Intelligent CISO exclusively speaks to Saudi Arabia-based Ali AlKhamis, CISO, Raya Financing, winner of CISO of the Year at Lynchpin Media’s Intelligent ICT Awards 2024 Middle East. He shares his insights on leading a successful cybersecurity team, positioning cybersecurity as a strategic business enabler and tackling the challenge of balancing day-to-day operational demands with driving innovation.
What does winning Lynchpin Media’s CISO of the Year award mean to you, and how do you feel it reflects your team’s achievements and dedication to cybersecurity?
Winning the Lynchpin Media CISO of the Year award is a great honour and a reflection of the collective efforts of my team. I believe cybersecurity is not just about frameworks; it’s about people. This award highlights the strong collaboration within my team, which has been instrumental in achieving this recognition.
One of our key achievements this year has been improving our performance in incident response by around 35%. This has allowed us to shift from a reactive approach to cybersecurity to a more proactive one, turning it into a strategic tool for the organisation. It’s a fantastic accomplishment, and I’m incredibly proud of my team’s dedication and hard work.
How do you cultivate leadership within your cybersecurity team and foster a culture of continuous learning and innovation in cybersecurity practices?
Leadership within a cybersecurity team relies heavily on how cybersecurity is positioned as a business enabler within the organisation, particularly in the financial sector. It’s about shifting the perception of cybersecurity from being just a budget-heavy function to one that plays a critical role in collaboration and communication across all departments.
To foster leadership and a culture of continuous learning, I ensure that cybersecurity initiatives are driven by a comprehensive strategy aligned with the organisation’s overarching goals. For example, as a CISO, I receive strategies from all departments during the busiest quarter of the year. My responsibility is to create a unified cybersecurity strategy that integrates with these departmental goals, ensuring alignment and enabling the business processes.
This approach not only supports innovation in cybersecurity practices but also demonstrates how cybersecurity can actively contribute to the organisation’s success, positioning it as a key enabler rather than just a cost centre.
How do you measure the success of your leadership and team development initiatives within your cybersecurity department?
I measure the success of my leadership and team development initiatives using both quantitative and qualitative metrics. On the quantitative side, I track key indicators such as incident response times, the number of threats detected and addressed promptly, and the effectiveness of our cybersecurity awareness programmes – measured by reduced errors or failures among employees.
Qualitative metrics focus on feedback from my team, which helps me understand their growth, satisfaction and how they perceive their contributions. For example, in 2024 we reduced response times by 35%, showcasing the impact of our training and improved processes. However, I also consider how this achievement reflects on the team’s morale and confidence.
Additionally, I incorporate KPIs that encourage and measure initiative from team members. For instance, I track the number of ideas or suggestions they propose, regardless of whether the ideas are immediately actionable. Recently, a team member suggested using AI to analyse and monitor login attempts – a creative concept that may not yet be fully developed but reflects their proactive mindset and understanding of cybersecurity as an evolving field.
This balance of measurable outcomes and fostering a culture of innovation ensures that my team remains engaged, growing and aligned with the dynamic nature of cybersecurity.
What are the key challenges in maintaining a balance between day-to-day cybersecurity operations and the pursuit of innovation?
Balancing day-to-day cybersecurity operations with driving innovation is one of the biggest challenges I face. Daily operations often demand significant attention and can consume much of the team’s time, especially with tasks like SOC monitoring, incident response, phishing campaigns and cybersecurity awareness training.
To navigate this, I divide my team into two groups. One focuses on daily operations, ensuring consistent performance and collaboration with IT. The other group works in small workshops, held daily or two to three times a week, dedicated to brainstorming and developing innovative ideas or solutions. These workshops allow my team to explore new technologies, refine processes and propose initiatives without compromising operational stability.
I rotate team members between these groups regularly to maintain fresh perspectives and ensure that everyone gains experience in both operational tasks and innovation. For example, insights from daily operations, like response times to critical alerts, are brought into workshops for analysis. The workshops use this data to benchmark performance and develop strategies for improvement, which are later implemented back into operations.
When piloting new technologies, we often start with a proof-of-concept (PoC) in the workshop group. Once validated, the PoC is gradually integrated into daily operations, allowing the team to monitor its impact and refine its use in real-time.
This dynamic approach ensures that our cybersecurity operations remain robust while fostering a culture of continuous improvement and innovation.
