Ezzeldin Hussein, Regional Senior Director, Solution Engineering, META at SentinelOne, discusses Saudi RHQ expansion, secure cloud transformation with Google Cloud in Dammam, agentic AI in SOC operations, and the growing importance of identity-centric cybersecurity resilience.
Cybersecurity resilience, sovereign cloud adoption, and AI-driven security operations are rapidly reshaping the Middle East’s digital landscape, particularly across Saudi Arabia and the UAE.
Ezzeldin Hussein discusses how SentinelOne is strengthening its regional presence through its Saudi RHQ, advancing secure cloud-first transformation in collaboration with Google Cloud in Dammam, and leveraging agentic AI to redefine SOC operations. Hussein also shares insights into the growing risks surrounding identity-based attacks, the importance of building local cybersecurity expertise, and why real-world SOC performance matters more than benchmark scores when evaluating modern AI-powered security platforms.
Interview Excerpts:
How is SentinelOne’s Saudi RHQ strengthening in-country cybersecurity expertise and improving response for customers in the Kingdom?
I think that the Riyadh RHQ is a major change from serving the market to actually becoming a part of it. Cybersecurity now is all about proximity to data, regulation, and decision-making. Also, our in-country engineering, customer success, and helping partners all lower response times while meeting Saudi’s expectations when it comes to regulations and processes. More importantly, we are investing in local talent and developing the ecosystem. This makes sure that expertise is built inside the Kingdom, and it is quite important for sustained resilience. It allows customers to operate with confidence, knowing their security posture is supported locally, while contributing directly to Vision 2030 ambitions around sovereignty and digital leadership.
How does SentinelOne’s collaboration with Google Cloud in Dammam support secure cloud-first transformation for regulated industries?
What I consistently see across regulated industries is that cloud adoption is no longer about whether it should be embraced or not, but is about how it can be done safely within national boundaries. Our collaboration with Google Cloud in Dammam addresses this directly by combining hyperscale infrastructure with local data residency. This means companies can use AI security while making sure that telemetry, analytics, and response actions remain within Saudi Arabia. From a technical point of view, this eliminates a major friction point, which is compliance versus innovation. It helps in consistently protecting hybrid and multi-cloud environments without compromising control. For sectors like healthcare, finance, and government, this is the enabler that turns cloud strategy into execution with confidence.
In practical terms, how is agentic AI changing SOC workflows across the Middle East, particularly in speeding up investigations and response?
Across the SOCs, the biggest challenge is not that there aren’t enough tools. It is scale and speed. Agentic AI changes this by shifting security operations from human-driven workflows to autonomous execution. Instead of analysts manually correlating alerts, the platform continuously builds context, investigates, and proposes or takes action in real time. The role of the analyst changes from an operator to a decision-maker. In practical terms, this reduces investigation time from hours to minutes and significantly improves response consistency. In a region where talent is scarce and threats are increasing in sophistication, this is not just efficiency but a necessity to operate at the pace of modern attacks.
With identity-based attacks on the rise, what are the most pressing risks enterprises in the UAE and Saudi Arabia should be prioritising today?
One of the most important shifts I highlight to customers is that identity is now the primary attack surface. We see attacks going undetected by traditional defenses. This is because attackers take advantage of legitimate access, steal credentials, hijack sessions, and misuse privileges. The risk lies not only in entry, but also in persistence and moving laterally without getting detected. What is even more challenging is that these actions can pass for normal behavior.
“Companies should move from static controls to keeping a constant eye on identity, analysing behaviour, and correlating across endpoint, cloud, and identity signals in real-time. Without this, attackers operate in trusted environments, increasing dwell time and impact significantly.”
Why should organisations place greater importance on real-world SOC performance over benchmark scores when evaluating cybersecurity AI platforms?
In conversations with CISOs across the region, it is clear that benchmark scores do not reflect operational reality. They measure detection in controlled spaces, but don’t capture how a platform performs under pressure, across fragmented infrastructures, and evolving attack paths. What truly matters is the detection speed, the effectiveness of investigation, and the speed of response. Platforms must be evaluated according to the impact they have on SOC performance, how it reduces alert fatigue, speed up responses, and help teams to scale. Understand that cybersecurity is not a theoretical exercise. It is measured in real incidents, where performance is what defines resilience and not scores.