TALKING

The prevailing consensus is that identity is the new perimeter.

Therefore, this distribution strongly suggests an existence of inconsistent or divergent security priorities amongst the respondents and the diverse range of industries within which they operate.

With rising ransomware and critical OT concerns like System Vulnerabilities and External Access Risks, how can organisations effectively prioritise defence strategy and talent acquisition?

When we discuss cybersecurity strategy, we are fundamentally referring to the construction of a comprehensive plan. This plan must first establish a baseline: where does the organisation currently stand and what are its existing capabilities?

Some organisations may demonstrate deficiencies from a threat detection and response perspective, while being more advanced in other domains. Critically, various regulatory bodies across the Gulf states such as the Saudi Arabian Monetary Authority( SAMA) explicitly mandate the implementation of a coherent strategy. This means an organisation must operate with a definitive plan, which necessitates adherence to a recognised framework.

The encouraging news emanating from the research is the acknowledgement of several country-specific frameworks. For instance, Qatar has its own, the UAE has a dedicated framework and Saudi Arabia’ s National Cyber Security Authority has established another. These all represent essential best practices. They guide organisations in addressing foundational security requirements, developing corresponding capabilities and ultimately providing a structured playbook or‘ cookbook’, if you will, to ensure systematic compliance and effective risk management. activity. A highly popular foundational framework in the Gulf region is the CIS( Center for Internet Security) Controls. Many countries have tailored versions, such as Saudi Arabia’ s Essential Cyber Controls( ECC). The class that details the implementation and auditing of these controls is SEC566.

Regarding the never-ending stream of vulnerabilities and system risks, organisations must develop a mature vulnerability management programme. This requires a strategic approach, which is the focus of our LDR516 class on strategic vulnerability and threat management.

Finally, concerning external access risks, these are fundamentally identity-related issues. The prevailing consensus is that identity is the new perimeter. While many of our cloud courses cover identity components, we are launching a dedicated new class in 2026 called SEC559, which will specifically focus on identity security and corresponding threat defence.

How does SANS’ training in Security Architecture and DevSecOps integrate with Performance Reviews to strategically close proven skills gaps?

This highlights two indispensable components: architecture and DevSecOps. A central challenge, both regionally and globally, is the escalating complexity

Given the top ICS / OT concerns are System Vulnerabilities and External Access Risks, which SANS training and control frameworks are best suited to help OT professionals mitigate these risks?

Security, much like good health and hygiene, is an ongoing, continuous affair. The consistent trend shows that implementing foundational best practices effectively mitigates a large percentage of malicious attacker

www. intelligentcio. com INTELLIGENTCIO MIDDLE EAST 49