Cyber News Global: Issue 14

Dear Reader,

Welcome to yet another GISEC Special Edition of Cyber News Global, we are delighted to be publishing an exclusive synopsis of the National Cyber

Strategy of the UAE 2025 - 2031.

This year’s edition has been created with the assistance of Industry leading experts from every field within Cyber Security.

We consider the thoughts of H.E Dr Mohamed Al - Kuwaiti reflecting on what 2024 had the industry talking about, looking into 2025 and his predictions have already started to come to fruition.

We reflect on the tireless work of Women In Cyber Security Middle East, their selfless commitment to improving opportunities providing much needed mentoring and so much more. Compliance is very much at the forefront of everything we do in cyber security, we have taken time to consider what Governance, Risk and Compliance can do for our organisations.

An In-depth review of the National Cyber Security Strategy identifies the critical pillars that are required to underpin a resilient cyber economy and eco system. As with compliance underpinned by GRC we must also consider our obligations for Data Protection, we are delighted to publish a focus on the Global Gold standard of Data Protection GDPR, looking at why GDPR sets the bar when it comes to data protection.

AI is currently top of the charts as the number one focus for everyone, how it is used in work and socially, how can we ensure that our people are using AI ethically and efficiently. It’s worth noting how regulation can once again set the guidelines with a deep dive into the EU AI Regulation.

To safeguard our communities and businesses we rely so much on our people, the future is in the hands of our people, and so we took time to understand what the younger population thought about cyber, specifically speaking to a Cyber Super Star of the Future Afra Al Mansoori, she gave her thoughts about AI and what we can expect to see and learn, how AI can be controlled to add value and not replace human capability.

The future for everyone in cyber is exciting and challenging, we must place more trust and belief in our people and their capabilities to ensure that they lead the way.

M-Trends 2025 Report

Get a deep dive into key cybersecurity trends and metrics.

• Incident response metrics, top detection sources and initial infection vectors

• Growing risk posed by infostealer malware

• The Democratic People’s Republic of Korea IT worker threat

• The danger of unsecured data repositories

• The Iranian threat landscape in 2024

• The evolution of data theft in cloud and software as a service environments

• Common themes in cloud compromise investigations

• Threats to Web3 and cryptocurrency

Reserve your copy now.

Cyber Reflections 2024 & Predictions for 2025

His Excellency Dr. Mohamed Al-Kuwaiti, Head of the UAE Cybersecurity Council

Reflecting the UAE government’s commitment to advancing cybersecurity and strengthening digital infrastructure, GISEC Global is being held this year as the definitive platform that unites government and industry pioneers to drive innovation, fortify data privacy, combat cyber threats, and showcase cutting-edge solutions, thereby reinforcing trust in the digital economy

We were delighted to welcome all of our esteemed guests to “Let’s Talk Cyber” none more so that His Excellency Dr Muhamed Al-Kuwaiti the CEO and Head of Cyber Security Council UAE.

In 2024 we’ve seen so many drawbacks. One of these cybercrimes that is still really scoring high and that increased more than 10 billion dollars of scams like Malware and Phishing scams.

In UAE as well, we’ve seen so many of many attacks, maybe not in the government, more in the private sector. This is where we are eager to make this year less attacks, less loss in data. That’s another thing, data breaches and ransomware increased by 32 % across the whole world, UAE is working hard with the United States with the counter ransomware initiative with the White House to reduce this impact.

Critical National Infrastructure was impacted highly as well.The problem with all of this, we are still yet to see unified governance policies that really dictate or criminalize many of those cross-border types of attacks.

So definitely in 2024 we’ve seen great things. As a matter of fact, collaboration is there, unity is there, everybody working together to really build that momentum of building resiliency, building collaboration and cooperation across all the aspects there.

AI brought great things to us from a defensive perspective, that’s what we are actually really eager and continuing doing so for 2025. So that’s in a nutshell.

So what can we expect for 2025, so we recently had a session recently about misinformation, disinformation, deep fakes and how AI, which is enabling all of our adversaries to come together and basically take us on. As a matter of fact, have we seen it lately? Everybody’s using AI.Maybe five years ago, if you asked me that same question, I would tell you it’s only state actors or non-state actor who are using AI related to state actors, kind of an organized group.

But today, everybody is using AI, everybody is using AI and this is why we need definitely to stay ahead of many of those aspects.

Collaboration, working together is one thing. PPPP, Public Private People Partnership is still one of the major things that we need to always campaign for. Technologies and AI itself, it’s needed to be embedded in many of those platforms to detect deep fakes, to really have a signature, have a watermark, have something that tells us that is based on a deep fake.

There is no merit behind this or that news. There is nothing in that perspective. The problem is not only in the deep fake or the misinformation we’ve seen AI now to actually find a zero day into any of those systems, exploit that zero day, extract the data.

All of this is done with technologies that are still young, and AI is in that perspective. So, it’s challenging for us all.

GISEC is definitely pivotal, it is very, very, very important, given the fact that UAE is really leading in so many of those competitiveness rankings across the whole world, be it in the digital transformation, or in cyber security global cyber index, as well as in so many areas of AI adaptation in the government itself.

Middle East News SPONSORED BY

Someone tricking our people to click on or open a link, not thinking before doing this, which takes only a split second and that’s what we are trying to spread training to support the awareness across the whole of society with the training, so it’s so important we focus on training, training.

Great insights as ever from His Excellency Dr Mohamed Al-Kuwaiti. Thank you. Let’s talk cyber. Thank you very much,

So having everybody coming under that one roof, not only for networking, not only really but creating and innovating new ideas in that perspective, but actually putting solutions, putting things that we could depend our government, our national security, our privacy, as well as our data need to be actually really governed in many of those aspects.

GISEC literally brings everybody under one roof, there are some good warm discussions that really came up with the great initiatives that are as a matter of fact already executed and many of those aspects.

We’ve seen counter ransomware initiatives where information sharing now actually reached more than 68 entities. We’ve seen last year the cyber drill, the biggest cyber exercise ever held, GISEC was the only place where you could see more than 140 countries united against our cyber adversities, all of them really building resiliency, countering such attacks, simulated attacks. It was nations against AI or kind of machines that are trying to hack and really find so many of those vulnerabilities. It was really a game changer, this year, we’re doing it even bigger.I then UAE every year the cyber leadership focuses with their vision as well as the whole Entities comes up with a name of that year. We had a year of tolerance We had a year of giving we have a year of peace.

This year is a year of community a year of society a year of people and this is where we are as a matter of fact bringing people as the main Interest of many of those aspects we need not only to train them and here I’m not saying over train things in that perspective But a balanced training something that we would like to strike where we bring an awareness to all sectors of our society.

I hope that GISEC will bring us together to really find many of those opportunities to solve such perspectives.

We have a great Ministry of Education curriculum, as a matter of fact, embedded in many of those aspects, we have women in cyber, we’ve seen them last year and this year we expect even greater things.

We have youth in cyber, so training is the first line of defence. We always depend on our society to have that first line of defence. If you know, and I’m sure you know that still, the weakest link is our people, being social engineered attacked by scams like phishing, as well as many other scams and frauds.

Still yet more than 70 % of attacks are caused due to human error, this is because of social engineering and the lake of awareness and training.

MODERNIZING THE MODERNIZING THE MODERNIZING THE CYBER PARADIGM WITH CYBER PARADIGM WITH CYBER PARADIGM WITH AI-DRIVEN SECURITY AI-DRIVEN SECURITY AI-DRIVEN SECURITY

Think Security. Think Security. Think Security. think Spire. think Spire. think Spire.

EMPOWERING WOMEN IN CYBERSECURITY: THE REMARKABLE JOURNEY OF WICSME -

Cybersecurity is a critical field in the ever-evolving digital landscape, demanding diverse expertise and innovative solutions. In this dynamic environment, the Women in CyberSecurity Middle East (WiCSME) has carved a niche, championing the cause of women in cybersecurity and fostering a culture of empowerment, collaboration, and excellence.

A Mission Rooted in Values

WiCSME’s journey began in 2018 with eight co-founders, driven by a shared vision to create a supportive community for women in cybersecurity across the Middle East. Today, this thriving community boasts over 3,000 members spanning 21 Arab countries.

A Mission That Drives Us

WiCSME’s purpose extends beyond cybersecurity. It is about creating a resilient, innovative, and inclusive future in an ever-evolving digital world. This mission, encapsulated in the Japanese concept of “Ikigai,” drives the organization to wake up daily, determined to make greater and deeper impacts.

Capacity Building: Investing in People

At the heart of WiCSME’s initiatives is the belief that investing in people is the most powerful step towards resilience, security, and innovation. The organization focuses on three key areas: building cyber capacity and talent, expanding visibility through global partnerships, and breaking myths and records while celebrating excellence.

Building Capacity and Talent Development

WiCSME has successfully implemented several impactful programs to nurture talent and foster growth. Notably, it became the first Women in Cyber Group chosen to implement the ITU’s Women in Cyber Mentorship Program for the Arab region. This program saw record-breaking regional participation, with Arabic content and support provided to break language barriers. Additionally, WiCSME collaborated with IBM on the SkillsBuild program, focusing on AI and cybersecurity fundamentals, benefiting 101 participants.

In 2025, WiCSME, under its flagship program, ‘She Talks Security’, is launching a training and enablement program called ‘CyberShe’.

The program aims to train a pre-defined number of female graduates per year, resulting in capable and trained cyber talents over the course of a few years.

It is designed for graduate/senior students with Bachelor/Diploma degrees in Cybersecurity, Computer Engineering, Information Technology, or equivalent. Kuwait has been identified as the pilot country for the ‘CyberShe’ program, where WiCSME is partnering with industry experts such as EC-Council, London School of Cyber Security and Netlabs Solutions to deliver this program.

Expanding Global Visibility

WiCSME has launched numerous initiatives to empower women in cybersecurity and strengthen their representation on global platforms. The Global Women in Cyber Central Hub connects over 18 women in cybersecurity groups worldwide, supporting collaborative capacity-building initiatives. WiCSME’s partnerships with leading cybersecurity conferences such as BlackHat MEA, GISEC, and GITEX Global have significantly increased female representation, breaking global records for the highest number of female speakers in a cybersecurity event.

Furthermore, WiCSME has become a GFCE’s (Global Forum for Cyber Expertise) partner and two founding partners, Priyanka Chatterjee and Irene Corpuz participated during its Annual Summit in Washington DC in September 2024.

It was followed by Priyanka’s representation at multiple virtual events and Irene at the World Emerging Security Summit in Seoul, South Korea.

