Petar Vojinovic
Updated on: June 27, 2025
As CEO of Da Vinci Forensics, Sharon Knowles stands at the forefront of digital defense—where trust, speed, and deep forensic insight make all the difference. In this interview for SafetyDetectives, she shares how her team navigates the evolving threat landscape with a blend of investigative expertise and human empathy. From uncovering email fraud to tracking dark web threats across borders, Sharon reveals how Da Vinci helps businesses not only recover from attacks but build lasting resilience in a world where data never sleeps.
What core principles guide Da Vinci’s approach to cybersecurity and digital forensics in today’s threat landscape?
Da Vinci Forensics and Cybersecurity operates under three guiding principles: trust, precision, and readiness. We know that when a company contacts us, no matter the location, often it is during a critical period. It is usually when they have been compromised and they are in panic mode.
Our work goes beyond firewalls and forensics to include rebuilding confidence. We examine beyond the apparent, delving deep into the digital trail to determine what went wrong, how it occurred, and how to prevent it from happening again. Each incident provides valuable insight into the evolving threat landscape, allowing us to continuously refine our methods, not only for local challenges but also to strengthen the resilience of our clients globally.
How do your penetration testing and OSINT services help businesses proactively strengthen their digital defences?
One instance is where we dealt with a financial company that had never conducted a penetration test previously. They assumed their IT supplier secured everything. After only one round of testing, we discovered weak systems, exposed passwords, and sensitive customer data that could have been easily compromised.
If you think of a fire drill, it reveals gaps in emergency preparedness; our penetration testing identifies security vulnerabilities before real attackers can exploit them. Open-Source Intelligence (OSINT) allows us to uncover publicly available information about a company, such as exposed email addresses, infrastructure details, employee routines, and other data points that cybercriminals can leverage to plan targeted attacks. Together, these services equip businesses with a clear, actionable roadmap to reduce risk, close security gaps, and make informed decisions about their cyber defences.
Globally, this strategy is critical, above all in a world where data flows do not stop at borders. We closely collaborate with companies abroad since, at the end, our shared objective is to keep people safe.
Could you walk us through a typical cyber fraud investigation handled by your team?
One scenario that jumps out is a Gauteng-based logistics company that lost considerable financial amounts to a corporate email compromise fraud. It initially seemed as though someone on their financial team had made a mistake. But our investigation revealed that a cybercriminal had been quietly monitoring their communication for months, waiting for the perfect opportunity to attack.
We conducted an analysis to trace the intrusion, examining email headers and metadata to reconstruct the attack path. By following digital artefacts, we uncovered the attacker’s infrastructure, including fraudulent domains hosted offshore. In parallel, we helped the client implement immediate security measures, provided targeted training to their staff on identifying common threat indicators, and supported them in reporting the incident to the appropriate regulatory and local law enforcement.
I like to compare a case to being very similar to a puzzle, which includes elements of investigative work and digital science. More crucially, though, it provides our customers with a means of future self-protection. Such investigations may appear straightforward, but cybercriminals are clever and do obscure their path; it is up to us to find that trail and guide the client into being more self-critical of their online behaviour.
How does your global presence and partnerships enhance the services you provide to clients in different industries?
Though we are proudly South African, cybersecurity is not limited. Our relationships with intelligence networks and worldwide suppliers enable us to react more quickly and with more understanding. We have real-time threat data and modern technologies, whether it’s a phishing campaign from Asia or a ransomware attack reflecting tendencies in Europe.
Our international reach and collaborative intelligence enable faster, more effective responses. For example, after a crypto fraud incident, we traced URLs and followed wallet transfers across borders using global OSINT tools.
What sets your team’s expertise apart in handling high-stakes incidents like phishing, spoofing, and dark web threats?
Cyber dangers now seem more personal. It’s not just about technology; it’s about individuals being duped, impersonated, or targeted. I believe our team is special in that we combine empathy with investigative ability sets. We’ve dealt with incidents where executives’ identities were stolen and an online shop’s client data was discovered on a dark web forum. In every case, our approach is to guide individuals through the technical and emotional impact, helping them regain control and understanding
Cybercrime investigators, attorneys, and digital forensics experts who have handled anything from insider threats to sextortion cases make up our team. We are familiar with the legal frameworks, understand human behaviour, and remain calm under pressure.
Whether it’s tracing a spoof email, responding to a breach, or monitoring brand misuse on the dark web, we take a personal approach that ensures clients feel informed rather than overwhelmed.
