

Yesenia Yser (20:16.366)
We had a quick, quick, quick change there.

Ejiro Oghenekome (20:19.575)
I just had to think about suits, so I really didn’t like suits.

Yesenia Yser (20:25.166)
I know we’re meeting early morning for you, so are you an early bird or a night owl?

Ejiro Oghenekome (20:32.386)
I I’m an early bird. I really do think I’m an early bird because I wake up very early and do things. I’m an early bird and I try to sleep very early.

Yesenia Yser (20:41.77)
I’m the opposite. just, at night I’m like a week. It’s so strange.

Ejiro Oghenekome (20:46.894)
I’m really not sleeping lot. So I just try to sleep at night. I stay awake very early in the morning. I get up very early in the morning and try to go on my day.

Yesenia Yser (20:57.464)
Yeah, I’ve adapted myself to it, but naturally I could stay up all night and sleep all day. Last question is your favorite treat or dessert?

Ejiro Oghenekome (21:10.702)
I’d say cakes.

Yesenia Yser (21:13.422)
That’s a good answer. There you had it. The rapid fire interview questions focused on food. So as we wrap things up, any advice for the next generation entering tech or security? What advice would you give them about using open source as a way to launch pad their career?

Ejiro Oghenekome (21:36.494)
Okay, well, I’ll give a disclaimer. would say I’m still part of the next generation. So whatever advice I’m going to say, I’m giving that to myself also. This is something I would have told myself earlier on in my career during design. Try to understand open source and the opportunity it provides. Also, open source is not just about coding. There are different things that someone can do in the open source space.

As a designer, could contribute to the open source space. As a writer, you could contribute to the open source space. As a community manager, you could contribute to the open source space. Obviously, very obvious ones. You could write codes. You could review codes. And you could do a whole lot of other things. Even joining calls, giving your suggestions on calls and decision making during the call is also a way to be part of the open source space.

get involved in the open source space. has a lot of opportunities for people. It’s a very welcoming space. I can testify to that from the community I am part of. It’s a very lovely community with lovely people. The OpenSSF has been a great space for me to learn and grow. And I strongly believe that this is how most, if not all of the open source communities are.

It’s a place where you can learn. It’s a place where you can build your confidence. It’s a place where you can grow. also open source is not about you being an expert. are with the knowledge you have. You could be part of an open source space. You could be part of, you could contribute into the open source. So commonly try to understand open source. is not as difficult as it might look from the outside. Trust me. in, learn.

be part of it and contribute. And I promise you it’s a very welcoming space to be part of. And talking about open source and advice I’ll give to people, have an article coming up that will be talking about contributing into the open source space generally. How to work for communities that you could contribute to, how to understand the communities, and maybe how to make it a first time contribution in a community.

Ejiro Oghenekome (23:54.668)
that you’re contributing to. This is not going to just be specifically about the open access, but open up source generally, how to be part of the space, how to try to understand the space and get into the space. Something else I would have, I would love to talk about is the opportunity for open source for us in Africa. I really don’t know that we, the idea of open source is not so widespread in Africa. That is why it has to be preached. It has to be introduced to a lot of people.

And I would love us to consider that, to try to make sure we introduce people in Africa to open source and the benefits it has on us, what it can do to us and the privileges it can give to us. Yes, that is the advice I would give to the next generation, also myself, the open source space.

Yesenia Yser (24:46.478)
Thank you so much for your time today, your impact, your contributions. I love that you have another article coming out to help those, know, explore the different open source communities and how to search. Thank you so much for everything you do within our community and all the hard work you’re putting together. I really appreciate your time and to our listeners, reach out to Jiro. She’s doing great work. Find her on LinkedIn and keep tracking on that 100 day challenge. Thank you so much everyone and we’ll catch you on the episode.