Deploying AI without a security-first mindset can be perilous and Rob outlines the significant risks enterprises face if they implement AI without proper security safeguards in place. Navigating this new terrain requires a strategic approach, as Rob touches upon what a “risk-based” AI security framework looks like and provides actionable steps on how organizations should begin building one to protect their AI deployments:

What key messages or solutions are you highlighting at GISEC this year?
At GISEC 2025, SANS is focused on turning knowledge into action by expanding access to world-class cybersecurity training. We’re highlighting the launch of the SANS GISEC Academy in Hall 4, a free, three-day program offering technical sessions led by SANS Certified Instructors on offensive operations, ICS incident response, and cyber threat intelligence. It’s the first time we’re introducing this hands-on learning format at GISEC, making expert-driven training accessible to attendees of all backgrounds and experience levels. At our main stand (Hall 7, Stand D75), we’re also showcasing how SANS is helping organizations build long-term cyber resilience across the region through practical, skills-based education.

How does GISEC help your company engage with the Middle Eastern cybersecurity market?
GISEC is one of the region’s main platforms for bringing together like-minded cybersecurity professionals from around the world. It allows us to connect with organizations, partners, and customers on a closer, one-to-one basis, opening conversations not just about the critical role of ongoing training, but also helping us better understand regional skills gaps. These insights allow us to tailor our programs to meet the evolving needs of the Middle Eastern cybersecurity community and support long-term resilience.

How would you describe the current cybersecurity threat landscape in the Middle East?
The Middle East is facing one of the most dynamic and challenging cybersecurity environments in the world. As digital transformation accelerates across sectors like energy, finance, and government, the attack surface is expanding quickly. Threat actors, ranging from cybercriminals to nation-states, are becoming more sophisticated, targeting critical infrastructure, supply chains, and sensitive data. We are seeing a rise not just in the volume of attacks, but in the precision and persistence behind them.

What are the most pressing cyber threats facing businesses in the region today?
Ransomware remains one of the most disruptive threats, particularly to critical industries like energy, healthcare, and finance. Phishing attacks have grown more sophisticated, often fueled by AI tools that create highly convincing emails and deepfakes. Beyond that, state-sponsored attacks are growing in frequency and complexity, often blending espionage with disruption. Businesses in the Middle East must be prepared for adversaries who are patient, well-resourced, and highly strategic in their operations. The rise of AI in cyberattacks is reshaping the threat landscape, making it essential for businesses to invest in AI-driven defenses, improve employee awareness, and develop stronger incident response strategies.

How do cultural or regulatory differences impact cybersecurity strategies in the Middle East compared to other regions?
Cultural and regulatory landscapes across the Middle East create both challenges and opportunities for cybersecurity. On the regulatory side, we see a strong push from governments to enforce data protection laws and critical infrastructure standards. This has helped raise cybersecurity awareness at the board level. Culturally, the emphasis on building trusted relationships is key, and cybersecurity initiatives that incorporate strong internal education and cross-team collaboration tend to succeed. Strategies must be tailored to respect local business practices while still aligning with global security standards.

How do your company’s products and services address the specific threats faced by regional businesses?
By staying closely connected with the community, we ensure our training stays relevant to the real-world challenges businesses here are encountering. Through expert-led training, certifications, and hands-on programs we offer tailored skill-based cybersecurity courses for organizations, designed around their specific pain points.

Are you partnering with any local entities or governments to enhance regional cybersecurity resilience?
Yes, we work closely with local government entities, offering tailored programs that align with regional needs and workforce development goals. Through initiatives like our Cyber Academies, we collaborate with national entities to equip local talent with practical, industry-relevant skills. These programs are inclusive, accessible, and results-driven, often leading to globally recognized GIAC certifications that open doors to long-term careers in cybersecurity.

For instance, last year, our Cyber Academy initiative in Bahrain, delivered in collaboration with a government entity, trained Bahraini nationals aged 18 and above through an intensive eight-week program, culminating in three GIAC certifications. Similarly, we ran two Cyber Academies in Kuwait, helping participants develop practical skills to combat evolving threats in critical sectors. These efforts not only address immediate skills gaps but builds sustainable cybersecurity ecosystems using local talent.

