Tenable VP Maher Jadallah on how the Middle East can secure its digital ambitions

Cybersecurity in the Middle East is at a tipping point. With nations accelerating toward ambitious digital agendas, the attack surface is expanding faster than most organisations can secure it. Maher Jadallah, VP for the Middle East and North Africa at Tenable, believes the solution lies in a unified, proactive approach. In this interview with Gulf Business, he explains how Tenable is helping regional enterprises gain full visibility across IT, cloud, and OT systems, manage fragmentation, and stay ahead of an evolving threat landscape driven by AI and digital convergence.

How is Tenable helping organisations in the Middle East shift from reactive cybersecurity to proactive exposure management?

 Tenable is helping organisations in the Middle East execute a strategic shift from simply reacting to security alerts to establishing a proactive exposure management discipline. This transition is essential given technology is a central pillar in achieving the goals of both the Dubai Economic Agenda “D33” and Saudi Vision 2030. As digital transformation accelerates to meet these ambitions, so does the risk of cyber exposure.

The solution requires moving beyond a traditional, siloed approach to security. The focus must be on three core pillars: Unified Visibility; Risk Prioritisation; and Actionable Intelligence.

• First, organisations need a comprehensive, continuous view of every asset—from traditional IT to cloud infrastructure, AI workloads, and operational technology (OT).
• Second, they must prioritise not just individual flaws, but the handful of critical attack paths that pose the greatest business risk.
• Finally, this risk must be translated into clear, quantifiable intelligence that security and executive teams can use to drive decisive investments.

By embracing this unified discipline, organisations can confidently pursue their national digital agendas knowing they are consistently eliminating their priority cyber exposures.

Tenable’s recent Cloud and AI Security 2025 report shows that 82 per cent of organisations now operate hybrid environments and 63 per cent use multiple cloud providers, creating fragmentation, blind spots and governance challenges. How can enterprises in the Middle East address these gaps and secure such complex infrastructures?

Enterprises in the Middle East must address the gaps created by fragmentation and complexity by adopting a unified exposure management strategy. Tenable’s recent Cloud and AI Security 2025 report shows that 82 per cent of organisations now operate hybrid environments and 63 per cent use multiple cloud providers, a fragmentation that leads to dangerous blind spots. This challenge is heightened by the context of technology being a central pillar in achieving the goals of both the Dubai Economic Agenda “D33” and Saudi Vision 2030. As these ambitious digital transformation efforts accelerate, so too does the complexity and risk of cyber exposure.

To secure these infrastructures, organisations must consolidate visibility across all environments into a single, continuous view. They should utilize advanced capabilities to identify and trace the logical attack paths that span across different security domains, connecting weaknesses in the cloud with on-premises assets. Crucially, they must prioritise remediation based on the exposures attackers are most likely to exploit, such as critical misconfigurations and excessive permissions.

This strategic, unified approach allows organisations to move from a reactive state to a proactive and predictive one, ensuring that the velocity of digital change is matched by the resilience of their security posture.

 With the rise of OT-based cyberattacks, how urgent is the need for dedicated OT security solutions in the Middle East?

The need for dedicated Operational Technology (OT) security solutions in the Middle East is critical and immediate. The region’s rapid digitalisation of key sectors like oil and gas, manufacturing, and utilities is fuelling ambitious goals such as the Dubai Economic Agenda “D33” and Saudi Vision 2030. However, this acceleration has created a significant challenge: a major convergence of IT and OT networks. This convergence exposes historically isolated industrial control systems to escalating cyber threats, posing a direct risk to the technological pillars of these national agendas.

Cyberattacks on critical infrastructure can lead to devastating real-world consequences, including physical damage, disruption of essential services, and severe regulatory penalties. To address this, organisations must implement a comprehensive framework that achieves three things: deep situational awareness across all connected OT assets; unified risk context to understand how a weakness in the IT network could compromise an OT system; and strong process integration to ensure IT and OT teams collaborate effectively.

Ultimately, prioritising a comprehensive OT security programme is not just a defensive measure, it is a fundamental operational necessity for maintaining safety, continuity, and the success of the region’s long-term development plans.

What are some of the latest cybersecurity trends you’re observing globally and within the region, and how is Tenable addressing them?

They’re two critical trends shaping the security landscape, especially in the Middle East: the persistent challenge of fragmentation and the seismic impact of AI. These trends play out against a high-stakes backdrop given the region’s national ambitions with “D33” and Saudi Vision 2030. Every new cyber exposure, therefore, carries significant strategic risk to the nation’s future.

First, let’s talk about fragmentation. The modern attack surface is vast, stretching across IT, multi-cloud, OT, and identity systems. When organisations use dozens of scattered, siloed security tools, it actually makes the problem worse, creating more noise and complexity than security. Organisations can overcome this by adopting a unified exposure management programme. This means moving away from point-in-time scanning to gaining a single, continuous source of truth for all risk across the entire environment, cutting through the noise and allowing security teams to be decisive.

Second, there is AI as a dual-use technology. Attackers are weaponising generative AI to launch faster, more personalised, and sophisticated attacks. But the good news is that defenders are fighting back by leveraging AI-driven insights to switch from a reactive to a predictive and proactive strategy. This allows security teams to analyse massive data sets, pinpoint where they are most likely to be attacked next, and neutralise those critical risks before they can impact the digital foundation needed to achieve the region’s ambitious national agendas.

Read: Cybersecurity: Why ‘public-private-people’ partnerships hold the key