TCRA CyberChampions 2026

CyberChampions is one of the mechanisms built to close that gap.

Tanzania’s cybersecurity standing has improved significantly in recent years. In the 2024 Global Cybersecurity Index released by the International Telecommunication Union (ITU), the country was ranked first in Eastern, Southern and Central Africa, achieving Tier 1 status alongside the United States (US), the United Kingdom (UK), and South Korea.

Tanzania scored 100% across three of the five assessment pillars: legal, organizational, and cooperation measures. Only five African countries reached this tier.

Subscribe

Tanzanian businesses, public institutions, and individuals spent $54 million on cybersecurity products and services in 2024. Statista projects that figure will nearly double to $94 million by 2029.

Demand is concentrated in banking and telecoms, where a cybersecurity specialist earns Sh2.5-15 million monthly depending on experience.

People with direct knowledge of procurement decisions in those sectors told Atoms & Bits that a single security software can cost anywhere from Sh600 million to as much as Sh1.8 billion annually, depending on the solution.

Yet the talent gap remains. Globally, an estimated 4.8 million cybersecurity roles are unfilled. Tanzania is not insulated from that shortage. The ICT Commission (ICTC) itself has noted that certified cybersecurity professionals in the country remain few relative to what the economy now requires.

CyberChampions is one of the mechanisms built to close that gap.

About the Competition

The TCRA CyberChampions competition is organized annually by the Tanzania Communications Regulatory Authority through TZ-CERT, the country’s computer emergency response team. It has run since 2020, when it was known as the CyberStars competition.

The competition targets university students aged 18 to 24 and covers domains including ethical hacking, computer forensics, malware analysis, reverse engineering, web application security, cryptography, and secure programming.

Students move through four stages:

• Registration
• Online mentorship,
• A national semi-final, and
• A national final held in person.

The semi-final is a six-hour online challenge allowing the top fifty to travel to a live final. Winners receive laptops, professional certification courses, and examination vouchers from EC-Council, a globally recognized credentialing body.

Since 2020, the competition has attracted 4,285 participants. Of those, 3,705 were male (87%) and 580 were female (14%).

This year, the seventh edition drew 1,226 participants from 29 public and private universities. The finals were held on February 10 at the Pan African Postal Union (PAPU) building in Arusha, with ICT Ministry Deputy PS Nicholas Merinyo Mkapa serving as guest of honor.

Atoms & Bits spoke exclusively with all four winners and the chairperson of the club that produced them. Here is some of what they shared.

The full 17-page interview transcripts are available on demand. Simply reply to this email. This is especially useful if you’re screening for talent or simply interested in deeply understanding how tech talents emerge in Tanzania.

Share

What drew you to cybersecurity?

Ibrahimu Boniface, 1st Place: “I was fascinated by the idea that one could protect information, detect threats, and respond to attacks using both technical skills and critical thinking. What drew me most to this field is the combination of problem-solving, continuous learning, and the real-world impact of keeping people and systems safe.”
Martin Goerge, 2nd Place: “I first developed an interest in cybersecurity in 2023 after joining the UDOM Cyber Club. Through discussions with senior mentors, I learned how and where to begin my journey. Guidance from the founder of the UDOM Cyber Club, who recommended the TryHackMe Junior Penetration Tester learning path, greatly motivated me to pursue cybersecurity seriously.”
Erick Sanga, 3rd Place: “One of my brothers called Jeremy, who graduated high school a year before me, contacted me right after graduating and exposed me to the cybersecurity field. He told me how technology is the future and that this program was still new by then at UDOM and I had to take a shot at it. Also what drew me more to this field is how exposed and vast it is on knowledge in general.”
Helidorice Mwalongo, 4th Place: “My interest in cybersecurity began during my academic studies when I was introduced to topics such as network security, system vulnerabilities, and ethical hacking. I was particularly drawn to the idea of defending systems against real-world threats and protecting sensitive information.”

Who was the first person you called when you found out you won, and what did they say?

Erick: My grandmother, who has always been rooting and praying for me to win in every single thing I do. She even saw me on the news and the happiness in her voice made me very happy at that moment.
Boniface: My teacher, because they had supported and encouraged me throughout my preparation. Sharing the news with them made the moment even more special.
Martin: My software developer partner, who has consistently supported, motivated, and encouraged me throughout my cybersecurity journey.
Helidorice: My close friends and fellow club members.

What was the hardest challenge you solved during the finals?