What advice would you give to regional businesses looking to strengthen their cybersecurity posture in 2025?
Start by investing in your people. Technology alone will not solve today’s challenges. Businesses must prioritize hands-on skills development, continuous training, and cultivating a security-first culture across all levels. It is also critical to approach cybersecurity as a business enabler, not just a technical function. That means aligning security investments with business goals, understanding the evolving threat landscape, and building resilience through proactive risk management. Finally, collaborating with trusted cybersecurity partners and participating in regional threat intelligence sharing initiatives will be essential in the year ahead.

Each day will focus on a key cybersecurity domain. On day 1, instructor Jean-François Maes will lead a full-day track on Offensive Operations, covering topics such as malware evasion, OSINT exposure in cloud environments, and common vulnerabilities discovered over a decade of penetration testing. Day 2 shifts to Cyber Defense with Ian Reynolds, who will explore deception-based defenses, the role of AI and deepfakes in modern threat landscapes, and advanced threat hunting techniques.

Day 3 will be led by Michael Hoffman, focusing on ICS/OT cybersecurity, with insights drawn from real-world incidents such as the Colonial Pipeline and Ukraine grid attacks. The sessions are tailored for cybersecurity professionals, analysts, SOC managers, and decision-makers looking to enhance their tactical and strategic defense skills.

“In the Middle East and beyond, digital infrastructure is under increasing pressure from AI-powered threats that are more deceptive, adaptive, and persistent,” said Ned Baltagi, Managing Director for the Middle East, Turkey, and Africa, SANS Institute. “From deepfake-enabled fraud to intelligent ransomware strains that evade detection, cybersecurity teams must shift from reactive defense to intelligence-driven prevention. At SANS, we’re focused on equipping professionals with the practical skills and threat context they need to defend against this next wave of AI-fueled attacks. Cybersecurity is not just a professional responsibility, but a shared priority for national safety and resilience.”

In addition to the academy, Rob T Lee, Chief of Research at SANS Institute, will take the GISEC stage for two key sessions. On May 6, Rob will speak on the Dark Stage, presenting ‘The AI Acceleration: Defending Critical Infrastructure Against Emerging Intelligent Threats’. His talk will highlight the growing use of AI in cyberattacks, the evolving “Volt/Salt Typhoon” methodology, and data-driven counter-defense strategies. On May 7, Rob will join a panel discussion on the Critical Infrastructure Stage exploring how precision AI and machine learning can secure operational technology environments.

“Attackers are no longer bound by time or complexity. What used to take weeks can now be done in minutes with tools that generate believable malware, deepfakes, and targeted phishing at scale,” said Lee. “We’re not facing yesterday’s threats moving faster, we’re facing a new kind of battlefield. Defenders need to adapt, outpace, and outthink. The hardest part isn’t finding the threat but in keeping up with how quickly it changes.”

Can you provide an overview of the current cybersecurity landscape for critical infrastructure in the MEA region?
The MEA region is largely focused on energy. It has invested significantly in oil and gas across upstream, midstream, and downstream functions and the utilities to support these environments and communities. This region has also seen one of the most threatening cyber attacks on equipment and human life, with the Trisis attack in 2017, which targeted a Triconix Controller at a refinery in Saudi Arabia. Therefore, there has been a significant focus on cybersecurity across the region. Due to this, governments such as Saudi Arabia have taken extensive measures to ensure critical infrastructure receives the needed cybersecurity focus from the OTCC controls.

What are the most notable trends in cyber attacks targeting these systems?
Cyber attacks targeting critical infrastructure were sparse 15 to 20 years ago, and control systems used to be more customized per facility. Many control and automation systems were starting to incorporate operating systems and network equipment similar to those on the IT side. Still, connectivity was limited, and the adversary’s capability of affecting these systems was also limited. Fast forward to today, SCADA and DCS systems are designed off more of a “standard template,” and the equipment used in one plant often closely resembles another plant. We now face a time when critical infrastructure is more homogenous, allowing adversaries to build complete ICS/OT-focused toolkits, such as PIPEDREAM, to compromise critical infrastructure across verticals.

