As Saudi Arabia accelerates its digital transformation under Vision 2030, the kingdom’s ambition to build cloud-first infrastructure, AI-powered systems, and interconnected smart cities has created one of the world’s most complex cybersecurity landscapes. With giga-projects reshaping entire regions and a national push to become a global leader in AI, the scale of digital foundations being laid is unprecedented — and so is the exposure.
Tenable co-CEO Mark Thurmond is visiting Saudi Arabia for Black Hat MEA to engage with the nation’s cybersecurity leadership and discuss a fundamental shift in how organisations must approach risk. The visit underscores Tenable’s commitment to collaborating with the kingdom as it builds a future-rich digital economy, recognising that the ambitious scale of these projects demands advanced exposure management capabilities that go far beyond traditional cybersecurity models.
For Thurmond, the Middle East — particularly Saudi Arabia and the UAE — is central to Tenable’s global growth strategy. The region’s 2030 ambitions are undeniable and create an essential need for advanced security. But ambition alone is not enough. As cyber threats grow more sophisticated and attack surfaces expand exponentially, Middle East organisations must reframe cybersecurity by moving from a system of record to a system of action. The old approach of reacting to alerts no longer works.
In this conversation, Thurmond explains what exposure management means in practice, why the Middle East is a strategic priority for Tenable, and how organisations can shift from drowning in data to actually prioritising and fixing the vulnerabilities that matter most—before attackers do.
Brief us on your purpose of visiting Saudi Arabia? Tenable recently expanded its investment footprint in Saudi Arabia. What does this mean for your long-term outlook in the GCC?
Tenable co-CEO, Mark Thurmond, is visiting Saudi Arabia for Black Hat MEA to honour the nation’s remarkable transformation and forward-thinking leadership, specifically under Vision 2030. He is there to discuss a fundamental shift in cybersecurity and exposure management.
The visit underscores Tenable’s commitment to collaborating with the kingdom as it builds a future rich in technology. The long-term outlook in the GCC is highly strategic, recognising that the ambitious scale of digital foundations, including cloud platforms and AI systems, must be protected.
The region is a global leader in AI, with Saudi Arabia expected to see the biggest AI revenue gain in the Middle East. Therefore, Tenable sees its role as helping to secure this progress by providing the necessary exposure management capabilities, which are critical for survival in a complex, interconnected digital ecosystem like the giga-projects
Tenable defines itself as an exposure management company. In simple business terms, how should Middle East organisations be reframing cybersecurity through this model?
In simple business terms, Middle East organisations should reframe cybersecurity by moving from a system of record to a system of action. The old playbook no longer works. Exposure management is the new discipline, mindset, and approach.
It reframes the challenge by unifying siloed teams, tools, and data to see risk the same way the attackers do. Instead of drowning in up to 11,000 daily alerts, 28 per cent of which are never addressed, organisations get a master blueprint.
This blueprint enables pre-emptive security. It allows security teams to prioritise and focus on the critical few vulnerabilities. Research shows only 3 per cent of known vulnerabilities actually expose an organisation to risk; these are the ones AI-powered adversaries are actually targeting. This is about fireproofing rather than firefighting.
How does the Middle East fit into Tenable’s global growth strategy, and where do you see the strongest demand signals coming from across the region?
The Middle East, particularly Saudi Arabia and the UAE, is central to Tenable’s global growth strategy because the ambition and speed of digital transformation, fueled by Vision 2030, is undeniable and creates an essential need for advanced security.
The strongest demand signals come from organisations dealing with the three converging forces that complicate security: an exploding attack surface, fragmented defences, and a rapidly maturing adversary. Specifically, demand is driven by the need to secure giga-projects like NEOM, which involve billions of connected physical devices, and to ensure compliance with vital regulatory frameworks like Saudi Arabia’s PDPL and the NCA’s Essential Cybersecurity Controls.
As the region leads in AI adoption, which is forecasted to contribute over $135bn to Saudi Arabia’s economy by 2030, securing this technological leap makes the Middle East a critical market for exposure management.
Artificial intelligence is transforming both cyber defence and cyber threats. How is Tenable using AI across its platform, and what new AI-driven risks concern you the most going into 2026?
Tenable is leveraging AI to ensure its exposure management platform can fight AI with AI, which is “essential” to level the playing field against adversaries who can execute attacks at machine speed. AI is used to transform the platform into a self-driving system.
This AI is used to:
- Anticipate risk: It might forecast that a specific, highly probable attack might occur in the next 30 days.
- Prioritise risk: It connects the dots and provides context. For example, it may inform security teams that a vulnerable server has a 75% probability of being an entry point for a ransomware attack.
- Mitigate risk: It automates routine remediation tasks, such as checking for a patch, opening a ticket, and scheduling a follow-up scan, reducing days of human effort to minutes or seconds.
The most concerning new AI-driven risk for 2026 is the rapid acceleration of attacks, where AI can speed attack development timelines by 100x, creating phishing emails in 5 minutes, and customising malware code automatically for every new victim.
Since Tenable will be participating at Black Hat in Saudi Arabia, can you share more on the key focus and theme of Tenable’s participation and what you will be highlighting at the event?
Tenable’s key focus and theme at Black Hat Riyadh is to introduce and advocate for a new cybersecurity playbook called Exposure Management. The theme is “Beyond the Silos: Exposure Management in a New Age of Risk”.
In his opening keynote, Mark Thurmond will highlight that the traditional, fragmented security program, which uses an average of 83 disconnected tools, is a “playground” for modern attackers. He will showcase how exposure management unifies these silos, giving security teams the clarity and unified strategy they need to command the entire digital landscape.
The message is that in an environment where AI is weaponised, the only way forward is a pre-emptive approach that not only responds to risk but eliminates it before it emerges.
If you were speaking directly to Middle East CEOs today, what is the single biggest cyber blind spot you believe they’re underestimating, and why does it matter to the bottom line?
The single biggest cyber blind spot facing Middle East CEOs is underestimating the danger of a fragmented defence. CEOs often ask, “Are we exposed?”, and the answer is frequently just a “collection of spreadsheets” rather than a confident, data-backed assessment.
This matters to the bottom line because managing disconnected silos of tools is chaos. It forces teams to play their own game without a unified strategy, leaving huge, open gaps that attackers easily exploit. This fragmented model allows the adversary, now powered by AI, to thrive in complexity. The result is devastating: a single incident, like the Jaguar/Land Rover ransomware attack, can cost upward of $2.5BN. CEOs must understand that a unified front and a pre-emptive system of action are the only way to avoid this chaos and secure their future progress.
Read: Tenable VP Maher Jadallah on how the Middle East can secure its digital ambitions