Breaking Records and Celebrating Excellence

WiCSME’s journey has been marked by remarkable milestones and achievements. In 2024 alone, more than 250 female speakers represented the region at global forums, bringing regional expertise to the forefront of international cybersecurity discussions. WiCSME members have been recognized with numerous prestigious global and regional honors, including the GISEC Cyber Excellence Awards and the ISC2 Global Achievement Award for Dr. Bushra Al Blooshi. Eight of the Top 20 Cybersecurity Women of the World are WiCSME members including Dr. Reem Al Shammari, Abeer Khedr, Irene Corpuz, Heide Young, Basma Ahmadush, Heba Farahat, Sara Al Kindi and Dr. Fatema AlHarbi

The Wicked6 where WiCSME has been a partner since 2022 was joined by Dr. Reem as Advisory Board Member, Fatma Alawati as Speakers Lead and Norah Aldeghaim as Marketing Lead. It was joined by 15 inspiring speakers representing 11 countries.

We take pride in celebrating our members’ accomplishments, including 26 who spoke at local conferences, 34 who earned professional certifications, 23 who were promoted or transitioned to better opportunities, 19 who completed their Master’s or PhD degrees, and 14 who published books or research papers.

The secret to success

• The Secret to Success WiCSME’s Huge Success is attributed to four key pillars:

• The nurturing environment of Middle Eastern Islamic Arabic culture and values, where the women empowerment journey was initiated in our region by Islam 1400 years ago.

• The Support Echo System from homes across societies up to countries’ Leadership.

• The Support of brilliant sponsors, mentors, and allies, and

• The high Trust and team spirit embraced by global, regional, and national entities.

This culture of true empowerment has allowed WiCSME to flourish, with women’s expertise acknowledged, their voices heard, and their achievements celebrated.

Looking Ahead

WiCSME has successfully created an avenue for women in cybersecurity in the Middle East to showcase, foster and celebrate their talents in and beyond the world of cybersecurity. We are creating leaders who believe in being ‘Stronger together’ and actively contribute to the ‘Global sisterhood of cybersecurity’.

In 2022, WiCSME shared the dream of a day where we have a ‘United Nations of Women in Cybersecurity’, and WiCSME’s journey serves as a model of true empowerment, that is inspiring others across the globe to learn from its success stories and replicate as relevant.

In conclusion, as WiCSME continues to grow and inspire change, it calls for strengthened support from all male and female allies to maintain and expand its initiatives. With continued support and collective efforts, WiCSME is poised to make even greater strides towards a safer and better digital world for the betterment of humanity.

For more information, visit WiCSME on LinkedIn: Women in Cyber Security Middle East

YouTube: Women in Cyber Security Middle East [WiCSME] X (formerly Twitter) @WiCSME Instagram: @ womenincybersecuritymiddleeast Website: https://www. womenincybersecurity.me/

Automate Microsoft Entra PIM to secure your enterprise

What is Sheriff?

Sheriff is an identity and access management tool that enables you to automate the configuration and operation of Microsoft Entra Privileged Identity Management (PIM) across your enterprise by providing a unified “as code” declarative configuration model. It enables GitOps for Microsoft Entra PIM.

Microsoft Entra Privileged Identity Management (PIM) is a service in Microsoft Entra ID that enables you to manage, control, and monitor access to important resources in your organisation. With PIM you can provide as-needed and just-intime access to Microsoft Azure and Microsoft Entra resources, and other Microsoft online services like Microsoft 365.

Sheriff automates and enhances PIM, enabling you to use it at scale with a single source of truth, misconfiguration detection/correction, and Sheriff-specific features like policy inheritance and defaults

Sheriff helps you to operate predictably and innovate safely.

Why use Sheriff?

Single source of truth

Maintain a single source of truth for access config across your Azure estate and enable GitOps.

Import existing config

Import your existing config to immediately establish your source of truth.

Detect and correct misconfigurations

Stateless operation means Sheriff will detect and correct misconfigurations automatically.

Operate secure by default

Clever features in Sheriff like policy inheritance enable you to operate secure by default.

Reduce operating costs

Operate at reduced cost by using Sheriff to automate time-intensive manual management.

Sheriff manages

Azure resource roles

Sheriff manages active and eligible role assignments for built-in Azure resource roles like Reader, Contributor and Owner And it’ll manage custom roles, too.

Groups (PIM- enabled)

Sheriff manages active and eligible role assignments for PIM-managed group roles like Member and Owner.

Microsoft Entra roles

Sheriff manages active and eligible role assignments for built-in Microsoft Entra roles like Security Operator and Global Administrator And it’ll manage custom roles, too.

Role management policies

Sheriff manages activation, assignment and notification role management policy rules for complete governance coverage.

Navigating the Future of OT Cybersecurity: Insights and Trends from Saltanat Mashirova

By Saltanat Mashirova, Cybersecurity Expert and Advocate for Critical Infrastructure Protection

Saltanat Mashirova

As the world becomes more interconnected, securing Operational Technology (OT) and Critical Infrastructure (CI) has never been more important. The rise of cyber threats targeting these vital systems has led to the creation of frameworks and strategies designed to enhance resilience. One such approach is the UAE’s National Cyber Strategy, which aims to safeguard digital infrastructures across the nation. In this editorial, Saltanat, a recognized cybersecurity expert, shares her insights on the emerging trends in OT cybersecurity and how organizations can navigate the challenges ahead.

Cybersecurity Trends in OT and Critical Infrastructure

In today’s digital landscape, cybersecurity for OT environments is gaining prominence as industries face new challenges.

“The integration of IT and OT systems has been one of the key trends shaping the landscape of Critical Infrastructure protection,” Saltanat explains. “While the benefits of digital transformation are immense, they also create new vulnerabilities. We’re seeing increasing incidents where cybercriminals target OT systems, which traditionally have not been as exposed to external threats.”

The risks to OT environments are amplified by the growing sophistication of cyberattacks.

“We are witnessing a significant rise in cyberattacks aimed at industrial systems, including ransomware and Advanced Persistent Threats (APTs). These types of attacks can cripple entire sectors like energy, manufacturing, and transportation,” she adds. “

“As these industries continue to adopt more interconnected technologies, the attack surface expands, making it even more critical to implement robust cybersecurity measures.”

Saltanat identifies the increasing convergence of IT and OT as one of the primary drivers of change.

“The lines between IT and OT are becoming increasingly blurred. This fusion brings operational efficiencies but also introduces new risks. OT systems were never designed with cybersecurity in mind, so there is often a lack of visibility and control over these systems, which leaves them vulnerable to exploitation.”

The UAE National Cyber Strategy: A Proactive Approach to Cybersecurity

The UAE has been at the forefront of cybersecurity development, especially in the context of its Critical Infrastructure.

With initiatives like the UAE National Cyber Strategy, the country is positioning itself as a leader in securing its digital future.

“The UAE National Cyber Strategy is a forward-thinking approach to cybersecurity, focusing on developing a resilient cyber infrastructure while promoting innovation,” Saltanat states.

The strategy emphasizes the protection of critical sectors such as energy, healthcare, and telecommunications.

“The UAE recognizes that cybersecurity is not just an IT issue but a national security concern,” Saltanat explains.

“The strategy focuses on building strong governance frameworks, aligning with global best practices, and enhancing the country’s ability to respond to and recover from cyber incidents.”

According to Saltanat, the strategy is aligned with international standards, ensuring that the UAE’s cybersecurity posture is up to par with global benchmarks. “The UAE is setting a strong foundation for future resilience by investing in both technology and human resources,” she says.“It’s not just about securing infrastructure today but building capacity for the next generation of cyber professionals.”

Taking the First Step: How Asset Owners Can Start Addressing OT Cybersecurity

For asset owners in industries that rely heavily on OT systems, cybersecurity can seem like a daunting task. Saltanat recommends that the first step in any cybersecurity journey is to gain a comprehensive understanding of the risks and vulnerabilities within the OT environment.

“If you understand the importance of OT cybersecurity but don’t know where to begin, the first step is to conduct a risk assessment. This allows you to identify critical assets, assess vulnerabilities, and prioritize areas that need attention.”

Many asset owners struggle with the complex and specialized nature of OT systems, which may not be familiar to traditional IT teams. “One of the biggest challenges for organizations is the lack of integration between IT and OT teams. OT systems often operate in isolation, which means that there is a disconnect when it comes to securing these systems,” Saltanat points out. “To bridge this gap, it’s essential to have a cross-functional team that includes both IT and OT experts working together.”

Saltanat also emphasizes the importance of adopting a layered security approach. “A successful OT cybersecurity program should involve multiple layers of protection. This includes everything from network security to physical security and employee training. By securing each layer, organizations can significantly reduce the risk of a successful attack,” she explains.

Governance, Risk, and Compliance: The Foundation of a Strong Cybersecurity Program

In OT cybersecurity, governance, risk management, and compliance (GRC) are the pillars of a robust cybersecurity program. “Governance is critical for setting the direction and strategy for cybersecurity within an organization,” Saltanat notes. “Risk management helps identify potential threats and vulnerabilities, while compliance ensures that the organization is adhering to industry regulations and standards.”

A strong governance framework ensures that cybersecurity is an ongoing priority at every level of the organization. “It’s essential to have a governance structure in place to support decision-making, enforce policies, and allocate resources effectively,” she says.

“Risk management and compliance go hand in hand. While risk management focuses on identifying and mitigating potential threats, compliance ensures that the organization meets the required standards.”

Saltanat highlights that successful cybersecurity programs align with industry regulations and standards.

“For example, compliance with frameworks such as ISO 27001 and NIST Cybersecurity Framework is vital for OT environments. These frameworks provide a structured approach to managing cybersecurity risks and ensure that organizations are meeting international cybersecurity best practices.”

What Does a Successful Cybersecurity Program Look Like?

A successful OT cybersecurity program goes beyond compliance—it’s about creating a culture of security and resilience. “A successful program is not just about installing firewalls and intrusion detection systems. It’s about embedding cybersecurity into the organizational culture and operations,” Saltanat explains.

Saltanat also points to Honeywell’s role in helping organizations improve their cybersecurity posture.

“Honeywell’s expertise in both IT and OT cybersecurity is invaluable. They offer a comprehensive approach that includes everything from risk assessments to implementing advanced security solutions. Honeywell can help organizations understand their vulnerabilities and create a roadmap to enhance their cybersecurity defenses.”

Call to Action: Engaging with Honeywell and Starting Your Cybersecurity Journey

Saltanat concludes with a call to action for organizations looking to improve their cybersecurity resilience.

“If you’re an asset owner unsure of where to start, I recommend engaging with your Honeywell account representative or visiting their website to learn more about how they can help you. Honeywell’s solutions provide a strategic approach to cybersecurity, helping organizations protect their critical infrastructure from evolving threats.”

By taking the first step toward OT cybersecurity, organizations can ensure the integrity of their critical systems and safeguard against potential cyber risks.