Ibrahimu Boniface: “One of the hardest challenges I solved during the finals was a mobile security challenge involving an Android application. The task was to find a hidden flag (a specific word the organizers buried inside the app’s code, which contestants have to dig out).
At first, the app looked like it would only reveal the answer if certain actions were performed on the phone. Instead of trying to bypass the app directly, I analyzed how the app worked internally. I discovered that the flag was already encrypted and stored inside the application itself.
Once I understood how the encryption worked, I was able to safely decrypt the data offline and retrieve the correct flag. The challenge was about understanding how an app protects its secrets and realizing that sometimes the key is hidden in the logic rather than the user interface.”
Martin George: “The most challenging task during the finals was a memory forensics challenge involving Windows event log analysis (examining what a computer was doing at a specific point in time).
To solve it, I installed a Windows operating system on a virtual machine (simulated computer running inside his laptop) and used standard forensic tools to analyze system logs (records of everything a computer has done) and extract the required evidence.”
Erick Sanga: “My hardest challenge was a mobile reverse engineering challenge called ‘Nope Try Again.’
I received an Android app and had to locate a hidden flag within it. Testing the app normally resulted in the app preventing me from viewing the flag (hidden message) each time it was executed. Rather than try to bypass the interface checks, I reverse engineered (rebuilt) the source code of the application.
Upon doing so, I found out that the flag had been previously encrypted within the app, along with all of the information needed to decrypt it. After extracting the encryption information from the APK (the file format Android apps are packaged in), I created a small Python script that decrypted the encrypted data outside of the application.
This taught me that security checks on an application interface do very little good if the application’s sensitive information, such as keys, are hard-coded into the application itself.”
Helidorice Mwalongo: “The hardest challenge involved reverse engineering and web security in general. I had to analyze how a web application functioned internally without clear documentation, understand how it handled inputs, identify security weaknesses, and determine how those weaknesses could be exploited. This required logical thinking, attention to detail, and applying both reverse engineering techniques and web security knowledge under time pressure.”

What did you sacrifice to prepare?

Erick Sanga: “I sacrificed sleep for like the whole week before the final competition. I made sure to sleep less so that I could get more time to get ready as I also had university tasks that required my attention from which I saw success in the end.”
Ibrahimu Boniface: “I managed all the costs of preparing for the competition entirely on my own, including data bundles, online resources, and tools. I carefully planned my budget, prioritized essential resources, and looked for free or open-source tools whenever possible.
Doing everything independently taught me financial discipline and resourcefulness, and it made the achievement even more meaningful because I know I fully invested in my own growth without relying on external support.”

What has changed since winning?

Ibrahimu Boniface: “Honestly, not much has changed in my day-to-day life since winning. What has changed is my motivation and confidence. I feel more encouraged to continue improving my skills and taking on new challenges in cybersecurity.”
Erick Charles Sanga: “I now get a chance to talk to other students from all levels about cybersecurity and they are actually excited as they saw that it’s all possible. That feeling of changing someone’s way of thinking and setting them up for success makes me feel a bit fulfilled.”
Helidorice Mwalongo: “Since winning, I have gained increased confidence, recognition among peers, and motivation to pursue cybersecurity professionally. I have also become a source of inspiration for other students, particularly women.”
Martin George: “While no major changes have occurred yet, I have experienced increased professional engagement. Many individuals have reached out through LinkedIn, WhatsApp, Instagram, and phone calls to offer congratulations and seek guidance.”

What has your experience been as a woman in cybersecurity? (Helidorice Mwalongo)

“Being a woman in a male-dominated field has presented challenges such as stereotypes and self-doubt. However, these experiences strengthened my resilience. Being the only female winner demonstrates that women belong in cybersecurity and can excel equally.
I encourage students to start early, practice consistently, and view competitions as learning opportunities. Female students should remain confident, persistent, and fearless in pursuing cybersecurity careers.”

On the UDOM Cybersecurity Club (Samoh Mohammed Said, Chairperson)

On how the club prepares members: “We usually meet twice per week for physical sessions and occasionally have online sessions for already advanced members. We discuss and do hands-on practice on various security scenarios such as forensics, network analysis, web penetration testing, and solving machine labs from Hack The Box, TryHackMe, or custom-made by our own club mentors. That prepares us to tackle challenges on CTF competitions like TCRA Championships, Sanifu CTF, URCHINSEC CTF, and even our own internal CTFs like Christmas CTF.”
On what made the difference this year: “The club’s success is attributed to its obsession with practical teaching and a culture that transforms beginners into confident mentors. The supportive environment enhances technical skills and builds the resilience needed for high-pressure finals.”
On being based outside Dar es Salaam: “We at UDOM believe we are the center of the technology. With that belief, we face any difficulty that may arrive with our university support when necessary.”
On what other universities should know: “For those looking to start similar clubs, the focus should be on fostering curiosity and consistency. Creating a community where students can ask questions and share strategies is more important than having perfect resources from day one.”
On where former members are now: “Former club members are now currently working in different cybersecurity roles in companies like Vodacom Tanzania, CRDB Bank, NMB Bank, eGA and other private companies and government sectors.”

Advice to students

Ibrahimu Boniface: “Stay curious, practice consistently, and never be afraid to make mistakes. Cybersecurity is a field that requires both technical skills and problem-solving, so start with the basics and gradually take on more challenging tasks. Be patient and persistent. Success doesn’t come overnight, but dedication and continuous learning will pay off.”
Erick Sanga: “Start early and stay consistent. You don’t need to know everything to begin. Curiosity and persistence matter more than perfection.”
Helidorice Mwalongo: “Remain confident, persistent, and fearless in pursuing cybersecurity careers.”
Martin George: “Consistency and commitment. Everyone begins at a different level, but with dedication, continuous practice, and patience, success in cybersecurity is achievable.”