Which sectors in the MEA region are most vulnerable to cyber attacks, and why?
Much focus has been placed on the energy sector, and rightly so, as the MEA region benefits from its significant oil and gas reserves. Even here, however, there are areas of focus to work on, such as increasing visibility into the industrial networks themselves. Nevertheless, from experience in the MEA, utilities and manufacturing sectors are the most vulnerable. Many of the utilities are undergoing upgrades to replace legacy equipment, and the newer systems are now more homogenous to other automation systems.

Utilities are embracing more remote monitoring and support and AI capabilities for energy loading and modelling. These new capabilities all increase the attack surface of the industrial systems. Manufacturing, by design, is tightly connected to IT and cloud systems to receive, produce, and fulfil orders. The data connectivity in manufacturing makes this sector vulnerable to IT and ICS/OT-focused attacks.

What are the primary motivations behind cyber attacks on critical infrastructure in the MEA region?
Geopolitical tensions have given rise to targeted attacks in the MEA region over the last number of years and increased significantly. Many conflicts brought about targeted attacks on the utilities, transportation, and energy sectors. The conflict also brought about an increase in hacktivism, where the Cyber Av3ngers group targeted Unitronics programmable logic controller (PLC) devices worldwide.

Numerous food and water systems outside of the MEA region in the US, Ireland, and other countries were disrupted due to these attacks. Ransomware is still a profitable business for adversary groups, and this threat will continue to earn significant income by targeting sectors, such as manufacturing, that are more susceptible to IT systems causing ICS/OT outages.

How important is employee training and awareness in preventing cyber attacks on critical infrastructure?
Employees are the front line of defence in critical infrastructure. These environments have skilled operations and maintenance personnel who are the eyes and ears of the process. Yet, having inherent process knowledge does not directly translate to cyber knowledge and the ability to decipher between a system disruption or cyber-physical attack. Therefore, the importance of providing awareness training to asset leadership, the boots-on-the-ground operations, and maintenance staff is more significant than ever in understanding the threats from a high level and who to call or what to do in the event of a suspect condition.

Those tasked with maintaining ICS/OT need specific training, such as provided in the SANS ICS Curriculum, to ensure they have a level of knowledge to prevent, respond to, and recover from adversaries targeting their environments. Without this training, individuals will struggle to maintain or understand the value of various security controls required to keep a defensive posture in their environments.

What role does proactive threat intelligence play in securing critical infrastructure systems?
Consuming threat intelligence for an owner/operator-specific requirement and use case is fundamental to understanding what threat groups have done in the past and what capabilities they could leverage to disrupt an environment. Understanding cybersecurity threats helps build preventative, detective, and recovery controls specific to the operational vertical. Threat intelligence helps to answer questions and look ahead at what is potentially coming vs. looking behind at standards and control frameworks, which are often more generic and lacking in specific tactics, techniques, and procedures (TTPs) that adversaries are currently using.

A cybersecurity program should include consuming threat intelligence and using those insights to drive detection capability and implement cybersecurity controls. Then, threat intelligence is used to go back and verify that existing controls can prevent and detect adversarial activity. Organizations that do not consume threat intelligence are operating without the situational awareness needed to defend their critical environments.

Are there any technologies being deployed to safeguard critical infrastructure in the region?
The push for AI is happening across both IT and OT products and markets. Anyone who has attended GISEC Global in Dubai over the last few years has seen a significant uptake in vendors offering AI capabilities. For ICS/OT, AI has found its way into endpoint detection, network anomaly detection, SIEM analysis and detection, and incident response playbook generation, among other areas. MEA governments strongly advocate for adopting AI for cybersecurity and using AI to increase how businesses operate more effectively and efficiently. However, this requires more data connectivity to IT and cloud systems, with ample storage and compute capabilities needed to make better-informed operational changes.

This increase in IT/OT connectivity is a stark contrast from the previous mindset of isolating these environments entirely or partly using controls, such as data diodes between OT and IT, so traffic can only physically flow from operational systems to enterprise environments. Thus, AI is helping to secure these environments better while at the same time driving change, albeit potentially increasing ICS/OT cybersecurity risk, for more IT/OT data interconnectivity requirements.