“The digital landscape is changing rapidly, and with it, the threat landscape. Now is the time for asset owners to take proactive steps to secure their OT systems and future-proof their cybersecurity strategies,” Saltanat concludes.

TRANSFORM YOUR BUSINESS WITH GRC WORKSHOPS

RISK MANAGEMENT APPROACH

ISMS & PIMS, RELEVANT FRAMEWORKS & BEST PRACTICES

SETTING UP GOVERNANCE WITHIN YOUR ORGANISATION

COMPLIANCE EFFORTS

What Benefits Does GRC Bring

To an Organisation’s Information Security?

Great question! The simple answer is: “Many.” However, let’s elaborate. The primary benefit lies in having a dedicated business area whose main purpose is to Support the Organisation by ensuring alignment with business policy requirements. These requirements are set up to ensure compliance and mitigate risks.

GRC also helps with the alignment and adoption of industry best practices, such as ISMS (Information Security Management Systems), as well as operational and legal requirements. This contributes to enhancing the organisation’s trustworthiness and maintaining a competitive advantage. The scope of GRC varies from company to company, as it is tailored to each organisation’s specific business area and regulatory environment.

One of the biggest advantages of GRC is the structured application of Risk Management. A wellimplemented Risk Management framework systematically identifies and mitigates security risks. If an organisation conducts regular security assessments, these help to detect and address vulnerabilities before they can be exploited, thus minimising their potential impact on business operations.

Additionally, a risk-based approach allows management to make informed decisions based on their risk appetite and loss tolerance. Effective Risk Management practices are invaluable to an organisation, as they provide management with a comprehensive set of data. As a result, operational decisions can be evaluated based on reliable, trustworthy information.

Another benefit of GRC is its role in aiding Regulatory Compliance. GRC helps ensure adherence to industry standards, such as those for information security (e.g. ISMS), as well as various legal requirements. This is particularly important for organisations operating under scope of national security frameworks, like NIS2, or those subject to privacy regulations such as the EU’s GDPR. The upcoming benefits will extend to AI governance under the EU’s AI Act (AIA) and future global AI regulatory developments.

Susanne Bitter

Information Security and GRC Specialists

GRC will push the organisation forward in meeting these requirements, as the team will proactively research and prepare for them—something an organisation without such a function might struggle to do. GRC provides an overall umbrella, offering sought-after evidence to support compliance with any requirements that may arise as part of businessas-usual (BAU) operations or regulatory audits. This can be considered both effective and timeefficient. As GRC is centred around policies, processes, evidence, and auditing adherence to these, it supports the automation of audits to meet standards such as PCI DSS or HIPAA. This, in turn, reduces the risk of non-compliance penalties, which can be costly.

Moreover, GRC ensures that Policies and Security Controls are consistently followed across the organisation, maintaining alignment. It specifies and enforces regular training requirements, and may even aid in automating policy enforcement—such as ensuring employees follow data security best practices. While the implementation of controls is often the responsibility of technical teams, GRC provides organisation-wide assurance that the controls are functioning as intended and are continually achieving the outcomes they were designed to deliver.

In an era where cyber-attacks are inevitable and faced regularly by companies, GRC plays a vital role in providing a framework for responding to security breaches.

It also offers learning opportunities and potential improvements within incident response planning. A structured approach to Incident Response helps mitigate the impact of an incident (e.g. a cyber-attack) quickly and, likely, more efficiently.

GRC can also help an organisation define and enforce Security Requirements for Suppliers. These requirements serve as guidelines or boundaries within which the supplier must operate to meet business expectations, ensuring good security hygiene across the entire lifecycle of the business relationship, particularly in shared processes. Many companies fail to establish operational or security requirements for suppliers and other relevant third parties involved in their business operations—such as those required by ISMS—and are then left at the “mercy” of the supplier to support the common goal.

Recently, supply chain management has been introduced as a requirement in many new regulations and laws, which is widely welcomed. However, there is no one-size-fits-all approach to doing this effectively. Having clear criteria, shared values, and a selective approach to choosing suppliers is highly recommended, rather than simply opting for the “cheapest option.” Third-Party Risk Management (TPRM), also known as Supply-Chain Risk Management (SCRM), supports GRC efforts and could even be incorporated into the GRC area if deemed appropriate.

GRC often centralises data, which enhances Visibility, Reporting, and overall Monitoring capabilities, thereby enabling better decisionmaking. Well-defined dashboards provide real-time insights into the organisation’s security posture, allowing for faster corrective actions.

There are many benefits to GRC, and it is ultimately up to each organisation to decide how much it can leverage what GRC has to offer. A well-embedded GRC function could become a significant Enabler of Business Growth and a valuable resource for many organisations.

To find out more about your GRC requirements email : thomas@ospcyberacademy.com

Move fast and stay secure with AWS

AWS offers a global cloud infrastructure designed to be the most secure with:

• Comprehensive security tools and an advanced set of sovereignty controls and features

• Global reach for help with local compliance

• Control over your data location and access

• Expert consulting, training, and managed services to accelerate your business goals

Visit us at GISEC 2025 Hall 3 F25 to learn how AWS can transform security and compliance into business enablers.

Want to learn more about AWS?

Join us for AWS Summit Dubai and discuss your security considerations with us in person.

AWS Summit Dubai | 21 May 2025 at Dubai World Trade Center

Threat Intelligence powered by Cyber Deception

Charting a new Course in

CyberseCurity: the CyberKnight story with avinash advani

Avinash Advani CEO at CyberKnight

In the ever-evolving landscape of cybersecurity, few companies have made as swift and significant an impact as CyberKnight is a result of the critical role Zero Trust plays in securing tomorrow’s digital infrastructure.

A Veteran’s Vision

With a career spanning over 25 years—from the epicentre of innovation in Silicon Valley to the heart of the Middle East— Avinash brings a rare blend of technical depth and strategic foresight. After successful stints at Cisco and scaling other cybersecurity ventures, CyberKnight is his third major act, and arguably his most transformative yet. Founded just five years ago, CyberKnight has grown exponentially, achieving $120 million in revenue and building a presence across 10 countries in the Middle East and Africa. Today, with a 130+ member team and over 400 channel partners, CyberKnight delivers value to 800+ enterprise and government customers across the region.

The Philosophy of Zero Trust

Central to CyberKnight’s ethos is its unwavering commitment to Zero Trust Security—a model that assumes no implicit trust, whether inside or outside the network perimeter. CyberKnight has mapped its 35-vendor portfolio to the core pillars of Zero Trust, including:

• Data

• Devices

• Networks

• Applications

• Identity

• Visibility & Analytics

• Automation & Orchestration

• Governance

This structured framework ensures that every solution offered contributes directly to enhancing security posture across the board.

“We evangelized Zero Trust before it was a buzzword in the region, we’ve built a narrative, an ecosystem, and a business model around it—where advisory meets execution.”

Addressing Real-World Challenges

The most pressing cybersecurity challenges in the region are: -

1.Artificial Intelligence (AI): Organizations are grappling with both the promise and peril of AI—using it to bolster defences while simultaneously needing protection against AI-powered threats.

2. Quantum Encryption: With quantum capabilities emerging—particularly in geopolitically influential nations— enterprises must prepare now for a future where today’s encryption standards may no longer suffice.

The persistent dual mandate driving cybersecurity investments: compliance and modern threat protection. In a region where local regulations are evolving rapidly, and cyber threats are amplified by geopolitical tensions, organizations are increasingly leaning on specialized partners like CyberKnight to navigate complexity with precision.

The CyberKnight Differentiator

While many players operate in the cybersecurity distribution space, CyberKnight stands apart by blurring the lines between distributor and trusted advisor.Unlike traditional value-added distributors (VADs), CyberKnight’s model— aptly dubbed the “Art of Cybersecurity VAD”—creates value simultaneously for vendors, resellers, and end-users.

Three strategic differentiators:

•Balanced Portfolio: Featuring marketleading vendors across both cutting-edge and advanced (but proven) technologies.

•Solution-Centric Advisory: A focus on contextualizing global trends (from Gartner, Forrester, etc.) and local compliance needs into actionable cybersecurity roadmaps.

• Education & Evangelism: A strong emphasis on awareness-building, ensuring that stakeholders understand the evolving nature of threats and the frameworks needed to combat them.

Looking Ahead

CyberKnight is not just riding the cybersecurity wave—it’s helping shape it. With Zero Trust as its backbone, a dynamic partner ecosystem, and a bold regional footprint, the company is charting a new course—one that puts customer needs, compliance alignment, and future readiness at the forefront.

In an age where digital threats evolve faster than policies, CyberKnight’s blend of speed, strategy, and substance is not just timely— it’s essential.

Optimizing

SIEM. Maximizing Security. NETbuilder & Cribl

At NETbuilder, together with Cribl, we help you optimize your SIEM — cutting costs, simplifying data, accelerating migrations, and strengthening security.

Smarter SIEM, Stronger Outcomes.

His Excellency Dr. Mohamed Al-Kuwaiti, Head of the UAE Cybersecurity Council

National Cyber Security Strategy for the UAE 2025-2031

“Our vision is to be the innovative global leader in cyber security and deliver a safe, secure, and resilient digital ecosystem, enabling the UAE, its society, and economy, to flourish”

NATIONAL CYBER SECURITY STRATEGY FOR THE UAE 2025 – 2031

The United Arab Emirates (UAE) has made significant strides in the realm of cyber security, consistently featuring in the list of the most secure countries globally. Our focus on cyber security is a testament to our nation’s unwavering commitment to securing our digital landscape and creating a secure environment for our people and economy to prosper.

However, we recognize that in the rapidly evolving world of technology, we must continuously adapt and refine our approach to cyber security to counter those threat actors that seek to cause harm to the UAE, and its society more broadly. Since the launch of our previous cyber security strategy in 2019, the world has undergone profound changes, presenting new challenges and opportunities.While the key tenets of our strategy remain unchanged, we have refocused our efforts to address 6 Government the evolving threat landscape and align with our nation’s ambitious goals.

The UAE is determined to position itself as a global leader and digital hub, driving innovation and embracing emerging technologies. As we evolve on our digital transformation journey, through the digitalization of government services and within critical segments of industry, the importance of robust cyber security measures cannot be overstated.

As an early adopter and investor in cutting edge technologies, particularly in the f field of artificial intelligence (AI), we recognize the critical role that cyber security plays in ensuring the integrity, confidentiality, and availability of our digital assets.

Our refreshed national cyber strategy outlines a comprehensive framework for protecting our digital infrastructure, safeguarding our citizens’ data, fostering a culture of cyber security awareness, and building national cyber capabilities to respond to evolving threats.

By implementing advanced security measures, promoting public private partnerships, and investing in research and development (R&D), we aim to create a resilient and secure digital ecosystem that enables us to harness the full potential of emerging technologies while mitigating the associated risks.

