TALKING BUSINESS and the diverse range of industries within which they operate.
With rising ransomware and critical OT concerns like System Vulnerabilities and External Access Risks, how can organisations effectively prioritise defence strategy and talent acquisition?
When we discuss cybersecurity strategy, we are fundamentally referring to the construction of a comprehensive plan. This plan must first establish a baseline: where does the organisation currently stand and what are its existing capabilities?
Some organisations may demonstrate deficiencies from a threat detection and response perspective, while being more advanced in other domains. Critically, various regulatory bodies across the Gulf states such as the Saudi Arabian Monetary Authority( SAMA) explicitly mandate the implementation of a coherent strategy. This means an organisation must operate with a definitive plan, which necessitates adherence to a recognised framework.
The encouraging news emanating from the research is the acknowledgement of several country-specific frameworks. For instance, Qatar has its own, the UAE has a dedicated framework and Saudi Arabia’ s National Cyber Security Authority has established another. These all represent essential best practices. They guide organisations in addressing foundational security requirements, developing corresponding capabilities and ultimately providing a structured playbook or‘ cookbook’, if you will, to ensure systematic compliance and effective risk management.
Given the top ICS / OT concerns are System Vulnerabilities and External Access Risks, which SANS training and control frameworks are best suited to help OT professionals mitigate these risks?
Security, much like good health and hygiene, is an ongoing, continuous affair. The consistent trend shows that implementing foundational best practices effectively mitigates a large percentage of malicious attacker activity. A highly popular foundational framework in the Gulf region is the CIS( Center for Internet Security) Controls. Many countries have tailored versions, such as Saudi Arabia’ s Essential Cyber Controls( ECC). The class that details the implementation and auditing of these controls is SEC566.
Regarding the never-ending stream of vulnerabilities and system risks, organisations must develop a mature vulnerability management programme. This requires a strategic approach, which is the focus of our LDR516 class on strategic vulnerability and threat management.
Finally, concerning external access risks, these are fundamentally identity-related issues. The prevailing consensus is that identity is the new perimeter. While many of our cloud courses cover identity components, we are launching a dedicated new class in 2026 called SEC559, which will specifically focus on identity security and corresponding threat defence.
How does SANS’ training in Security Architecture and DevSecOps integrate with Performance Reviews to strategically close proven skills gaps?
This highlights two indispensable components: architecture and DevSecOps. A central challenge, both regionally and globally, is the escalating complexity across the technology, business and threat landscapes. This necessitates that security teams design a comprehensive architecture capable of addressing this confluence of advanced factors. A prime example is the shift to the cloud: virtually every large organisation is multi-cloud, often by design or incidentally via acquisitions. Constructing this appropriately requires leveraging cloud-native capabilities.
This links directly to DevSecOps, which involves implementing automated pipelines and corresponding controls. We must adopt a strategic approach, viewing security from a defensible architecture and Zero Trust perspective.
For professionals seeking to build these specific competencies, relevant SANS training courses are available:
• The foundational principles of Defensible Architecture and Zero Trust are covered in SEC530
• Cloud Security Architecture is the focus of SEC549
• Cloud-Native Security, automation and DevOps are addressed by SEC540
Many organisations monitor regularly but under-resource response. How do SANS’ s incident response courses help teams translate basic monitoring data into rapid, effective containment and eradication?
Frank Kim, Venture Advisor at YL Ventures( Fellow at SANS Institute) www. intelligentcio. com
INTELLIGENT CIO MIDDLE EAST
57