What are the biggest challenges companies face in securing critical infrastructure in the MEA region?
The MEA region’s challenges in securing ICS/OT environments are not unique to the region for the most part. The public and private sectors are constantly updating outdated infrastructure, deploying new cybersecurity technologies, implementing new technologies, such as AI, merging with or acquiring organizations, divesting assets, etc. These changes bring about re-organizations, new roles and responsibility mappings, and technical skill reevaluation, among others.

Keeping up with these changes and the constant influx of new technologies within the automation and control equipment requires constant workforce training and skills building. Replacing outdated DCS and SCADA systems brings about new opportunities for optimization and reliability but also brings about completely different sets of technology stacks that must be defended against. Thus, a strong focus is needed towards investing in people to ensure they have the right technical acumen within ICS/OT cybersecurity.

What role do MEA governments play in regulating and enforcing cybersecurity standards for critical infrastructure?
Governments are actively involved and play a significant role in securing their country’s critical infrastructure. UAE, for instance, has developed the UAE National Cybersecurity Strategy, Federal Cybersecurity Law, The National Information Assurance Framework, and Critical Information Infrastructure Guideline. Saudi Arabia has a strong focus in this area and created the Saudi Cybersecurity Law, National Cybersecurity Strategy, and National Cybersecurity Authority (NCA. The NCA Operational Technology Cybersecurity Controls (OTCC) controls, in particular, focus on critical infrastructure and are in place to ensure those facilities achieve a minimum set of baseline security controls.

It is one of the region’s more well-known and referenced ICS/OT cybersecurity control frameworks. Qatar has created the Qatar National Cybersecurity Strategy, Qatar Computer Emergency Response Team (Q-CERT), and the recent Qatar Cybersecurity Framework (QCF) in response to the FIFA 2022 World Cup. Bahrain has created the National Cybersecurity Strategy and Bahrain Cybersecurity Framework. Many other MEA countries have or are in the process of creating similar standards and frameworks for protecting their critical infrastructure.

How can companies ensure business continuity while recovering from a cyber attack on their critical systems?
As companies in the region continually grow their cybersecurity maturity, many have created incident response plans and capabilities or have outsourced these to the region’s few dedicated ICS/OT cybersecurity companies. The SANS Five ICS Cybersecurity Critical Controls have also been discussed at many conferences and events, and the importance of developing an ICS-specific Incident Response Plan (IRP) is starting to take hold and resonate with owners and operators. Still, there is an existing need for asset owners and operators to develop a workable strategy for systematic recovery, reconstitution, and operational resumption in the event of a cyber attack. To develop such capabilities, asset owners and operators need to perform the following activities in their environments:

• Specifying disaster criteria
• Identifying cyber-specific loss scenarios that cause those disasters
• Specifying recovery team responsibilities starting from the activation phase followed by recovery and reconstitution
• Identifying automation and control system function recovery priority
• Performing a dependency analysis of recovery priority
• Documenting reconstitution steps to correct for any data deviation that has been introduced during recovery
• Developing assurance and handover qualifications for process restart

Critical infrastructure assets can be prepared to respond to cyber-attacks and resume operations quickly and effectively by performing such activities.

How did the industry and your company fare in 2024, and what were the key highlights?
In 2024, the cybersecurity industry continued to accelerate at a rapid pace, driven by an evolving threat landscape, heightened regulatory pressures, and the increased complexity of securing cloud environments, IoT devices, and critical infrastructure. At SANS Institute, we experienced robust growth as organizations prioritized workforce development and sought high-quality, vendor-neutral cybersecurity training and certifications. Our global footprint expanded through a series of new training partnerships, additional courses delivered online and in-person, and the introduction of advanced research-based content.