In addition to our domestic efforts, the UAE is committed to its responsibility and role on the global stage in the field of cyber security. We actively participate in international forums, contribute to the development of global cyber security standards, and collaborate with like-minded nations to address transnational cyber threats.

By sharing our expertise, experiences, and innovative solutions, we seek to shape the global cyber security landscape and cement our position as a thought leader in this critical domain. As we move forward, we remain committed to collaborating with our international partners, sharing best practices, and contributing to global efforts on cyber security. Our strength comes from unity and a collaborative approach to cyber security.

UAE vision

statement is driven by this strategy, that places

trustworthy innovation

at its core.

By working together across the Emirates, we will strengthen the security of our nation. We invite all stakeholders – government entities, private sector organizations, academia, global partners, and our citizens – to join us in this vital endeavour. By working together, we can realize our vision of a digitally empowered, safe, secure, and prosperous UAE

STRATEGY OVERVIEW

“Our vision is to be the innovative global leader in cyber security and deliver a safe, secure, and resilient digital ecosystem, enabling the UAE, its society, and economy, to flourish”

The UAE is already recognized as a global leader in cyber security, however, our National Cyber Security Strategy outlines a vision to be the global leader in cyber security innovation: securing the UAE’s use of innovative technologies, such as AI, while simultaneously harnessing these technologies to protect, deter, detect, respond to, and rapidly recover from malicious attacks.

This vision of trustworthy innovation places the security of our society and economy at center stage, extending the long tradition of the UAE being a safe environment for its citizens, residents and visitors to prosper.

The UAE is ideally placed to fulfil this role on the global stage, given the UAE’s broader economic vision and strategy to be a leading regional and global digital hub, fuelled by innovation and the skills that drive it. Cyber security will play a fundamental role in enabling this economic growth, by delivering a thriving, secure and highly resilient digital ecosystem built on strong foundations of technical skill and academic excellence. The UAE believes tT]]]

That this vision cannot be achieved alone. Due to the highly interconnected global digital infrastructure, as well as the global nature of cyber threat actors and the attacks that they launch, cyber security is fundamentally a global challenge that must be tackled as one. The UAE will play its part as a key enabler and leader in this global cyber security community, building strong links with regional and global institutions that make our world a safer, more sustainable and secure place; not only for ourselves, but for future generations to come.

NATIONAL CYBER SECURITY STRATEGY FOR THE UAE 2025 – 2031 (CONTD:)

The UAE National Cyber Security Strategy serves as a comprehensive roadmap for securing our digital future.

FIVE PILLARS HAVE BEEN IDENTIFIED THAT PROVIDE A COMPREHENSIVE FRAMEWORK FOR DIRECTING CYBER SECURITY EFFORTS IN THE UAE TO MEET OUR STATED VISION.

01

ESTABLISHING HIGHLY EFFECTIVE AND COHESIVE CYBER SECURITY GOVERNANCE

Establishing a cohesive and effective cyber security governance structure is crucial to ensure a coordinated and harmonized approach to cyber security across the nation. This pillar aims to provide clarity, eliminate overlaps, and promote collaboration among various entities at the federal, sectoral and emirate levels. By rolling out a comprehensive governance and assurance framework, the UAE will continue to strengthen its overall cyber security posture by fostering a collaborative approach to governing existing and emerging technologies in priority areas such as AI and sustainability across all levels of the UAE’s cyber security ecosystem.

To Govern

• Roll-out of a comprehensive cyber security governance and assurance framework across the UAE ecosystem.

• Promote a trusted UAE ecosystem through accreditation and cyber hygiene programs for UAE entities.

• Establish a collaborative and inclusive approach to governing the security of existing and emerging technologies.

02

DELIVERING A SAFE, SECURE AND RESILIENT DIGITAL ENVIRONMENT.

Delivering a secure, sustainable and resilient digital environment is fundamental to the UAE Vision 2031, which puts economic growth and digital transformation at the heart of the UAE’s future. This aim of a safe, secure, and resilient ecosystem will be achieved through strong coordinated collaboration of technical capabilities at the federal, emirate, sector, and Critical Information Infrastructures (CIIs), that seamlessly integrate to not only protect the populace and critical assets from cyberattacks but also rapidly identify and respond to.

To protect and defend.

• Strengthen the UAE’s comprehensive situational awareness through national detection, monitoring and information sharing capabilities.

• Boost the UAE’s resilience by enhancing CII and government entities ability to protect, prepare for, respond to and recover from cyber-attacks .

• Secure the UAE populace from common cyber threats to protect citizens’ social and financial well-being.

• Nurture a globally competitive and diversified UAE cyber workforce through upskilling for existing professionals & focused groups.

03

ENABLING THE RAPID AND SECURE ADOPTION OF INNOVATION.

Innovation is a key pillar of the 2031 Vision and an enabler of a flourishing economy and society. To enable this innovation and harness the full potential of emerging technologies such as AI, it is essential to prioritize their safe and secure adoption. This pillar focuses on anticipating, assessing, and mitigating security and privacy concerns associated with these technologies to accelerate their secure adoption across the UAE. By stimulating research and development (R&D) in cyber security innovation and investing in the necessary talent and infrastructure, the UAE will position itself as a leader in trusted innovation.

To Innovate.

• Prioritize the safe and secure adoption of technologies in areas of interest such as AI and sustainable technology by anticipating assessing & mitigating related security & privacy concerns.

• Stimulate research and development for cyber security by investing in the people, industries and technologies that are key to the UAE’s success in securing the innovation agenda.

04

STRENGTHENING NATIONAL DIGITAL AND CYBER CAPABILITIES.

Developing strong national digital and cyber capabilities is essential for the UAE to maintain its sovereignty and achieve its vision of becoming a global digital hub. This pillar focuses on enhancing the UAE’s data, operational, and technical maturity while fostering a vibrant ecosystem of technology providers. Additionally, by promoting entrepreneurship, education, and talent in the cyber security domain, the UAE aims to build a robust and sustainable foundation to secure its digital future.

To Build.

• Further develop national Emirati capabilities to enhance UAE data, operational and technical maturity.

• Accelerate the UAE’s journey towards a global digital hub by fostering cyber security entrepreneurship and education, attracting talent, and promoting a vibrant cyber security marketplace.

05

FOSTERING NATIONAL AND INTERNATIONAL COLLABORATION AND PARTNERSHIPS.

Cyber security is a global challenge that transcends borders. To effectively combat transnational cyber threats and promote a secure cyberspace, the UAE must actively engage in regional and international collaboration. This pillar emphasizes on the importance of engaging with strategic partners, delivering sustainable capacitybuilding projects, and scaling publicprivate partnerships to harness collective strength to drive cyber security solutions. By fostering strong national and international partnerships, the UAE will contribute to a more secure and resilient global cyber ecosystem.

ABOUT THE CYBER SECURITY COUNCIL.

• Strengthen regional and international collaboration to promote a secure cyber space and counter transnational cyber threats.

• Deliver sustainable cyber security capacity building projects regionally and internationally and engage in mutual assistance agreements with strategic international partners.

• Scale private-public partnerships in cyber security to develop technical and interoperable cyber security solutions.

CONCLUSION

The UAE National Cyber Security Strategy serves as a comprehensive roadmap for securing our digital future. It is a call to action for all stakeholders, including government entities, private sector organizations, and residents, to collaborate and contribute to our collective cyber security efforts.

As we embark on this journey, we must remain vigilant, adaptable, and committed to building a resilient and secure digital ecosystem that enables us to harness the full potential of emerging technologies while safeguarding our national interests. By working together, we can create a prosperous and digitally empowered nation that stands at the forefront of the global cyber security landscape

To download your entire copy of the National Cyber Security Strategy of UAE 2025 – 2031 scan QR code.

The Cabinet of the UAE formed the Cyber Security Council in 2020 to support the UAE’s commitment to achieving a safer digital transformation. It is headed by H.E. Dr. Mohammed Hamad Al Kuwaiti and comprises a variety of federal and local authorities in the UAE. The Council is tasked with developing legislative and regulatory frameworks that address various cyber security issues, including cybercrime, as well as securing present and upcoming technologies.

HUAWEI AT GISEC GLOBAL 2025

THE EVOLUTION OF DATA PROTECTION: HOW GDPR IS SHAPING GLOBAL PRIVACY STANDARDS

By Irene Coyle, Chief Operating Officer at OSP Cyber Academy

The regulation has empowered individuals to take control of their data.

Why GDPR’s Approach to Consent and Transparency Matters

In the digital age, where personal data is a critical asset, the need for robust data protection measures has never been more pressing. The General Data Protection Regulation (GDPR), introduced in 2018, has set a global benchmark for data privacy. It has transformed not only how organisations manage data but also how individuals view their personal information. But what makes GDPR so impactful, and how is it shaping the global landscape of data privacy?

For Irene Coyle, Chief Operating Officer at OSP Cyber Academy, GDPR represents a paradigm shift in how data is treated.

“GDPR is more than just a regulation,” Irene explains. “It’s a framework that redefines the relationship between individuals and organisations in terms of data. It places the individual at the heart of all data processing activities, ensuring their rights are prioritised.”

This shift from a compliance-driven model to one that emphasises individual rights marks GDPR’s most significant contribution to the privacy landscape.

“ If it was your data, you would want to have control over how it’s used, how it’s stored, and how it’s shared. GDPR puts that power back into the hands of the individual, ” Irene highlights.

The Global Impact of GDPR

One of the most remarkable aspects of GDPR is its global influence. While it originated in the EU, it has set the standard for data privacy laws worldwide. Irene points out that many countries have followed suit, recognising GDPR as the blueprint for modern data protection.

“Obviously we now have the UK GDPR too but also countries like Brazil, South Korea, and various states in the US are adopting GDPR-like laws because they see the value in creating a unified framework for data protection,” she says.

This influence extends beyond simple adoption; GDPR has prompted a cultural shift towards transparency and accountability in data practices.

“GDPR makes organisations answerable to the people whose data they handle. It ensures that privacy is not just a legal obligation but a fundamental value,” Irene notes.

One of the cornerstones of GDPR is its emphasis on consent and transparency. Before GDPR, consent was often buried in long detailed legalese, making it difficult for individuals to fully understand what they were agreeing to. GDPR changed that.

“GDPR requires clear, informed, and affirmative action consent. It forces organisations to be transparent and to explain their data practices in simple, understandable terms,” Irene explains.

This shift towards transparency has been crucial in building trust.

As Irene highlights,“Transparency isn’t just about compliance—it’s about trust. Companies that are clear about how they use data are more likely to earn the trust of their customers. And in today’s world, trust is a competitive edge.”

