How Global Cybersecurity Leaders are aligning and powering Saudi Arabia’s Vision 2030

Saudi Arabia is driving a change and transformation that extends beyond giga-projects and mere on-paper economic diversification. To achieve the Vision 2030 goal, the Kingdom is stepping up to create a strong digital fortress. This plan relies on two main pillars – a sovereign, skilled human workforce and an autonomous AI-driven defence grid. 

These pillars are not merely theoretical; they are being actively implemented and operationalised. The National Cybersecurity Authority (NCA) is already accelerating efforts to promote talent investment and collaborate with international technology partners. These partners are no longer just vendors; they are co-creators and architects who will help realise the Kingdom's vision. 

Leaders from Tenable, SentinelOne, Nozomi Networks and Sophos share how they are bridging the critical skills gap while deploying the next generation of AI to combat ransomware and phishing.

Building a sovereign and strong human workforce

Throughout our discussions, one point consistently emerged - industry leaders agree that security cannot be imported; it must be cultivated internally. This has ignited a race to develop local expertise, evolving from basic awareness to sophisticated, specialised technical skills. 

For example, for SentinelOne, this is not merely about fulfilling corporate social responsibility; it is about aligning with nations' fundamental objectives. Meriam ElOuazzani, the company’s Regional Senior Director, describes this as a mission of "sovereign cyber readiness."

"The Kingdom's dedication to developing cybersecurity expertise and inclusivity is in line with SentinelOne's purpose," ElOuazzani said. "Funding local skill development, increasing in-Kingdom expertise, and empowering Saudi workers to become experts in next-generation AI-driven security are all actively supporting national goals. To provide practical programmes, ThreatOps labs, and independent SOC workshops that are suited to the country’s requirements, we collaborate with academic institutions and training facilities."

By embedding itself into the academic infrastructure, SentinelOne aims to future-proof the Saudi economy. ElOuazzani noted that their strategy focuses on the long term. She added, 

"By accelerating knowledge transfer, empowering young Saudi talent, and bolstering sovereign cyber readiness through CyberSafe University and our partner-enablement projects, we make sure KSA develops a workforce capable of protecting its quickly expanding digital economy."

Bringing a sectoral approach

While SentinelOne focuses on the broader digital ecosystem, Nozomi Networks focuses on youth-driven initiatives that form the backbone of the Kingdom. Muath Alsuwailem, Regional Sales Director, emphasises that their approach involves a multi-year roadmap.

"Nozomi Networks fully supports Saudi Arabia’s and the UN’s vision to build cybersecurity talent and foster inclusion," Alsuwailem stated. "We are investing in regional workforce development through partnerships and training programmes designed to equip professionals with advanced OT and IoT security skills."

Looking toward the latter half of the decade, Alsuwailem emphasised that they are preparing to hand the baton to the next generation.

"In 2026 and beyond, we will engage with youth-focused initiatives to prepare the next generation for careers in cybersecurity, aligning with national frameworks and Vision 2030 goals. Our commitment includes knowledge transfer, mentorship, and collaboration with local institutions to promote diversity and inclusion. Building a secure digital future requires investing in people, and Nozomi Networks is proud to be part of that journey."

For Tenable, it is about focusing on knowledge transfer and technology simplification. 

Mark Thurmond, Co-CEO, Tenable, stated, “Tenable actively engages with the region through partnerships and events like Black Hat MEA, facilitating the transfer of cutting-edge methodologies, such as exposure management, to build local expertise aligned with the NCA's frameworks.”

The cybersecurity company believes that by unifying security visibility, insight, and action across attack services through the Tenable One Exposure Management Platform, the company’s local teams can overcome fragmentation, which is often cited as a significant drain on security team resources and talent retention. 

"The platform's AI-driven automation of prioritisation and remediation allows security professionals to move away from tedious 'firefighting' to fireproofing that focuses on strategic risk management and advanced defence. Additionally, Tenable actively engages with the region through partnerships and events like Black Hat MEA, facilitating the transfer of cutting-edge methodologies, such as exposure management, to build local expertise aligned with the NCA's frameworks,” explained Thurmond. 

Democratising access and reducing burnout

Building a workforce is one challenge; ensuring it is inclusive and sustainable is another. Sophos has adopted an ecosystem-first strategy to solve this, leveraging its massive partner network to democratise access to training. Harish Chib, Vice President of Emerging Markets, explains that they are widening the aperture of who can become a cyber defender.