A key highlight was the successful launch of new training programs focused on Secure Software Development, Threat Intelligence Automation, and Industrial Control Systems (ICS) Security. These offerings resonated strongly with enterprises, government agencies, and practitioners who needed immediately applicable skills. Additionally, we saw greater engagement within our community through the SANS Summit series and interactive capture-the-flag competitions, which fostered collaboration and continuous learning.
Overall, 2024 demonstrated that trust in highly specialized training providers remains paramount, and our focus on providing deep, practical knowledge continues to differentiate SANS in a crowded market.

What opportunities do you foresee for 2025, and how do you plan to leverage them?
In 2025, we anticipate significant opportunities stemming from the convergence of cybersecurity with emerging technologies and the increased emphasis on continuous workforce development. The shift toward zero-trust architectures, the adoption of quantum-resistant cryptography, and the integration of AI-powered analytics tools into security operations will drive demand for specialized training. As organizations embrace more remote and hybrid work models, they’ll also need to ensure that skills remain current in a distributed workforce environment.

SANS plans to leverage these opportunities by expanding our curriculum to address cutting-edge topics. We will continue to offer flexible learning formats, blending virtual and in-person training to meet the diverse needs of professionals. Additionally, we’re enhancing our mentorship programs and alumni networks to help graduates continually refresh their knowledge and exchange best practices with peers. We aim to equip security teams with the versatile, forward-looking capabilities they need to protect their organizations amidst accelerating technological change by aligning our offerings with these trends.

What major challenges did you encounter in 2024, and how did you address them?
One of the main challenges we confronted last year was the intensifying complexity of cyber threats. Attackers leveraged increasingly sophisticated tactics, including supply chain compromises, AI-driven malware, and nation-state-sponsored campaigns targeting critical infrastructure. This evolution required us to continuously update our training content to keep pace with new threat vectors. We invested heavily in our research capabilities, working closely with industry experts, and refined our curriculum more frequently, ensuring our students remained well-prepared.

Which emerging technologies do you believe will be in high demand in 2025, and why?
We foresee several emerging technologies playing pivotal roles in cybersecurity. Quantum-resistant cryptography will gain traction as organizations begin preparing for quantum computing’s ability to break classical encryption. This will create demand for training that helps practitioners understand, implement, and maintain new cryptographic standards. Simultaneously, the proliferation of artificial intelligence and machine learning tools in both offensive and defensive roles will shape how analysts detect threats and automate responses.

Professionals will need specialized skills to interpret AI-driven insights, govern the ethical use of these tools, and maintain a human-in-the-loop approach to critical decision-making. The rise of secure DevOps, or DevSecOps, will continue as businesses integrate security early in the software development lifecycle. Cloud-native security tools and frameworks that protect containers, microservices, and serverless architectures will also be in demand. Finally, advanced identity and access management solutions – particularly those aligned with zero-trust principles – will be vital as enterprises seek to mitigate insider threats and secure an expanding digital ecosystem.

What will be your primary focus areas and strategic priorities for 2025?
Our strategic priorities for 2025 centre on three key areas. First, we aim to enhance the depth and breadth of our training curriculum to reflect the latest cybersecurity trends. This includes developing specialized tracks focusing on quantum-resistant strategies, AI-driven threat intelligence, and advanced ICS security. We’ll ensure that learners receive the most current and actionable guidance by continually updating our material and integrating research-derived insights.

We’re committed to expanding our global community of cybersecurity professionals. Through partnerships with universities, industry groups, and government agencies, we’ll strengthen regional footprints, support community-driven initiatives, and help close the cybersecurity skills gap. By focusing on curriculum innovation, cutting-edge delivery, and community building, we aim to elevate the capabilities of professionals and organizations worldwide.

SANS Manama September 2024 (7-12 September) offers the following courses:

1. FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
2. LDR414: SANS Training Program for CISSP Certification

FOR508 is an in-depth course that equips incident responders and threat-hunting teams with advanced skills to detect, identify, counter, and recover from a wide range of threats within enterprise networks, including those posed by nation-state adversaries, organized crime syndicates, and ransomware operators. LDR414 is an accelerated review course specifically designed to prepare students for the CISSP exam. It focuses exclusively on the eight domains of knowledge defined by (ISC)², which are critical to passing the exam.