Data Governance Under GDPR

The implementation of GDPR has forced organisations to rethink their approach to data governance. No longer is data protection viewed solely as an IT issue; it is now recognised as a business risk.

“Data protection is a business-wide issue that affects every department, from marketing to HR. GDPR makes it clear that this is essential to the integrity and reputation of the organisation,” says Irene.

For Irene, a key component of effective data governance is having a dedicated data protection officer (DPO).

“A DPO plays a crucial role in ensuring that an establishment adheres to GDPR principles. It’s not something that can be tacked onto someone’s existing responsibilities,” she explains. “Without a dedicated DPO, organisations struggle to demonstrate the level of accountability that GDPR demands.”

Irene describes the importance of mapping data flows:

“GDPR forces companies to trace the entire journey of their data—from collection to storage, sharing, and disposal. This mapping process is not only essential for compliance but also for strengthening an organisation’s overall data governance framework.”

GDPR

vs. CCPA: Key Differences

Comparing GDPR with other privacy laws, such as the California Consumer Privacy Act (CCPA), highlights some key differences. While both laws aim to protect personal data, GDPR takes a more comprehensive approach.

“GDPR requires opt-in consent, whereas CCPA allows individuals to opt out of data sales. This is a fundamental difference because opting in ensures that the individual is fully aware and in control of how their data is used,” Irene explains.

Furthermore, GDPR introduces the concept of “privacy by design,” meaning that privacy must be integrated into the development of new products and services from the very beginning. Irene underscores this by saying,

“GDPR doesn’t allow organisations to scramble to comply at the last minute. Privacy must be embedded in the design process from day one. It’s about proactively protecting data, not reacting to issues after the fact.”

Another critical distinction between GDPR and CCPA is GDPR’s extraterritorial scope.

“Even if a company is based outside the EU, if they process the personal data of EU citizens, they must comply with GDPR. This global reach is something that other regulations, like CCPA, don’t have,” Irene notes.

“This extraterritorial reach ensures that organisations worldwide are held to the same high standards of data protection, which is crucial for the digital economy.”

Looking Ahead: The Future of Data Protection

This global reach is something that other regulations, like CCPA, don’t have, Irene notes.

“This extraterritorial reach ensures that organisations worldwide are held to the same high standards of data protection, which is crucial for the digital economy.” she says.

As Irene prepares to attend the GISEC Conference in Dubai, she reflects on the future of data protection and GDPR’s continuing evolution.

“The world is changing rapidly, and data protection must evolve with it. GDPR has set the foundation, but it’s important for organisations to continue to adapt and embrace data protection as a core business value,” she says.

At OSP Cyber Academy, Irene and her team are helping companies navigate the complexities of GDPR compliance and data protection training.

“We’re seeing a real shift in how organisations approach data protection. It’s no longer seen as a regulatory hurdle but as a strategic asset that can enhance brand value and build consumer trust,” Irene adds.

Looking ahead, GDPR is likely to remain the global standard for data protection, influencing not just new regulations but also the way businesses think about data.

“GDPR has set the bar for data privacy, and it’s up to all of us to ensure that we continue to meet and exceed those expectations,” Irene concludes.

Data breaches don’t knock.

Protect your data. Protect your reputation. At OSP Cyber Academy we deliver bulletproof Data Protection Services, that keep your business compliant, secure, and one step ahead of cyber threats.

✅ GDPR & UK Data Protection Compliance

✅ Expert Risk Assessments & Policies

✅ Staff Training & Ongoing Support

✅ GDPR Audits and Roadmaps to Compliance

Don’t wait for a disaster to take action. Hackers don’t rest. Neither do we.

From Patrol Cars Chasing Tour Buses: How a Rockstar and a Retired Cop Joined Forces & Became The Architects of Digital Dominance!

Karafotis - Co Founder Silver Spoon Agency USA

In an age where digital transformation has become a buzzword, two men from radically different worlds have joined forces to build what many are calling the most unconventional and effective marketing agency in the world. Meet George Karafotis, the former touring rockstar from Greece, and Ceasar Munoz, a retired NYPD officer from New York City — now the masterminds behind Silver Spoon Agency, known to many as “the growth engin eers of the digital elite.”

From Stage Lights to Spotlight: George Karafotis’ Path

George Karafotis began his professional life with a guitar in hand, traveling the world, performing on stages, and living the life most people only dream of. But in between soundchecks and tour buses, George found himself pulled by a different beat — digital marketing. While his bandmates rested, he studied, tinkered, and tested strategies, discovering that the same creativity that fueled his music could be weaponized to dominate the digital landscape.

“It gave me a completely different angle,” George explained. “I wasn’t just thinking like a marketer — I was thinking like an artist. We approach everything from the creative core first. That’s why our funnels and systems don’t just perform — they connect.”

Ceasar Munoz: From the NYPD to CEO

Ceasar Munoz brings a different type of battlefield experience. After serving over 17 years as a police officer in New York City, Ceasar found himself drawn to entrepreneurship. While most officers plan their post-retirement on cruise ships or golf courses, Ceasar built Silver Spoon Agency from the front seat of his squad car.

“It started on a laptop in my cruiser,” Ceasar said. “I saw how small businesses were struggling to grow because they didn’t understand digital. I wanted to help people cut through the noise.”

Their journey is the stuff of legends — part tech fairytale, part underdog hustle story, all punctuated with humor, grit, and a shared obsession with performance-driven marketing.

And help he did. After meeting George through a mastermind, the two clicked instantly. “He’s a powerhouse,” Ceasar said of his partner. “This partnership? It belongs in the history books.”

Growth Architects of the Digital Elite

Unlike traditional agencies that offer cookie-cutter campaigns and one-size-fits-all templates, Silver Spoon Agency brands itself as the anti-agency agency. They don’t just “run ads.” They engineer ecosystems. They build predictable, scalable, data-backed marketing machines rooted in behavioral science.

“When we say we’re ‘growth architects,’ we mean it,” George shared. “We engineer every step of the journey — from the hook to the offer to the conversion funnel. We think in systems, not just campaigns.”

The foundation of their approach is built on three key pillars:

1. Speed – The duo moves fast. Launch fast. Test fast. Learn fast.

2. Consumer Psychology – Every touchpoint is rooted in behavioral science, leveraging cognitive biases to create persuasion-driven campaigns.

3. Predictability – They design systems that aren’t based on hope, but proven formulas that scale.

Beyond Buzzwords: A Secret Sauce That Works

While many agencies pride themselves on trendy tactics or shiny branding, Silver Spoon Agency backs up every claim with results.

“Our team just won three prestigious awards in design, development, and art direction,” Ceasar proudly shared. “But the truth is, that’s just a byproduct of the strategy we put behind it.”

Their team uses proprietary funnelmapping tools to visualize the entire customer journey in advance. From the number of ads to be deployed to the copy to the split-test variants — nothing is left to chance.

George elaborates, “It’s not about creating ads. It’s about building decision-making machines. Funnels that automate trust, emotion, logic, and conversion — all in one ecosystem.”

Behavioral Science as the Competitive Edge

What truly separates Silver Spoon from the noise is their use of behavioral science. They don’t just create marketing assets. They reverse-engineer human decisionmaking and layer their campaigns with high-converting tactics that appeal to core psychological drivers.

“We use cognitive biases like reciprocity, doubt-avoidance, social proof — not randomly, but strategically embedded at every stage,” said George.

They install PowerPixels on websites to study real-time user behavior. Heatmaps reveal where users click, scroll, or drop off. “We eliminate friction. We remove the guesswork. And we scale,” George adds.

The Trojan Horse Strategy

As platforms like Meta (Facebook) and Google introduce tighter regulations, traditional marketing tactics have lost much of their effectiveness. But that hasn’t stopped Silver Spoon. In fact, they anticipated it.

Ceasar & George revealed one of their most successful innovations: The Trojan Horse Strategy . While they kept the specifics under wraps, it’s designed to help brands in regulated industries (like finance, health, or cybersecurity) cut through red tape without violating platform policies.

“It’s white hat. It’s compliant. But it’s disruptive. It gives us — and our clients — a massive edge,” Ceasar & George noted.

Expanding into the UAE: Growth Without Borders

With their eyes now on global domination, George and Ceasar are bringing their talents to Dubai — joining the UK Pavilion at GISEC, the largest cybersecurity event in the Middle East.

“This isn’t just about expansion,” George said. “It’s about aligning with forwardthinking CEOs who want to future-proof their growth. We’re not just bringing services — we’re bringing transformation.”

When asked for one piece of advice for CEOs looking to scale in 2025 and beyond, George was clear: “Ask yourself — do you have a system that builds trust, automates buyer emotions, and aligns with market behavior? If not, you’re already behind.”Ceasar added, “The loudest voice doesn’t win. The smartest strategy does.”

George has become the face of the brand, gracing international magazine covers and leading with bold, creative content like The Good, Bad, and Ugly of Marketing Instagram series. But don’t be fooled — Ceasar’s influence is just as strong behind the scenes.

“We’re about to flood the market,” Ceasar said. “You’re going to see both our faces everywhere. We’ve got joint campaigns and many magazine covers, and interviews, and yes — even a top-secret, invite-only VIP party in Dubai.”

As their podcast appearance wrapped, Tommy McCarthy, the host of Let’s Talk Cyber, left listeners with a final reminder: “If there’s one thing a rockstar knows, it’s how to throw a party. And if there’s one thing these two know, it’s how to grow a business.”

Final Thoughts

Silver Spoon Agency isn’t just a digital marketing firm. It’s a movement. A revolution in how growth is engineered. Built on grit, grounded in science, and fueled by creativity — George and Ceasar are here to dominate, not compete.

And if you’re a CEO who’s ready to scale, their message is simple: Get in. Buckle up. And let’s build something legendary.

Ceasar Munoz - Founder Silver Spoon Agency - USA

Siker Believe learn

Siker is a leading cyber security firm specialising in training, consulting, and professional services for industries where security is missioncritical. Since 2013, we have been committed to equipping professionals with the knowledge and skills needed to perform their roles securely, ensuring the protection of Critical National Infrastructure (CNI), Oil & Gas, Nuclear, Government, Water, and Transportation sectors against evolving cyber threats.

Awareness & Training Workforce Development

Empowering engineers, OT professionals, and safety teams with industryleading cyber security knowledge

Our experienced staff will conduct a full Learning Needs Analysis (LNA) or Training Needs Analysis (TNA) Based on the findings we will deliver a suite of training courses to suit all your needs

Consulting & Compliance

Identifying vulnerabilities, ensuring compliance, assessing against risk frameworks and strengthening security posture

WHY SIKER?

