Drawing on SANS Gulf Region 2025, Ned Baltagi explains why AI security, cloud defence, and advanced incident response are central to the GCC’s cyber readiness.
Governments and enterprises across the GCC are accelerating AI adoption, cloud transformation, and smart-city initiatives, driving a sharp shift in cybersecurity priorities toward advanced defence, operational resilience, and skills development. SANS Institute has been at the forefront of this evolution, playing a critical role in building future-ready cyber talent across the Middle East, Turkey, and Africa. Ned Baltagi, Managing Director – Middle East, Turkey and Africa, SANS Institute, spoke to Sandhya D’Mello, Technology Editor, Security Advisor Middle East and shared about the key themes, participation trends, and insights from SANS Gulf Region 2025, highlighting how AI security, cloud and Zero Trust architectures, incident response, and critical infrastructure protection are shaping the next phase of regional cybersecurity readiness.
Interview excerpts:
What was the key theme and focus of SANS Gulf Region 2025 this year? How do they reflect the current cybersecurity priorities in the GCC?
The central theme of SANS Gulf Region 2025 was advancing future-ready cybersecurity capabilities for an AI-driven and increasingly automated world. With regional governments prioritising AI, smart-city infrastructures, cloud expansion, and advanced digital economies, the event focused heavily on AI cybersecurity, GenAI and LLM security, offensive AI, critical infrastructure resilience, and advanced cyber defence operations. This directly aligns with regional priorities. With the UAE, KSA, and broader GCC accelerating digital transformation, the region requires a highly skilled workforce capable of defending national digital initiatives. SANS is building the GCC’s advanced cyber talent to safeguard AI adoption, smart-city ecosystems, and critical national infrastructure, ensuring that organisations can protect sensitive data, maintain trust, and stay ahead of increasingly sophisticated adversaries.
Could you give us insight into which training programmes, talks, or courses gained the most traction and why?
Among the 14+ specialised courses offered, certain domains gained noticeably higher traction among participants, reflecting strong interest and engagement in these areas
- The high demand for GenAI & LLM Security course reflects the rapid adoption of AI across government and enterprises in the Middle East region. The cybersecurity professionals demonstrated a keen interest in understanding more about AI-driven phishing and content generation attacks; adversarial AI and model manipulation; as well as secure deployment of LLM-based applications.
- As GCC countries expand towards public and private cloud investments, participants gravitated towards understanding Cloud and Zero Trust Security in-depth with focus on multi-cloud security, identity governance, and implementation of zero trust architecture.
- Digital Forensics and Incident Response (DFIR) is a priority aligned with national cybersecurity mandates. We saw high subscription from participants for hands-on lab in IR, memory forensics, and ransomware investigations, showcasing the need for operational expertise.
- With the regions reliance on energy, utilities, and industrial sectors, ICS security courses were also a priority especially for professionals safeguarding essential services.
The Community Night Talks featuring experts Frank Kim, Mattia Epifani, and Ahmed Abugharbia drew a lot of interest and engagement. The sessions addressed topics such as cybersecurity leadership, AI cybersecurity, cloud security, threat intelligence, and advanced defence strategies, that gave attendees strategic and technical insights meaningfully complementing their curriculum.
How was the participation this year compared to previous editions?
This year’s edition, spanning over three weeks, saw high levels of engagement across all delivery formats. The combination of in-depth courses, NetWars tournaments, and interactive labs kept participants deeply involved throughout the event. Participants also highlighted that the event served as an excellent opportunity to network with industry peers, exchange perspectives, and build professional relationships across sectors, an added value that strengthened the overall experience. The instructors found the sessions interactive with participants contributing to the discussions with great questions and deliberations, making the learning process interesting and engaging.
What was the feedback from participants on the event, the training, demos, and Night Talks?
The feedback from participants were consistently positive and encouraging. They found the hands-on sessions highly relevant, especially the real-life scenario presented during the lab sessions that closely reflected current evolving threat landscape, including AI-driven attacks. SANS Instructors’ expertise was frequently commended for their clarity, practical experience, and ability to present complex concepts in an applied and accessible manner. Participants also highlighted that the Community Night Talks provided forward-looking perspectives on cybersecurity leadership, emerging threats, and operational best practices.
“Overall, delegates expressed strong satisfaction with the experience, citing the programme’s structure and pacing, the quality of digital and print resources, and the added value of earning CPE credits and progressing toward GIAC certifications.”
What were the key insights shared by SANS instructors during the entire duration of the event?
SANS Instructors shared several core insights throughout the course duration and in interactive sessions. Offensive AI is rapidly enabling attackers to scale and automate complex operations, making it vital for defenders to understand and anticipate AI-driven attacks. Zero Trust was consistently reinforced as a foundational requirement rather than an optional approach for organizations managing extensive cloud and identity ecosystems. Various discussions also highlighted that modern SOCs must adopt automation and advanced analytics to remain effective against increasingly sophisticated threat actors. In parallel, ICS security was identified as needing to evolve from largely passive monitoring models to proactive defence strategies, particularly as critical infrastructure systems become more interconnected. The importance of adapting digital forensics to new and advanced attack techniques, especially those designed to obscure malicious activity and evade detection, was another recurring theme. Finally, the sessions emphasised that mature cybersecurity leadership is essential to ensure governance, resource allocation, and strategic priorities keep pace with rapid technological and threat landscape changes. SANS Gulf Region 2025 reaffirmed SANS Institute’s leadership in shaping the cybersecurity talent landscape of the Middle East. By offering world-class training, global instructor expertise, competitive NetWars simulations, and deep-dive discussions on AI and future threats, SANS continues to serve as the region’s gateway to cutting-edge cybersecurity knowledge and sustained professional advancement.
Related Articles
SANS Institute unveils key strategies for securing AI technologies in 2025
“The AI Security Essentials program gives security leaders a high-level overview on how to deal with AI” – Michael Heering, SANS Institute
Senior Instructor at SANS Institute says EDR is not enough amidst complexity of the threat landscape