"Saudi Arabia’s focus on cybersecurity talent and inclusion aligns closely with Sophos’ regional strategy," Chib said. "Through its channel and MSP ecosystem, regional SOC partnerships, and presence at events like Black Hat MEA, Sophos delivers hands-on training, certifications, and workshops that build local expertise. The Sophos Academy further supports workforce development with accessible courses and certifications for all skill levels."

Thurmond believes that by streamlining workflows, Saudi professionals can elevate their roles from tactical responders to strategic planners.

The AI Shield: From Reaction to Prediction

As the human firewall strengthens, the technological firewall must evolve to keep pace with the speed of modern threats. Ransomware and phishing attacks are increasingly automated, requiring a defence that is equally fast and predictive.

Tenable is addressing this by using AI to filter out noise and focus on the vulnerabilities that actually matter.

"Tenable helps Saudi organisations defend against ransomware and phishing by implementing AI-enabled cybersecurity strategies that prioritise prevention over reaction," Thurmond said. "Ransomware and phishing often exploit known, unpatched vulnerabilities and user error. To counter this, the Tenable One platform uses its AI Exposure Engine to analyse trillions of data points and pinpoint the 1-2% of critical vulnerabilities that pose genuine business risk. This predictive prioritisation is key to proactively closing the attack paths that ransomware actors most commonly exploit."

While Tenable emphasises preventive prioritisation, SentinelOne specialises in lightning-fast automated responses. ElOuazzani notes that as attackers leverage AI to target cloud workloads, human intervention is increasingly too slow.

"Saudi businesses are dealing with increasingly complex ransomware and phishing attacks, many of which are AI-powered and aimed at identifying cloud workloads," she observes. "With AI-native, autonomous security that recognises and reacts at machine speed, SentinelOne aids the Kingdom in fighting these attacks. Our Singularity Platform implements behavioural AI to prevent ransomware, real-time identity protection to prevent phishing, and Purple AI and AI-SIEM to enhance investigations."

Furthermore, SentinelOne is now taking action to safeguard the very tools that are fueling innovation with Generative AI applications.

"Prompt Security, which shields generative AI applications against prompt injection, data leakage, and model tampering, is another way we help businesses in safeguarding their AI systems. This makes it possible for Saudi enterprises to use AI for innovation securely and robustly."

Meriam ElOuazzani, Regional Senior Director, Middle East, Turkey and Africa at SentinelOne_

Clarity in chaos

The future of defence depends on enabling humans to quickly interpret complex data. Sophos is actively exploring how Large Language Models (LLMs) can be integrated into Managed Detection and Response (MDR) to support security teams.

"Sophos protects Saudi enterprises from the growing surge of ransomware and phishing attacks through its AI-enabled MDR/XDR platform, which delivers faster detection, automated containment, and deeper threat visibility," Chib notes. "Its incident-response services and 24/7 managed security operations support organisations of all sizes, especially those with limited in-house resources, ensuring continuous protection and rapid action against emerging attacks."

Chib anticipates that the next phase of the cybersecurity war will be defined by the quality of the AI on both sides.

"Sophos anticipates greater automation of low-skill attacks, more precise data-driven targeting, and rapid advances in defensive AI as machine learning and LLMs become integral to MDR, ITDR, and SIEM. The company is actively researching this space, combining anomaly detection with LLM-driven analysis to boost accuracy, reduce false positives, and help defenders stay ahead of increasingly sophisticated AI-powered threats."

Ultimately, this advanced intelligence plays a crucial role in the physical realm, where cyberattacks could disable manufacturing processes or energy facilities. Nozomi Networks uses AI to manage the integration of IT and OT, allowing early detection of irregularities before they develop into crises.

"Nozomi Networks helps Saudi organisations defend against ransomware and phishing with AI-powered visibility and threat detection," Alsuwailem says. "Our platform monitors OT, IoT, and IT environments to identify anomalies and suspicious behavior early, reducing the risk of operational disruption. Using machine learning and behavioural analytics, we uncover indicators of compromise and lateral movement attempts before attacks escalate."

He concludes that in this high-stakes environment, continuous intelligence is the only viable defence.

"Continuous threat intelligence from Nozomi Labs provides up-to-date insights on ransomware and phishing campaigns, enabling proactive defence and informed decision-making. Combined with vulnerability assessment and risk scoring, we help organisations strengthen critical infrastructure and maintain resilience against evolving cyber threats.” 

These partnerships beautifully fuse sovereign human expertise with autonomous AI defence, which in turn doesn’t just secure the Kingdom’s digital landscape, but also fortifies the foundations of Vision 2030. 

Harish Chib, VP Emerging Markets – Middle East and Africa, Sophos