Closing cybersecurity skills gap vital to Saudi digitalization: Expert

Published: Updated:
Read Mode
100% Font Size
8 min read

As Saudi Arabia forges ahead with its Vision 2030 initiative, the nation is undergoing rapid digital transformation across multiple sectors. However, this swift progression has outpaced the development of a sufficiently skilled cybersecurity workforce, leaving the Kingdom open to potential cyber threats, experts have warned.

In an interview with Al Arabiya English, Meriam el-Ouazzani, Regional Director of META region at the US-based cybersecurity company SentinelOne, emphasized the critical importance of closing the cybersecurity skills gap to ensure the success of Saudi Arabia’s digitization efforts.

For more news on Saudi Arabia, visit our dedicated page.

Moreover, she warned that the ever-changing landscape in cybersecurity technologies continuously require new skill sets, some of which current professionals may not have.

“The fast pace of advancements in cybersecurity technologies outstrips the workforce’s ability to keep up,” said el-Ouazzani.

Significant risks

The shortage of cybersecurity talent poses significant risks to both businesses and government agencies in Saudi Arabia.

The Middle East region is often targeted by state-sponsored cyberattacks and Advanced Persistent Threats (APTs) aiming to disrupt critical infrastructure and steal sensitive information, said el-Ouazzani, adding that the strategic importance of the oil and gas sector makes the region a prime target for cyberattacks, including ransomware and industrial espionage.

“Saudi Arabia’s oil and gas sector, in particular, is a major target for cyberattacks aimed at disrupting energy supplies and causing economic instability,” she said.

Cyber incidents can cause significant operational disruptions and a shortage of skilled employees can compromise national security, el-Ouazzani warned.

Moreover, as businesses in Saudi Arabia increasingly rely on third-party vendors and supply chains, they also become vulnerable to supply chain attacks where attackers compromise less secure partners to gain access to larger targets, according to her.

Ongoing geopolitical tensions in the region also contribute to an increased risk of cyber warfare and politically motivated cyberattacks, she noted.

Cybersecurity is vital for the success of digital initiatives and economic growth under Vision 2030, and without adequate talent, these initiatives face higher risks, as businesses become more susceptible to data breaches, financial losses, and reputational damage.

Attracting foreign investment and fostering innovation are also key goals of Vision 2030, and demonstrating strong cybersecurity capabilities is essential for the Kingdom to gain investor confidence and promote a secure business environment.

“A shortage of skilled professionals means slower response times and incident management,” el-Ouazzani noted.

Skills in demand

In the cybersecurity industry, there is no single skill in greater demand than another – each one is important, according to el-Ouazzani.

Currently, the cybersecurity industry is seeing an increased interest in the adoption of AI in cybersecurity and in how it impacts security practices, threat detection, risk management, and policy development.

Consequently, there is an increase in demand for cybersecurity professionals who are skilled in AI technologies and can effectively implement and manage AI-enhanced security measures, the regional director said in the interview.

SentinelOne – known for its AI-driven Endpoint, Identity, and Cloud protection and response solutions – is leveraging AI to enhance the capabilities of cybersecurity professionals.

“AI is not just filling the talent gap but also pushing for a reskilled, more capable workforce in the cybersecurity domain,” el-Ouazzani explained.

Bridging the skills gap

SentinelOne is actively addressing the cybersecurity skills shortage in the Middle East, particularly in Saudi Arabia, by using a technology known as Purple AI.

Purple AI, an AI-powered security analyst, augments and upskills Security Operations Center (SoC) teams by translating natural language into complex threat-hunting queries.

“Purple AI ensures that organizations remain resilient and secure, even during periods of reduced activity,” said el-Ouazzani.

“New technologies mean new threats, and as Saudi invests heavily in and digitizes various sectors with AI, organizations must be prepared to identify and respond to AI attacks.

Companies need to use AI to thwart AI attacks. They need to tap into the power of AI to upskill their entry-level analysts.”

Skills in securing cloud environments and services such as AWS, Azure, and Google Cloud are incredibly critical, according to the cybersecurity expert.

Implementing and managing Identity and Access Management (IAM) solutions to control access to cloud resources is essential as well, she said.

Other prominent areas of skill demand seen in Saudi Arabia include security architecture and engineering; Security Operations Center (SOC) skills; incident response management and digital forensics; threat intelligence and analysis; penetration testing and ethical hacking; IoT, network, encryption, data, and application security; and understanding and implementing privacy regulations and standards such as the National Cybersecurity Authority’s frameworks.

Reforming education

SentinelOne collaborates with local universities and technical institutes to develop and enhance cybersecurity curricula since traditional IT education often lacks a concentrated approach on cybersecurity.

The company also established internship programs and frequently collaborates with Saudi government agencies to support national cybersecurity initiatives, such as the Human Capability Development Program.

El-Ouazzani noted that the Saudi government has also launched several important initiatives that aim to bridge that educational gap to meet the country’s demands.

“We are already seeing an increased and regular collaboration between educational institutions, industries, and the government to develop specialized cybersecurity programs and certifications, helping bridge the skills gap and create a pipeline of skilled professionals,” she said.

Initiatives such as the Saudi Cybersecurity Higher Education Framework (SCyber-Edu) and the Saudi Cybersecurity Workforce Framework (SCyWF) work to combat this issue and ensure that higher education outcomes are aligned with national needs, she explained.

Local innovation and the growth of cybersecurity startups to develop homegrown solutions tailored to the specific needs of the Saudi market are also greatly encouraged by the Kingdom, el- Ouazzani added.

Earlier this year, the NCA initiated several strategic projects as part of the CyberIC program to boost the local cybersecurity ecosystem.

These efforts included encouraging the localization of cybersecurity technologies, solutions, services and training courses, developing specialized national skills, and promoting Saudi research and innovation programs.

Saudi Arabia’s future cybersecurity landscape

Vision 2030 emphasizes continued digitalization, which will likely lead to emerging vulnerabilities in new digital infrastructure.

For businesses in Saudi Arabia, ensuring that their cybersecurity teams are equipped with the latest skills and knowledge is crucial.

“Consistency and proactivity are key,” el-Ouazzani told Al Arabiya English.

Not only do practitioners need to continuously learn how to counter external attacks and threats, they need to be able to find the vulnerabilities and gaps within their own organization’s defenses.

Organizations in Saudi Arabia must invest in regular, ongoing training programs and encourage employees to obtain recognized cybersecurity certifications, the regional director said.

“A cybersecurity professional or team within an organization that does not keep learning and staying on top of current threats and attacks is sure to fall short of being able to protect their business,” she warned.

According to her, it’s equally important to ensure that all staff members across teams are trained in security awareness, not just the security teams and IT departments.

“Conduct regular phishing simulations and cyberattack exercises such as red teaming and blue teaming to provide hands-on experience in defending against and responding to cyber threats. Participating in threat intelligence sharing initiatives will also keep teams informed about emerging threats and best practices.”

Regular skills assessments and gap analyses also enable businesses to proactively identify and address training needs.
Saudi Arabia’s Vision 2030 is driving significant digital transformation, but addressing the cybersecurity skills gap is essential for the initiative’s success.

With concerted efforts from educational institutions, industries, government agencies, and companies like SentinelOne, Saudi Arabia is on the path to building a robust cybersecurity workforce capable of protecting its digital future.

Looking ahead, it is only fair to assume the cybersecurity landscape in Saudi Arabia is poised for significant development.

Read more:

Saudi Arabia sees surge in demand for cybersecurity experts amid global threat

Saudi Arabia plans $40 bln fund for AI investments: Report