OT & IT Security Integration

Bridging the gap between IT and Operational Technology for comprehensive protection

ining – Practical cyber security education tailored for engineers and safety professionals

c Expertise – Deep understanding of CNI, Oil & Gas, and OT environments

Track Record – Trusted by governments and high-risk industries

Global Reach – Expanding into Middle East, North Africa, Europe and beyond

info@sikercyber com

https://sikercyber com

@sikercyber

https://www linkedin com/company/siker-cyber

https://www facebook com/SikerCyber

https://www youtube com/@SikerCyber2013

Defending Critical Information Infrastructure (CII) -

The need for collaboration and innovation

The need to effectively defend Critical Information Infrastructure (CII) and achieve resilience has never been greater. In an increasingly digital world, Critical Information Infrastructure has become a prime target for cyber threat actors, including nation states, criminal syndicates, and attackers with financial motives. Also called Critical National Infrastructure (CNI), these are the various essential resources of a nation, that form a part of its very fiber.

From energy grids and water systems to transportation networks and healthcare institutions, CII is the backbone of the essential services that keep societies running. Over the decades these systems have become more interconnected and reliant on digital technology, making them more vulnerable to cyberattacks. However, this challenge can be effectively overcome by adopting an innovative and collaborative approach, with a relentless focus on the security-basics.

The defense of CII must be a national priority. But no single organization or entity can do it alone. The complexity and scale of the threat landscape require a joint effort between government entities, the private sector and technology vendors. Fortunately, across the world, we are witnessing a positive shift towards more inclusive and forward-thinking cybersecurity strategies that emphasize resilience, collaboration, and shared responsibility. A shift from security to resilience, from partnership to collaboration.

The protection of CII in the United Arab Emirates – An overview

The UAE Cybersecurity Council has been doing a tremendous job in driving the adoption of robust security practices across government entities, both critical and non-critical. With the goal of not just achieving a sound security posture, but effectively maintaining resilience.

The recently released National Cybersecurity Strategy (2025-2031) places a critical emphasis on securing CII, with clear metrics to report, for CII sectors. Built on 5 pillars of governance, digital resilience, innovation, cyber capabilities and collaboration, the strategy provides an effective framework to achieve cyber resilience, as well as lays down the guidelines to implement the strategy. Pillar 2 titled Delivering a safe, secure and resilient digital environment places specific requirements for CII within the government sector.

Several initiatives have been launched as part of implementing the National Cybersecurity Strategy, such as the Cyber Protective Shield, under which critical sectors in the country engage in cyber drills regularly to strengthen defenses and enhance cyber resilience.

Another initiative launched as part of the National Cybersecurity Strategy is the secure supply chain program for government and CII’s, with the aim of ensuring a secure ecosystem of vendors.

One of the most effective ways to strengthen the cybersecurity of CII is through strong public-private collaboration. Governments play a pivotal role in setting cybersecurity standards, regulatory frameworks, platforms for threat intelligence sharing, and responding to major incidents. Meanwhile, private sector organizations, which own and operate much of the infrastructure, bring technical expertise, innovation, and firsthand insight into operational vulnerabilities

Collaborations thrive in an environment of trust. Governments must create safe and legally protected environments where companies can report threats or breaches without fear of reputational damage or regulatory backlash. Likewise, private operators need to proactively engage with government agencies to align their security practices with national standards and participate in coordinated defense initiatives.

Programs such as the UAE’s award winning Cyber Pulse program, the United States’ Cybersecurity and Infrastructure Security Agency (CISA) and the UK’s National Cyber Security Centre (NCSC) have shown the power of this partnership model.

The Cyber Pulse Program which was awarded at the World Summit on Information Society, is a community-focused program that provides awareness to all community segments.

In addition, these federal agencies provide realtime alerts, sector-specific guidance, governance frameworks and training programs that empower CII entities to stay ahead of emerging threats. Countries across the globe can learn from and adapt these models to suit their own unique contexts.

Embracing Innovation and Next-Generation

Technologies

Defending CII requires not just collaboration but also innovation. Cyber threat actors are constantly evolving their tactics, so defenders must stay one step ahead. Integrating emerging technologies such as artificial intelligence (AI), machine learning (ML), and behavioral analytics into cybersecurity frameworks is becoming increasingly essential.

For example, AI-powered intrusion detection systems can analyze massive volumes of network data in real time, identifying anomalies that may signal a breach. Behavioral analytics can detect unusual activity by legitimate users—such as accessing systems at odd hours or transferring large volumes of data—and flag it for investigation. These tools not only improve threat detection but also reduce response time, which is critical in minimizing damage during a cyberattack.

Moreover, innovations like zero-trust architecture—a model that assumes no user or system is inherently trustworthy—can significantly reduce the risk of internal threats. Combined with strong encryption, multi-factor authentication, and micro-segmentation of networks, these technologies create a layered defense approach that makes it harder for attackers to move laterally within a system.

Five Good Practices for Strengthening CII Cybersecurity

1. Implement Continuous Risk Assessments

CII operators must regularly assess and update their understanding of potential vulnerabilities. Risk assessments should consider both external threats and internal weaknesses, including outdated systems or poor access controls. These assessments should feed into a dynamic security strategy that adapts as new threats emerge.

2. Foster a Cyber-Vigilant Culture

Human error remains one of the leading causes of successful cyberattacks. Training employees to recognize phishing emails, use strong passwords, and report suspicious behavior can dramatically improve an organization’s security posture. Cyber vigilance should be part of onboarding, ongoing training, and even executive leadership development.

3. Participate in Information Sharing Networks

No organization has complete visibility into the threat landscape. By joining sector-specific Information Sharing and Analysis Centers (ISACs) or national-level cybersecurity forums, CII entities gain access to real-time threat intelligence, shared experiences, and collective defense strategies. Governments can facilitate these exchanges and provide actionable insights.

4. Establish and Test

Preparedness is key, when dealing with OT/ICS. Every CII organization should have a well-documented and regularly tested incident response plan. This includes roles and responsibilities, communication protocols, legal considerations, and recovery procedures. Simulated cyber drills can help teams respond effectively under pressure.

5. Invest in Secure Design and Resilient Systems

Security should be built into systems from the ground up—not bolted on as an afterthought. Using secure-by-design principles, adopting redundant systems, and maintaining offline backups ensure that services can continue or be quickly restored in the event of an attack. Resilience is just as important as prevention.

Looking Ahead: A National Mission

Securing critical national infrastructure is not just a technical challenge - it’s a national mission that requires vision, leadership, and unity. As cyber threats grow more sophisticated, the lines between civilian, government, and military domains blur. What happens in one sector can have ripple effects across an entire nation.

Therefore, fostering a cybersecurity ecosystem where innovation thrives, collaboration is the norm, and resilience is a shared goal must be the way forward. Governments should lead the charge by setting clear policies, funding research, and building frameworks for cooperation. The private sector should bring its agility, technical talent, and on-the-ground insights. Academia and civil society can contribute with education, research, and community outreach.

Together, we can defend our most vital assets against even the most persistent threats. With the right approach, cybersecurity becomes not just a shield, but a source of national strength, economic stability, and public trust. The future of our critical infrastructure depends on what we do today—and by choosing innovation and collaboration, we are making the right investment for a safer tomorrow.

September

Empowering Global Cooperation in Cybersecurity

3rd Edition

5-6 November 2025 | Exhibition World Bahrain

November - 12 | Abu Dhabi, UAE

Securing Critical National Infrastructure: Navigating the Evolving Cyber Threat Landscape

By Stuart Harwood, Head of Business Development at Siker Cyber

In today’s digital world, securing Critical National Infrastructure (CNI) has become a paramount concern. As the backbone of essential services—ranging from energy to healthcare—CNI is increasingly targeted by sophisticated cyberattacks. This vulnerability has become even more pronounced as the interconnectedness of systems grows. In this article, Stuart Harwood, Head of Business Development at Siker Cyber, shares his expertise on the evolving cybersecurity challenges within CNI and offers insights on how...

Stuart’s journey into CNI and cybersecurity has been both diverse and dynamic.

“I started my career as a software developer after university, and then I pivoted into ethical hacking. From there, I moved into the critical national infrastructure space, where I’ve spent the past nine years working across industries like oil, gas, and nuclear,” he explains.

This diverse background has given Stuart a unique perspective on how cybersecurity practices must evolve to meet the challenges faced by critical sectors.

The

Growing Complexity of Cyber Threats in CNI

As critical systems become more integrated and reliant on digital technologies, they become more susceptible to cyberattacks. “The landscape has changed dramatically in the last decade. We are now far more dependent on digital systems, which have attracted adversaries looking to exploit vulnerabilities,

”Stuart points out. One prominent example of this evolving threat landscape is the ransomware attack on Synnovis in June, which targeted pathology services for the NHS. The attack caused significant disruption and resulted in a £32.7 million loss. “These types of incidents show how interdependent we’ve become on digital systems. The stakes are incredibly high, and organizations need to protect themselves not just from traditional IT threats, but also from threats that target operational technology systems,” Stuart elaborates.

The complexity of modern cyberattacks, particularly those targeting supply chains, adds another layer of difficulty for organizations attempting to safeguard CNI. Stuart highlights that many of the most sophisticated attacks today occur through supply chain vulnerabilities.

“The interconnectedness of modern systems means that a vulnerability in one part of the supply chain can create cascading risks across the entire infrastructure. Organizations need to be proactive in securing every layer of their networks,” he says.

A Holistic Approach to Cybersecurity

In addressing these challenges, Stuart emphasizes the importance of a holistic approach to cybersecurity.

“At Siker, we focus not only on the technological systems themselves but also on equipping personnel with the skills necessary to respond effectively to threats,” he says.

This workforce development is a key component of Siker’s comprehensive approach to improving cybersecurity resilience within organizations.One example of this approach in action is a strategic partnership between Siker and a major energy provider. The goal was to enhance the company’s cybersecurity posture by improving workforce capabilities.

“We started by creating a tailored cybersecurity skills matrix that aligned with the organization’s unique needs. This matrix covered both cyber and operational technology competencies, ensuring that the two areas worked in harmony,” Stuart explains.

The matrix was then matched against existing job roles and descriptions, providing a comprehensive view of required competencies.Following the skills assessment, the team conducted a gap analysis, which highlighted both strengths and areas for improvement.

“This process helped the organization gain valuable insights into where their workforce was lacking and what specific areas needed development,” Stuart says. “From there, we moved into a targeted training program designed to address immediate gaps and prepare the workforce for long-term resilience.”

The Importance of Workforce Development

A critical aspect of Siker’s approach is its focus on building a skilled and resilient workforce.

In the context of CNI organizations, particularly smaller or less mature ones, Stuart’s primary call to action is clear: focus on workforce development.

“The most important thing any organization can do is invest in their people,” he asserts. “Technology and frameworks are essential, but the human element is often the weakest link in cybersecurity. A welltrained workforce is your first line of defense.”