A highlight of SANS Manama will be the Community Night session on 9 September, titled “Justice Denied: How Bad Digital Forensics Threatens and Undermines Justice.” This session will delve into three real-world cases—one criminal and two civil—to demonstrate how digital forensic evidence, when presented by unqualified or biased practitioners, nearly destroyed lives in court. The session will also illustrate how a proper scientific approach to digital forensics can help achieve justice.

SANS Doha September 2024 (14-19 September) will feature:

1. SEC504: Hacker Tools, Techniques, and Incident Handling
2. SEC560: Enterprise Penetration Testing

SEC504 will teach students how to effectively respond to breaches across Windows, Linux, and cloud platforms, providing insight into the tools and techniques attackers use, the artefacts they leave behind, and how to build better defences based on this knowledge.
SEC560 is designed to strengthen the skillset of penetration testers while also training system administrators, defenders, and other security professionals to understand the mindset and methodologies of modern attackers.

Ned Baltagi, Managing Director for the Middle East, Africa, and Turkey at SANS Institute, emphasized the importance of these events, by saying, “As cybersecurity threats continue to evolve, professionals in the Middle East must stay ahead of the curve. These training sessions are not just about learning new skills—they are about building a stronger, more resilient cybersecurity community. We are committed to empowering individuals with the knowledge and tools they need to protect their organizations and, by extension, the region as a whole.”

Tell us about the cybersecurity trends for 2024.
This year, with the unprecedented increase of Generative AI technologies, organizations and governments have had to consider what this means for cybersecurity, and how to manage the risks associated with AI. We are also currently seeing an increase in the use of AI and Machine Learning, for both threat detection and automated security responses.

Moreover, as organizations increasingly adopt cloud services and SaaS platforms, vulnerabilities in these technologies become apparent, demanding heightened vigilance. Quantum computing is another area which presents both opportunities and challenges for cybersecurity. Quantum computers have the potential to break current encryption methods, rendering traditional security mechanisms obsolete. Conversely, quantum encryption technologies, such as Quantum Key Distribution (QKD), promise unprecedented levels of security that cannot be undermined by conventional or quantum computing attacks.

Organizations are now investing in zero-trust architecture, moving away from traditional perimeter-based security. There has also been more focus on securing the supply chain and managing third-party risks, following a rise in ransomware attacks.

What is the theme of your participation at GISEC 2024?
At GISEC, we’re putting the spotlight on AI security and how we are preparing tomorrow’s security professionals for the challenges and opportunities presented by AI and emerging technologies. AI’s influence affects all areas of cybersecurity and we continuously update our curriculum to reflect the latest advancements in AI technology. This includes not only courses but also the comprehensive integration of AI-related content across our existing courses.

Our latest offering, AIS247: AI Security Essentials for Business Leaders, is crafted for managers and senior leaders, focusing on the integration of Generative AI tools in the business sphere and emphasizing cybersecurity’s essential role in AI development. By spotlighting AI’s role in various cybersecurity domains, we aim to provide attendees with a holistic understanding of how AI technologies impact security practices, threat detection, risk management, and policy development.

Which products and solutions will you be showcasing at GISEC 2024?
We will showcase our entire portfolio of training courses, as well as our initiatives supporting national government organizations in narrowing the talent gap in the META region. On April 23, we will host the inaugural SANS CISO Network, a platform where thought leaders like James Lyne, our Chief Technology and Innovation Officer, will lead in-depth discussions with CISOs. The session aims to navigate through the complexities of GenAI, the indispensability of zero-trust architectures, the strategic importance of cloud security, and much more.

How are you equipped to help companies overcome digital security and privacy challenges?
Our comprehensive training programs span diverse cybersecurity domains, led by seasoned professionals embedding real-world insights into the curriculum, continually updated to match evolving threats. Beyond training, SANS provides assessment services such as compliance audits, penetration testing and vulnerability checks, aiding in risk mitigation. Additionally, our ongoing research into emerging threats and trends is shared with the cybersecurity community through webcasts, whitepapers, conferences, and more.

