In an exclusive conversation with Enterprise IT World’s Editor, Sanjay Mohapatra, Michael Heering, Head of Marketing EMEA, SANS, shares their Middle East strategy, the power of lifelong cybersecurity education, and how they’re preparing professionals for an AI and post-quantum future.
What is your assessment about GISEC this year?
It’s great to be back! This marks our seventh participation at GISEC, and it’s bigger than last year. We’re introducing some exciting new elements this time around.
What are those exciting new things this year?
We’ve brought three SANS-certified instructors who are presenting workshops on offensive operations, digital forensics, incident response, ICS, and protecting IT/OT environments. We’re excited to see the response.
“Cybersecurity has something to offer for everyone — from beginners to advanced professionals. Our mission is to empower them all.”
— Michael Heering, Head of Marketing EMEA, SANS Institute
As a training and education provider, how do you help industry professionals counter modern cyberattacks?
At SANS, we continuously explore emerging trends like AI and quantum computing. We find the right experts—our instructors—and update existing courses or build new ones around these technologies. Right now, we have 5–6 AI-focused courses in development, rolling out later this year and next. These aren’t just about securing AI, but also guiding CISOs and cyber leaders on team building and skill development for future challenges.
The Middle East is growing rapidly in cybersecurity. What are your geographic priorities in this region?
We’ve always been strong in the UAE and Saudi Arabia. Beyond that, we’re very active in Oman, Bahrain, Qatar, and Kuwait. We’re also expanding into Egypt and Morocco. A key part of our strategy is mapping our training to new regulatory frameworks—like those in Saudi Arabia—so that cyber leaders can hire and train according to compliance needs.
How are you preparing cybersecurity professionals for post-quantum threats and AI-led attacks?
Quantum security training is still in development, expected later this year or next as knowledge in the field evolves. AI, however, is already embedded across our curriculum—from entry-level to advanced classes. We’re covering how AI can be used in Red Team operations and how to prepare defense teams against AI-driven threat actors.
From a career lifecycle perspective, how do you support learners who want to enter or grow in cybersecurity?
It doesn’t matter what industry or background you’re from—cybersecurity is for everyone. We offer Cyber Academies for those who might not have employer support, free workshops, summits, and other resources. Our programs cater to both beginners and those seeking advanced roles. My advice? Take the step—you’ll find your fit in cyber.
What skillsets are organizations, especially CISOs, prioritizing for long-term cybersecurity readiness?
We just released workforce research based on interviews with 3,000+ CISOs. There’s been a clear shift—earlier, hiring was 75% focused on technical skills. Now, soft skills and cultural fit have become crucial. Organizations want professionals who will stay long-term and align with their values.
From a hiring perspective, what’s your advice to engineers or professionals aiming for new cybersecurity roles?
Know your frameworks. Understand which skills and certifications align with specific roles. Many organizations are now hiring based on compliance with frameworks and regulations. If you can demonstrate you have those targeted skills, your chances of landing the job are much higher.
As a marketeer in 2025, where are you focusing your awareness-building and marketing efforts?
We have a well-distributed focus across the Gulf. Right now, Saudi Arabia and the UAE are top priorities. We’re also expanding our presence and awareness in Qatar, Bahrain, Oman, Kuwait, and Egypt.