He also stresses the need for organizations to conduct a thorough, baseline assessment of their cybersecurity capabilities.

“People are often the first line of defense—and the last line of defense,” Stuart notes.

“While technology plays an important role, it’s the people who ultimately determine whether an organization can effectively detect and respond to cyber threats.” This emphasis on workforce development has been a central tenet of Siker’s success in helping organizations improve their cybersecurity posture.

Stuart also points out that creating a culture of cybersecurity is crucial.

“Cybersecurity training is often seen as a chore, but we aim to change that perception. We want to make it exciting and at the forefront of people’s minds,” he says. “When the culture changes, organizations are better prepared to prevent incidents before they happen.”

Steps to Improve Cybersecurity Resilience

For organizations looking to improve their cybersecurity resilience, Stuart suggests a few key steps.

“The first step is to assess the capabilities of your current workforce. Develop a plan for training and development that addresses both immediate and long-term needs,” he advises. This includes not only technical skills but also role-specific competencies, awareness campaigns, and mentoring programs.

A second important step is conducting a comprehensive assessment of the organization’s current cybersecurity posture.

“Even small businesses should take the time to identify existing vulnerabilities and understand their risk exposure,” Stuart advises. “Having a baseline cybersecurity framework, like Cyber Essentials in the UK, is a good place to start.It helps organizations identify weaknesses and make improvements before they face a major incident.”

Practical Recommendations for CNI Organizations

“Knowing where you stand is essential to improving your posture. Even small organizations can take simple steps, like adopting Cyber Essentials or performing internal assessments, to identify and mitigate risks,” he adds.

Looking Forward: Building a Resilient Digital Future

As Stuart prepares to attend GISEC, he reflects on the future of cybersecurity within CNI.

“As we move forward, the development of a skilled and resilient workforce will be fundamental to keeping critical infrastructure safe,” he says. “This is not just about responding to today’s threats but about preparing for the challenges of tomorrow.”

With nations like the UAE focusing on cybersecurity as a key component of their digital growth strategies, Stuart believes that a forward-thinking approach is essential.

“The UAE’s National Cyber Security Strategy, which focuses on capacity building, protection, and governance, is a prime example of how countries are recognizing the importance of cybersecurity at a national level. We must continue to evolve and develop the people who protect our digital infrastructure.”

Conclusion: The Path to Resilience

The protection of Critical National Infrastructure is not just a technical challenge—it’s a cultural, organizational, and human challenge. As organizations continue to face increasingly sophisticated threats, it is crucial to invest in workforce development, assess existing cybersecurity practices, and adopt a proactive approach to protecting digital systems. By addressing both technological and human factors, organizations can build a resilient cybersecurity posture that can withstand the evolving threat landscape.

Embedded Security Engineers

Seamlessly integrate our expert security engineers for flexible support on your projects.

DevSecOps Maturity Audit

Our audit provides clear, actionable recommendations to improve your development security practices.

UK-based, DV/SC cleared experts providing best-practice DevSecOps guidance and automation.

Expert Consulting Managed DevSecOps

Ensure continuous software security with expert review, AI, and automation, reducing vulnerabilities before deployment.

DANNI BROOKEUnder Cover Cop to OSINT Super Star

-By Danni Brooke, an OSINT Expert

The Power of Open-Source Intelligence: Unravelling Digital Footprints and Finding Justice

In a world where every digital action leaves a trace, Open-Source Intelligence (OSINT) has become a vital tool in the fight against cybercrime.

Danni Brooke, a former undercover police officer turned digital investigator, has leveraged OSINT to track down criminals, uncover hidden information, and protect individuals and organizations. In this article, Danni shares her journey, the power of OSINT, and real-world examples of how digital investigations can make a difference.

Danni’s transition from police work to digital investigation is both fascinating and timely. “I started as an undercover police officer, which in itself is a whole other story.

But what I do now is take the skills I honed - in the police force and apply them online.

I run a company that specializes in OSINT, or open-source intelligence, which is essentially the art of online investigation,” Danni explains. “We teach, we do, and we offer services to protect people a kind of digital bodyguard.”

The Rise of OSINT and Its Role in Digital Investigations

In the ever-expanding digital world, OSINT is more important than ever.

It’s a method of gathering intelligence from publicly available sources, which can be used for everything from corporate security to locating fugitive criminals.

“OSINT is all about using publicly accessible information—like social media, websites, and databases— to track down people or analyse situations. It’s powerful because the internet leaves a trail, and everyone’s digital footprint is a potential lead,” Danni explains.

Danni is passionate about the value of OSINT and its impact on realworld investigations.

“The internet doesn’t forget. If someone is using fake identities or trying to hide online, they’ll still leave a trail,” she says. “It’s like piecing together a puzzle. Once you start connecting the dots, the truth comes out.”

The Importance of Understanding Digital Footprints

As more of our lives move online, the importance of managing our digital footprint cannot be overstated.

“We’re living in an era where everything we do online is tracked in some way. From social media to online shopping to our interactions with websites, we leave behind pieces of information,” Danni says. “I’ve seen so many cases where criminals think they can hide behind fake identities or by deleting their posts, but the internet doesn’t forget.”

Danni highlights how people underestimate the information they leave behind.

“You might think you don’t have much online, but if you have children, if you use social media, if you shop online—you’re leaving a trail. A digital investigator can find out almost anything about you from your online presence. Even the smallest details can help us track someone down.”

Digital Bodyguards: Protecting People in the Online World

As a digital bodyguard, Danni and her team provide protection and guidance to individuals who are vulnerable to online threats.

“We focus on security, but we also provide training. We want to empower people to understand how they can protect themselves online,” she explains.

“A lot of people don’t realize just how much information they’re giving away through their digital footprints, and that’s where we step in—to help people stay safe and secure.”

One area where Danni has made significant strides is in the Middle East.

“We’re doing a lot of work with family offices in the UAE, and it’s been fantastic. The UAE gets it. They understand the importance of digital security and OSINT.

They’re open to learning from experts, and the progress they’re making is impressive,” Danni says. “It’s a very forward-thinking region in terms of digital safety, and I love being a part of that.”

The Role of OSINT in Business Security

In addition to personal protection, OSINT plays a crucial role in business security. Danni explains,

“OSINT isn’t just for finding criminals; it can be used to protect businesses too. Whether it’s monitoring competitors, tracking down insider threats, or gathering intelligence to prevent a breach, OSINT can provide valuable insights.”

One example of this is how businesses can use OSINT to evaluate their competition.

“By understanding your competitors’ digital presence, you can make more informed decisions about your own strategy,” Danni explains. “OSINT gives businesses a way to understand the online landscape better—whether it’s through analysing publicly available data or monitoring social media for any potential threats or opportunities.”

A Case Study: The Capture of a Fugitive Using OSINT

Perhaps one of the most compelling demonstrations of OSINT’s power is Danni’s involvement in the capture of an FBI top 10most WANTED fugitive.

“It all started when my friend contacted me with a case. We were told that a fugitive—who had been using a fake ID—was in Barcelona. My husband, daughter, and I took matters into our own hands and started our own investigation using OSINT,” Danni recalls.

“After hours of digging, we found out everything about him—his favourite drinks, his travel patterns, even his shoe size.Using this information, we went to a local shoe shop, and when Amelia, my daughter, showed a picture of him to the staff, their reaction said it all—he had been there. It was like solving a mystery piece by piece,” she says.

“We were able to track him down, and eventually, the Spanish police arrested him when he checked into a hotel using his fake ID.”

This case demonstrates how OSINT can be used effectively in real-world situations, even when criminals believe they are in hiding.

“It’s about persistence and knowing where to look. When the internet is involved, there’s always a trace,” Danni adds.

The Power of OSINT: A Call to Action

Danni’s story is a reminder of the power of OSINT in today’s digital age. “The world is more connected than ever, and our digital footprints are more valuable than we realize. As individuals, we need to be aware of what we put online, and businesses need to use OSINT as a tool to protect themselves and their customers,” she advises.

Her final call to action is simple: “Be aware of your digital presence. Learn about the tools available to protect yourself online, and if you’re a business, consider how OSINT can be part of your security strategy. The more informed we are about the digital world, the better we can protect ourselves from the threats lurking in it.”

W o r k , s t u d y o r r u n a c y b e r

b u s i n e s s i n t h e N o r t h E a s t o f

E n g l a n d ?

W e ’ r e s p e a r h e a d i n g t h e g r o w t h o f a t h r i v i n g c y b e r s e c u r i t y s e c t o r a n d w a n t y o u t o b e p a r t o f i t .

E c o s y s t e m I n n o v a t i o n S k i l l s

w w w . c y b e r n o r t h . b i z

K D Adamson Futurist & Ecocentrist

Ian Ritchie Tech Entrepreneur

The Balanced Future: Afra AlMansoori on AI and the Next Generation of Cybersecurity

BY Tommy McCarthy | Let’s Talk Cyber

I first met Afra at GISEC in Dubai and later caught up with her in Abu Dhabi. Earlier this year, we reconnected at the Global Government Cloud Forum, and her evolving expertise continues to impress. Today, Afra joins us on Let’s Talk Cyber to share her perspective on AI’s growing role in cybersecurity—an area she not only understands deeply but is also helping to transform.

“AI is Not a Magic Bullet” What do people often misunderstand about AI in cybersecurity?

“There’s a huge misconception, ” Afra begins, “that AI is a magic bullet—something you just deploy and everything becomes secure without any human involvement.” But she quickly sets the record straight.

“In reality, AI is a powerful tool meant to augment human expertise, not replace it. Its performance is only as good as the quality of the data it’s trained on, the algorithms used, and the oversight provided.”

According to Afra, while AI can process massive volumes of data faster than humans ever could, it still struggles with emerging or unfamiliar threats without regular updates and human intervention. She also warns of the escalating arms race, as cyber adversaries adopt AI tactics of their own.“Contextual understanding, ethical judgment, and strategic thinking—those remain uniquelyhuman strengths.”

Moving from Reactive to Proactive Cybersecurity Can AI make cybersecurity more proactive?

Afra AlMansoori Senior Programs & Awards Curator

Artificial Intelligence (AI) is no longer a futuristic concept—it’s here, evolving rapidly and reshaping every aspect of our digital lives. In the realm of cybersecurity, its impact is both profound and complex. But amidst this transformation, it’s young professionals like Afra AlMansoori who are standing at the forefront, shaping a smarter, more secure tomorrow.how to shape cybersecurity globally.

“Absolutely, ” Afra says. “Traditional cybersecurity is rule-based and reactive. But AI changes the game by analyzing large datasets in real-time to predict threats before they materialize. ” Using machine learning, AI can identify patterns, automate threat detection, and adjust defenses in real-time. However, she stresses the importance of adversarial training— preparing AI systems to defend against threats engineered to deceive them.