Is there a skills gap in the cybersecurity industry? What needs to be done to bridge that gap?
Yes, and sustained training is necessary in addressing this cyber skills gap. By investing in education and training, organizations can build a more skilled workforce capable of defending against emerging cyber threats. Companies should make it a priority to continuously upskill and train their workforce, from offering regular training sessions, workshops, and industry certification programs that cover the latest cybersecurity trends, technologies, and best practices, to creating a supportive work environment that emphasizes ongoing training and development opportunities.

Outside of the existing workforce, focusing on creating awareness about the opportunities and benefits of a career in cybersecurity, such as introducing cybersecurity as a subject in early education and hosting career fairs for graduates, as well as community events, is a great way to nurture and spot local talent.

“Cybersecurity training is a lynchpin in fortifying Saudi Arabia’s digital landscape, especially as the nation grows closer towards the goals outlined in Vision 2030. With cyber threats in the Middle East becoming more sophisticated, the need for a skilled and adept cybersecurity workforce is paramount,” says Ned Baltagi, Managing Director – Middle East, Turkey and Africa, SANS Institute. “SANS Khobar and SANS Riyadh Spring underscores our commitment to elevating the Kingdom’s cyber posture, not only providing opportunities for professionals to upskill but also facilitating knowledge exchange and collaboration of the local and global cyber community. By fostering a network of well-trained cybersecurity experts and through comprehensive training, we can empower individuals to contribute actively to Saudi Arabia’s cybersecurity objectives, ensuring a secure and advantaged digital transformation in alignment with the nation’s visionary goals for 2030 and beyond.”

Hosted at the Holiday Inn & Suites Al Khobar from February 10 – 15, 2024, SANS Khobar will offer in-person as well as simultaneous live online sessions for participants who prefer to attend virtually. Modules available are LDR551: Building and Leading Security Operations Centers and SEC560: Enterprise Penetration Testing.

Mark Orlando, SANS Certified Instructor, will lead LDR551. He specializes in cyber defence and cybersecurity leadership, with expertise in building and leading Security Operations Centers. SEC560 will be led by Christopher Elgee, a senior security analyst at Counter Hack and Chief Information Officer (G-6) for the Massachusetts Army National Guard. Specializing in Penetration Testing and Red Teaming, he excels in crafting engaging and challenging NetWars challenges, leveraging expert storytelling and real-world hacker techniques.

Additionally, Christopher will present OT Pen-testing: How  Not to Sink an Oil Rig, on February 12 for a SANS Community Night. Attendees will benefit from a discussion of real-world experience testing water systems, an oil rig, and other critical systems – safely.

SANS Riyadh will be held at the Sheraton Riyadh Hotel & Towers, from February 24 to March 7, 2024, and participants can choose from seven extensive courses.

Notably, SEC504: Hacker Tools, Techniques, and Incident Handling develops the skills for incident response investigations, covering dynamic response processes, threat intelligence development, and defense strategies for both cloud and on-premises platforms; SEC488: Cloud Security Essentials addresses the challenges and opportunities of securing multi-cloud environments, emphasizing the responsibility of organizations to protect sensitive data, providing practical training for security professionals; LDR514: Security Strategic Planning, Policy, and Leadership equips security professionals with the skills to bridge the gap between security staff and senior leadership, providing tools to build a cybersecurity strategic plan, comprehensive IT security policy, and effective leadership; and SEC497: Practical Open-Source Intelligence (OSINT), which, drawing from two decades of OSINT experience in law enforcement, intelligence, and the private sector, offers practical tools and techniques, addressing real-world challenges through hands-on labs and a Capstone CTF.

SANS Riyadh Community Nights, led by top instructors, are set to be highlights of the event. On February 26, join Mark Williams for ‘Secure by Design’ to explore integrating security into system, program, and network design. On March 4, Jeffrey Lomas will present ‘Detecting AI in OSINT Investigations,’ offering insights into AI’s role in online spaces and techniques for its detection. These sessions, available both in-person and online, provide valuable learning experiences for cybersecurity professionals looking to stay ahead in a rapidly evolving field. These events not only offer professionals the chance to learn from world-renowned experts but also to connect with peers and industry leaders.

If you liked the video, please like, share, and comment below.

