Mr. Noufal, Please introduce yourself to our readers:

My name is Khalid Noufal, I am the Director of Business Development in the MENA region at SecureNinja. Prior to joining SecureNinja in 2009, I had more than 15 years of experience in Information Technology. I worked as a freelance Web Design and Development instructor in addition to managing and delivering many web projects since the early days of the Internet.

Can you please give us an overview of SecureNinja?

SecureNinja was founded in 2003 in Alexandria, VA by a group of progressive IT professionals. Since then, the company has grown to become a global provider of Cybersecurity consultancy, services and training. Our clients range from small/med size businesses to fortune 500 companies and federal organizations spanning five contents. SecureNinja maintains strategic partnerships with industry leaders that enable us to stay current with multiple areas of concentration, incorporating the latest technologies into our training and consulting solutions.

SecureNinja is a strong advocate of cybersecurity and privacy through our participation and public speaking at various forums and conferences. We also play an active role within the IT security community through our video production and conference coverage on SecureNinjaTV. Http://www.YouTube.com/SecureNinja

How do you see the cybersecurity landscape in the Middle East?

There is no doubt that the Cybersecurity issue has gained more attention in the Middle East in the last few years, especially after the cyber-attack on Saudi Arabian ARAMCO and the Qatari RasGas in 2012. However, many people are still talking about Cybersecurity with the mentality of the past decade, and not giving enough thought to the latest emergin threats and technologies.
We see a big gap between governments and the private sector in terms of Cybersecurity awareness, which mirrors the importance of the overall national security strategy. Although strategy is different from one country to another and depends largely on the available funds to tackle the Cybersecurity threats, throwing money at the problem is not always the solution. Also, in most cases, security breaches of organizations in this region do not go public as often as we see in the USA. Fearing public scrutiny and reputation damage, secrecy among organizations in the MENA region regarding security breaches can play a negative role in raising awareness. From each incidence, there are lessons to be learned by cybersecurity experts and by the public, and keeping that incidence a secret does not help the overall landscape very much.
While some countries do better than others, cybersecurity and privacy legislations and policies are another major issue. Most countries have them but many are kept in closed drawers and not enforced. Cybersecurity matters are more than just a concern of the business itself, but also a matter of national security and should be dealt with accordingly.
I expect to see more breaches and targeted attacks on organizations and individuals in the MENA region. The reliance on the Internet for financial and trade
transactions is growing and while most of those transactions still run on global websites like Amazon and Ebay, there are few regional websites that are emerging and gaining popularity in the local markets. From my experience, I find people the Middle East are more cautious with online financial transactions, which is good for security but might be bad for business. In my opinion, the overall culture in this region might play a role in user behavior.

What are the current cyber-attacks statues and who do you think is most vulnerable?

Cyber-attacks pose a threat for you as an individual, for teenagers with connected devices in their bedrooms, for businesses of all sizes and for national security. The
minute we open an email, enable WIFI on a mobile device, or open a web browser, we are all at risk.
Cyber security threats are permanent and increasing with every new connection-enabled-device and with every new free public WIFI that pops-up on your device.
The wall between physical security and cyber security is fading and the same rules that apply to physical security, also apply to cyber security in principle.
The weakest link and the main cause of cyber breaches is the user or the human factor, therefore it makes a lot of sense to start there. It is very important that all individuals, employees and government officials are well-educated in Cybersecurity matters, regardless if it is their area of specialty. It should matter to everyone.

How can SecureNinja help organizations become safer and what makes you different in this field?

SecureNinja is a “Human” focus company in terms of our team and approach. Our team consists of some of the best talent in their fields of concentration, with experience working with multi-national and fortune 500 companies. Our training is second-to-none in preparing and forging IT security professionals capable of protecting their organization and keeping their assets safe.
The majority of organizations focus on technology when it comes to Cybersecurity, but like I mentioned earlier, most breaches are caused by the human factor. This can turn very expensive tools and technologies into less effective approaches, because after all, those tools are only as good as the people using them.
SecureNinja offers high-quality information security assessment services that provide the customer with clear and concise risk information. Each of SecureNinja’s offerings will assess the security posture of key technology layers within an organization’s environment. Each engagement is delivered by a team of experienced security professionals that leverage cutting edge technology and a proven methodology for optimal security.

How do you think we can raise awareness and at what level are we right now in the Middle East?

We hear more talk about Cybersecurity and risk but I believe the level of awareness has not yet met the level of threats.
Awareness must start at the top, therefore governments have a major role and responsibility. It is great to see governments taking steps in the right direction. UAE is taking matters in their own hands by establishing a Cybersecurity center in Dubai and setting Dubai’s policy for government information security. Saudi Arabia and other Gulf Countries are also stepping up the efforts to fighting cybercrime, but still, other countries lag behind.
At the organizational level, the challenge is creating awareness amongst C-suite executives. Historically, IT security was the sole responsibility of IT departments and IT professionals but with the current threat and risk level, senior management should be more involved in cybersecurity and take an active role in aligning this with the organization’s business strategies.
Back when personal computers started getting into every business, government and home, the ICDL (International Computer Driving License) was introduced and became a mandatory requirement for most government and business employees in many countries. I do strongly believe we need to make security awareness training a mandatory requirement for all employees and students. After all, cybersecurity is about building a culture and changing habits.
SecureNinja has developed many different cybersecurity awareness programs, one of which is aimed at C-suite level executives. The feedback has been encouraging and has demonstrated a genuine effect on raising the security awareness within organizations.

What are SecureNinja’s plans for the region?

We have been working in the region for some time with both government organizations and businesses. We have trained hundreds of IT professionals from the Middle East, but we still feel the need for more involvement in the MENA market. We kicked off this expanded effort at GISEC 2014 in Dubai by establishing partnerships with local IT and training companies. We started offering public classes in the Middle East and throughout Dubai and plan to add more courses and locations in the near future.
My being appointed to lead the business development effort in the region is the first step for creating a permanent presence for SecureNinja. Personally, I am passionate about transferring the knowledge and passing the expertise to local IT professionals.
SecureNinja has been a strong advocate for privacy and fighting cybercrime and we are working on playing a bigger role in this effort. Our communication lines are always open to provide help and advice to individuals or organizations interested in cybersecurity.

Cybersecurity has been gaining a lot of attention, but only for last few years. Do you think the region has enough IT security professionals?

Globally, there is a shortage of experienced Cybersecurity professionals. The demand is very high and increasing, which is why Cybersecurity jobs are among the highest paying jobs available. I have met very talented professionals and self-made security individuals, but in my opinion many of those skills still need more polishing and more hands-on experience. It is never the lack of talent but the experience gained from real-life scenarios. Therefore, our training mythology is a balance between theory and real-life, hands-on practice.
We get a lot of questions about where to start and which courses are the best. Cybersecurity is becoming a wide-range term; there is no one answer fits all. The answer depends on your experience related to your job role and your future intended career path.