How do you foster an environment of collaboration within your cybersecurity team, especially when integrating new security technologies or methodologies
Collaboration is essential for implementing a successful cybersecurity strategy. Achieving this requires fostering an environment where every team member feels heard and valued. I ensure that no voice or idea is overlooked, creating a culture of inclusivity that encourages participation.
When integrating new security technologies or methodologies, I start by gathering input from the entire team. Once ideas and feedback are collected, I work closely with vendors and partners, establishing clear success criteria to evaluate the proposed solution. Based on these criteria, we set up a controlled testing environment, such as a user acceptance testing (UAT) or proof-of-concept (PoC) environment, to assess the technology’s effectiveness.
My academic background influences my approach: I thoroughly study the technology and the vendor before initiating communication. This ensures informed decision-making and helps us identify potential limitations early on. For example, during a PoC for an EDR solution, we discovered it didn’t align with our requirements – not due to its capabilities but because it was overly complex or resource-intensive for our team.
In such cases, we use scenario-based testing to evaluate how the technology performs against real-world challenges specific to our organisation. The results are shared with the vendor for further adjustments or improvements. This iterative process allows us to align the technology with our operational needs, ensuring a smooth integration.
This collaborative approach – combining team feedback, thorough research and active engagement with vendors – ensures that new technologies and methodologies are not only effective but also practical and tailored to our unique environment.
What do you believe are the biggest challenges and opportunities for cybersecurity leaders in the evolving digital landscape?
The evolving digital landscape presents both significant challenges and opportunities for cybersecurity leaders. One of the biggest challenges is the rapid pace of technological advancements, which has drastically shortened the lifecycle of innovation. For example, if you look back at the 1990s, the evolution of processors like the 8086 or the Pentium series had long intervals between upgrades. In contrast, today’s advancements happen in much shorter cycles, which also accelerates the evolution of cyberthreats.
In the 1990s, global cyberattacks were relatively infrequent – maybe three or four major incidents a year. Now, cyberthreats occur constantly, with countless attacks launched globally every hour. [AH1] Some cybersecurity platforms showcase live threat maps that vividly illustrate the overwhelming volume of threats. Attackers are relentlessly developing new technologies and techniques, making it crucial for cybersecurity leaders to remain proactive, adaptive and vigilant in addressing these threats.
However, the opportunities are equally significant. Cybersecurity leaders have a unique chance to position themselves as business enablers by aligning security strategies with organisational goals. For example, if an organisation is launching a new customer portal or digital channel to enhance customer engagement, this creates potential risks but also an opportunity to demonstrate the value of robust security measures. Cybersecurity leaders can showcase how a secure digital infrastructure not only protects the business but also fosters trust and drives growth.
A personal example of this is implementing an AI-powered monitoring tool in our organisation. This tool significantly improved our ability to detect anomalies and malicious activity in real time, reducing the risk of breaches. Convincing management to invest in such technology involved demonstrating its business value – highlighting how it enables the organisation to safely expand digital services, enhance customer experiences and protect critical assets.
Ultimately, cybersecurity leaders must navigate these challenges by balancing the need for innovation with the imperative of protection, leveraging security as a critical enabler of Digital Transformation.
How do you stay abreast of emerging cyber security technologies and decide which ones to integrate into your organisation’s security operations?
Staying abreast of emerging cybersecurity technologies and deciding which to integrate into an organisation’s security operations requires a strategic approach. While attending conferences is a valuable way to network and gain insights, I believe the most impactful knowledge comes directly from my team.
To that end, I prioritise sending my team to attend technical sessions, workshops and conferences. This allows them to gain hands-on exposure to new technologies and trends. Their insights and feedback play a critical role in evaluating which technologies are most suitable for our organisation. I rely on their technical expertise to identify solutions that align with our goals and operational needs.
My primary focus is ensuring that cybersecurity functions as a business enabler, not a blocker. This means fostering an environment where collaboration and shared responsibility are at the core of our strategy. By exposing my team to diverse perspectives and encouraging open dialogue, we can collectively assess how new technologies contribute to building a secure environment that supports long-term growth and innovation.
Ultimately, this collaborative approach not only empowers my team but also ensures that our cybersecurity strategy is aligned with the organisation’s broader objectives while staying adaptive to evolving threats.