Tell us about the cybersecurity trends for 2023.
In 2023, we can expect to see several emerging cybersecurity trends. Firstly, while mobile phones are generally considered more secure than desktops, we will also see a rise in stalker ware included in downloaded apps that target consumers, as hackers are creating malicious stalker ware apps and placing them in app stores.

Secondly, data backup ransomware attacks will increase, as attackers target backups that are less frequently monitored, provide ongoing access to data, and may be less secure or from forgotten older files. Thirdly, we can expect a surge in MFA bypass attacks, as more organizations adopt multifactor authentication and other additional layers of security.

Organizations must be proactive in closing the cybersecurity skills gap by investing in offensive training and threat hunting to address an expanded attack surface from a continued hybrid workforce. This will be especially important as organizations need to upskill and train their existing staff to defend against attacks.

Lastly, attackers are expected to increase their focus on exploiting vulnerabilities in cloud-based infrastructures and applications. Organizations should invest in cloud security solutions to ensure that their systems are secure and that their data is protected from malicious actors. Additionally, they should consider using security automation tools to help detect and respond to threats quickly. In summary, organizations must stay vigilant and proactive in their approach to cybersecurity in 2023 to stay ahead of these emerging threats.

What is the theme of your participation at GISEC 2023?
This year, our participation aims to provide visitors with the latest industry trends and best practices, with cloud security being of paramount importance in digital environments.

Which products and solutions will you be showcasing at GISEC 2023?
We’re excited to showcase our advanced suite of cybersecurity offerings. The range of products and services is designed to cater to the evolving challenges of the cybersecurity landscape through specialised training courses fully aligned with GIAC certifications, Security Awareness Training products, Cyber Ranges for immersive training experiences, and an advanced ECE curriculum that covers digital forensics, penetration testing, and reverse engineering.

Our comprehensive range of cybersecurity solutions is aimed at enhancing your technical proficiency and equipping you with the knowledge and skills required to succeed in today’s dynamic cybersecurity landscape. We will also highlight our CyberTalent offering, which includes various academy programs that we provide to both government partners and individual organizations, to identify hidden cybersecurity talent within their existing workforce.

Additionally, on Tuesday, 14th March, SANS Senior Instructor, Kevin Ripa, will have two speaker sessions, at the Dark Stage, and at X LABS. Alongside these two talks, Kevin and his fellow SANS instructors, Maxim Deweerdt and Michael Hoffman, will be providing workshops each day at Hackstage360.

We are also excited to host our highly engaging mini Capture-the-Flag event onsite at our stand (D50 Hall 7), where visitors will have the chance to test their skills in a simulated cybersecurity environment.

How are you equipped to help companies overcome digital security and privacy challenges?
The SANS Institute is well-positioned to help companies overcome digital security and privacy challenges through a range of services and resources. Our training programs cover a wide range of cybersecurity topics, taught by experienced practitioners who bring real-world experience to the classroom, and training materials that are continually updated to reflect the latest threats and vulnerabilities.

Research by our faculty members into emerging threats and trends is shared with the cybersecurity community through publications and events, including webcasts, conferences, and summits. Additionally, the institute has a strong focus on community building, which fosters collaboration and knowledge-sharing among cybersecurity professionals. Overall, the SANS Institute’s goal is to help organizations build more secure and resilient systems that can withstand the evolving threat landscape.

Is there a skills gap in the cybersecurity industry? What needs to be done in order to bridge that gap?
There is a significant skills gap in the cybersecurity industry. This gap is mainly due to the rapid evolution of technology and the increasing complexity of cyber threats, which make it difficult for organizations to find and retain skilled cybersecurity professionals.

To address this, we need to focus on increasing cybersecurity education and training through academic and industry certification programs, while also creating a supportive work environment that emphasizes ongoing training and development opportunities. Companies can maximize their existing resources by offering cybersecurity training courses/programs to retrain and upskill their existing workforce.

Additionally, we need to promote diversity and inclusion in the field by recruiting and supporting individuals from underrepresented groups and focusing on creating awareness about the opportunities and benefits of a career in cybersecurity.