“Human insight is still critical, “ she insists. “It’s not just about automation; it’s about synergy—using AI to see what humans can’t, while relying on humans to make the final call.”

AI in Everyday Life

Do you use AI in your personal or professional life?

Afra smiles. “All the time. Whether it’s building a website, developing a cybersecurity tool, or completing everyday tasks, AI has become a core part of my workflow. ”

But she draws a line: “I don’t let AI make decisions for me. I use it to enhance my thinking, not replace it. It gives me knowledge, options, and insights, but the final judgment is mine.

The Threat of AI-Powered Cybercrime

How are cybercriminals using AI— and how do we fight back?

Afra’s expression turns serious. “Cybercriminals are using AI to launch more sophisticated, targeted, and adaptive attacks. AI-generated phishing emails are nearly indistinguishable from real ones. Deepfakes are on the rise. Malware is evolving in real time to bypass traditional defenses. ”

Afra also emphasizes experimentation. “You need to test tools in sandbox environments. You can’t innovate if you’re not hands-on. That’s how I started young in cybersecurity—by experimenting and breaking things to learn how they work. ”

The Philosophy: Balance is Key

What’s your personal philosophy on AI in cybersecurity?

So how do we counter this? “Organizations need to adopt AI-driven cybersecurity solutions that can adapt in real-time, ” she explains.

That includes anomaly detection, adversarial training, and— most importantly—human oversight. The key is resilience. AI can help us defend, but only if it’s governed responsibly and constantly updated.

Ethics, Governance & Innovation

How do you stay creative in a fast-moving field like AI and cybersecurity?

“For me, creativity means constant learning, ” Afra says. “I set aside time to read research papers, explore new tools, and attend industry forums. I engage with professionals across disciplines—there’s so much to gain by listening to those who’ve already implemented the tools we’re talking about. ”

After a pause, Afra delivers a carefully considered answer.“AI is a powerful tool— its potential in cybersecurity is massive. But its true strength lies in a balanced approach. That means combining automation, adaptability, and human intelligence. We’re not looking at an AIvs-human scenario. It’s AI with humans. That’s how we stay ahead of evolving threats.”

Looking Ahead

As the conversation draws to a close, I can’t help but feel inspired. Afra Almansoori represents the future of cybersecurity—not just because of her technical skill, but because of her ethics, vision, and balanced perspective. In an age where it’s easy to become blinded by technology, she brings a grounded, human-centered approach that’s desperately needed.

And she’s just getting started.As we gear up for GISEC, where she’ll no doubt be a prominent face once again, it’s clear to me—and to many in the cyber community—that Afra isn’t just a rising star. She’s leading the next generation of cybersecurity thinkers.

Afra AlMansoori is an active member of Women in Cyber Security Middle East (WiCSME) and a passionate advocate for ethical AI practices. Catch her insights and leadership at upcoming global cybersecurity forums including GISEC 2025.

Adaptive Shields: AI’s Role in Threat Intelligence

The heritage of Blackwired goes back over a decade. Our founder, Jeremy Samide, who worked with US intelligence, began building an intelligence apparatus designed to replicate the tradecraft of militarygrade analysts—creating algorithms that think and act like experienced threat hunters. Over 10 years of continuous learning and refinement the result is a machine with unmatched visibility into adversarial behavior. In 2022, that capability was pivoted into the commercial sector in the formation of Blackwired.

Today, Blackwired is a cyber innovation company. While our specialism is threat intelligence today, we’re not confined to it. Our approach is built on precision, context, and proactivity—attributes that are missing from much of the cybersecurity industry today.

The Problem with Cybersecurity

Despite billions spent on tools and frameworks, cybersecurity remains largely reactive. “Detect and respond” has become the dominant model—but by the time something is detected, it’s often too late. In threat intelligence specifically, two models dominate: open-source aggregators, and intelligence-sharing ecosystems.

Aggregators surface freely available data, wrapped in dashboards—useful, but limited.

Iain Johnston

Ecosystem sharing requires an attack to happen before defenses kick in elsewhere, meaning a client has to take the hit before others benefit. In both cases, the intelligence is right of bang—after the damage has already started.

At Blackwired, our model is designed to get clients left of bang—into the proactive space—where they are forewarned, forearmed, and continuously updated on what the adversary is preparing, not just what they’ve already done.

What Makes Blackwired Different

At the core of our approach is this: we focus on the adversary. We monitor what they’re building, where they’re operating, what infrastructure they’re deploying, and how they’re planning to strike.

In the simplest terms, our intelligence breaks down into four key areas:

• Malware (HASH) – the weapon set

• Long URLs – where bad is hidden within good

• Bad IPs – identifying active infrastructure

• Domain intelligence – artefacts required to support the attack

When stitched together, these elements form a real-time picture of attack preparation. One client described it as “effectively indexing the dark web”. Despite the dark web’s attempts to obscure, threat actors are often brazen. We’re recording that behavior, analyzing it, and converting it into actionable defense.

This is not recycled, open-source content. It is proprietary, tested, and near real-time—with zero false positives.

Introducing ThirdWatch

To make this intelligence more tangible and visual, we built ThirdWatch—an intelligence platform that redefines risk detection and defense. ThirdWatch applies our adversary insight directly to look out from an organization’s perimeter, including third parties and subsidiaries. The result is a 3D, interactive map that delivers not just awareness, but clarity. It visualizes:

• The client’s active exposure

• Adversary assets being built in real-time

•The risk proximity—how close the threat is

•The risk velocity—how fast adversaries are scaling operations

This isn’t just “what’s out there.” It’s who’s coming for you and how soon. We can show attacks in flight, readiness levels of attackers, and how the threat landscape connects to third parties—an area that’s become a growing concern for many clients.

Most importantly, we don’t just show the threat—we respond to it. ThirdWatch produces Direct Threat Intelligence (DTI) that is subject-specific.Within a refresh rate of five minutes to two hours, we deliver intelligence that directly immunizes the client’s environment. Updates are automated and constant 24/7 - even while the organization sleeps Blackwired protects.

What is Direct Threat Intelligence?

Direct Threat Intelligence is our answer to the limitations of generic cyber threat intelligence. Where others talk about for example, the five big actor groups targeting a region, we zoom in.

Three organizations in the same steet/ city will have radically different threat profiles. We tailor intelligence down to the individual client, showing not just that a threat exists, but how it connects back to their infrastructure, their subsidiaries, their vendors—and the specific adversaries involved.

And we don’t theorize. Everything we deliver is attested and evidence-based. Using our 3D threat visualizations, we trace direct links between a client and the threat actor advancing toward them. This isn’t generalized threat chatter. It’s verified, contextual intelligence ready to be operationalized—without the noise.

What’s Next for 2025?

2025 is shaping up to be a pivotal year in cybersecurity. One of our partners at a Big Four firm put it well: “2025 will be the year of the machine.” We agree. AI is with us or more correctly here a ‘machine response’ —it’s about machine-versus-machine warfare.

The adversary is already operating at machine speed. They’re scaling campaigns, probing infrastructure, and deploying automated tools that no human team can keep up with. That’s why intelligence needs to be orchestrated, machine-driven, and relentless. If we rely on human eyes to filter intelligence manually, we’re dead in the water.

At Blackwired, we’ve built a machine to fight the adversarial machine. It’s been learning for a decade, and it’s operating now. The battle ahead won’t be won by dashboards or reports. It’ll be won by those who operate ‘at the pace of the adversary’.

Don’t Duck with your Cybersecurity.

The world’s first zero-touch, non-invasive technology to visualize the threat.

Uk Cyber Security

Training company OSP Cyber Academy expanding into the Middle East.

OSP Cyber Academy, a globally recognised UK NCSC-accredited leader in cyber security awareness training, have announced a strategic partnership with Bahrain’s National Cyber Security Centre (NCSC) to deliver cyber safety education to 70,000 students across the Kingdom.

The partnership introduces culturally tailored, gamified cyber awareness courses designed to enhance student’s understanding of digital citizenship and cyber security best practices. There are a total of four interactive courses that have been developed to provide dedicated cyber awareness training for 70,000 children, tailored to age groups 6–8, 9–11, 12–14, and 15–17.

The courses feature avatars of both a boy and a girl guiding learners through real-world online safety scenarios set against digital environments inspired by key Bahraini landmarks.

OSP Cyber Academy Cyber Awareness Courses Integrated into Bahraini School Curriculum

Gamified training to equip 70,000 students with vital cyber safety skills in partnership with Bahrain’s National Cyber Security Centre

With engaging question prompts and interactive learning, the platform ensures high knowledge retention in a fun and relatable way.

This initiative is launched in collaboration with His Excellency Sheikh Salman bin Mohammed AlKhalifa, CEO of NCSC Bahrain, and builds upon OSP Cyber Academy’s longstanding engagement with the Kingdom.

OSP Cyber Academy hosts the UK pavilion at the Arab International Cyber Security Summit (AICS) in Bahrain every year, and it also achieved a Guinness World Record at the event in 2023 for the ‘Most People to Take an Online Internet Safety Lesson in 24 hours’.

During the challenge, 1550 people from 44 countries completed the lesson in 24 hours, turning the day into the world’s largest ever cyber security training event.

The new school curriculum has been crafted by OSP’s team of expert educators and cyber professionals, many of whom come from policing and teaching backgrounds. Their unique experience ensures that the courses effectively educate children on the threats of the digital world, all while keeping learning engaging through interactive gaming methods.

We are absolutely delighted to announce our new partnership with NCSC Bahrain and to bring our online courses to such an important demographic. Children grow up in a digital world and it is vital they know how to navigate the environment safely. Whether it’s learning, socialising, playing games or interacting with friends, the online world hosts a huge proportion of a child’s life.

We must ensure that children understand the risks that lurk online, have the ability to spot danger and understand security best practices. Our courses have been designed specifically to suit these needs but in a format that is enjoyable for children. The games are interactive, fun, but they also provide guidance for children which will help keep them safe online, said Tommy McCarthy, CEO of OSP Cyber Academy.

This initiative aligns with the Kingdom of Bahrain’s vision of creating a digital society and a secure cyberspace, and it is expected to create new opportunities for educational initiatives and sustainable cyber security policies.

H.E. Sheikh Salman emphasized that the agreement to develop an interactive e-curriculum for school students, as part of this partnership, will play a key role in raising cyber security awareness among future generations from early educational stages.

This initiative supports the resilience of the digital society and establishes a sustainable cyber culture that aligns with national and international priorities for technological empowerment and responsible digital transformation.

We are delighted to be working so closely with NCSC Bahrain and their team to ensure that we deliver exactly what is required, OSP are also looking forward to officially opening our first office in the region in 2026 said Thomas McCarthy CEO and Founder of OSP Group Limited.