Cybersecurity Leaders Outline Foundations of a Secure Digital Economy as Black Hat MEA 2025 Kicks Off in Riyadh
Black Hat Middle East & Africa 2025 officially commenced this morning in Riyadh, bringing together global cybersecurity leaders at a pivotal moment in Saudi Arabia’s digital transformation journey. While global discussions often focus on escalating cyber threats and fast-moving technologies, the Kingdom approaches cybersecurity through a broader, long-term strategic lens—one that strengthens national cyber readiness, builds specialized talent, and safeguards the digital infrastructure of a rapidly diversifying and expanding economy.
This year’s edition reflects the Kingdom’s confident progress toward digital sovereignty, where cybersecurity strategy aligns seamlessly with economic growth, industrial expansion, and technological innovation, reinforcing Saudi Arabia’s vision for a secure and sustainable digital future.
National Talent at the Core of the Kingdom’s Digital Future
Ned Baltaji, Executive Managing Director of SANS Institute in the Middle East, Türkiye, and Africa, emphasized that Saudi Arabia’s strength lies in its strategic investment in human capital.
“The Kingdom continues to lead globally in cybersecurity, maintaining its top position in the Cybersecurity Index within the IMD World Competitiveness Yearbook 2025,” he said.
Baltaji added that developing national talent has become one of Saudi Arabia’s most valuable long-term strategic assets.
“Our training programs are designed in alignment with the Saudi Cybersecurity Workforce Framework (SCyWF), ensuring trainees gain precisely defined skills that match national role requirements,” he noted.
This approach not only boosts the Kingdom’s resilience against sophisticated cyber threats but also prepares a new generation of Saudi cybersecurity specialists capable of protecting government networks, critical industries, and emerging digital ecosystems.
Identity Security Takes Center Stage
Harish Chib, Vice President for Emerging Markets at Sophos, highlighted a major shift in enterprise cybersecurity priorities, noting that identity security has become the foundation of modern cyber defense.
“Identity threat detection and response—alongside MDR, XDR, and advanced SIEM platforms—now sits at the heart of cyber readiness,” he said.
“With digital services expanding across the Kingdom, it is crucial for cybersecurity teams to strengthen access controls, protect endpoints, and enforce disciplined incident response, especially as ransomware attacks grow more targeted and sophisticated.”
Chib added that agentic AI will soon play a transformative role in enabling organizations to respond to cyberattacks faster and more intelligently.
“By combining the speed and scalability of AI with informed human oversight, organizations can improve transparency, accountability, and adaptability in a constantly evolving threat landscape.”
Self-Driven Cyber Operations: The Next Frontier
For large public-sector institutions and multinational enterprises, AI-powered automation represents the next phase of defensive cybersecurity.
Az El-Din Hussein, Senior Regional Director of Solutions Engineering at SentinelOne, described autonomous cybersecurity as a natural extension of the Kingdom’s accelerating digital ambitions.
He noted that attackers are already using generative AI to deliver more convincing phishing, impersonation, and exploitation attacks than ever before.
“To counter this, Saudi organizations must equip their SOC teams with advanced tools—including AI-enhanced SIEM, hyper-automation technologies, and agentic AI—to reduce manual workloads and accelerate threat-response cycles,” Hussein said.
Looking toward 2026, he emphasized that agentic AI will redefine real-time security decision-making, thanks to its ability to infer, plan, execute, and learn autonomously.
“This will move autonomous SOC environments from future concepts to operational reality across the Kingdom’s leading digital ecosystems,” he added.
Securing Industrial Systems and National Infrastructure
As enterprise cybersecurity evolves, one of the most critical transformations is unfolding within operational technology (OT). Smart cities, energy plants, factories, and utilities across Saudi Arabia are becoming increasingly interconnected, introducing new layers of complexity and risk.
Marc Thurmond, Co-CEO of Tenable, explained that Saudi Arabia’s rapid digital expansion is widening the national attack surface.
“Mega-projects like NEOM and the Humane AI District are accelerating cloud and AI-centric digital ecosystems,” he said.
“This demands enhanced cybersecurity governance aligned with the National Cybersecurity Authority’s Essential Cybersecurity Controls (ECC) and the Data Protection Law.”
Thurmond added that cyber-threat management is shifting toward autonomous systems capable of identifying vulnerabilities, recommending fixes, and verifying remediation within seconds.
“To keep pace, organizations must reposition cybersecurity as a core pillar of enterprise risk management and empower national talent with AI-enabled tools that automate repetitive tasks and strengthen readiness.”
Operational technology environments, he noted, are emerging as the next major frontier of cyber risk. Traditional IT defenses are no longer sufficient to protect highly complex, interconnected industrial systems.
Nozomi Networks: OT Security Now a Strategic Imperative
Muath Al-Swailem, Regional Sales Director at Nozomi Networks, said the convergence of IT and OT has dramatically expanded the national attack surface.
“Saudi organizations must adopt specialized OT-security frameworks and technologies to ensure sustainable protection of critical infrastructure,” he said.
With threats intensifying, adherence to the National Cybersecurity Authority’s OTCC framework has become a strategic necessity.
Advanced platforms such as Nozomi Networks’ Vantage IQ now offer predictive analytics, precise anomaly detection, and deep visibility across industrial environments.
“By integrating advanced analytics with OTCC-aligned controls, organizations gain real-time situational awareness and the ability to pre-empt threats—key pillars in protecting Saudi Arabia’s critical infrastructure amid an increasingly complex threat landscape,” Al-Swailem concluded.