How to start a cyber security career in the GCC countries

There has never been a better time to get into a cyber security career in the GCC (Gulf Cooperation Council) countries.

The Middle East is expected to need 45,000 more cyber security professionals by 2020 and 27% of hiring managers are expecting the size of their departments to grow by 15% or more (read more in our previous blog).

If you’re thinking about starting a career in cyber security, here are four things you can do to get started.

Get experience

You’re much more likely to get ahead in cyber security if you have experience. Even though the skills gap in the Middle East means GCC organisations are more likely to take on less-experienced people, practical knowledge is a huge advantage.

Internships and entry-level jobs are ideal starting points. You could also look for volunteer positions, or offer to help your employer or academic institution’s IT department in your spare time.


Cyber security isn’t something you can pick up quickly. It involves a lot of complex topics that you need to be aware of.

“If you aren’t in the IT space at all, start with learning IT fundamentals” , said Rod Rasmussen, vice president of cyber security at Infoblox. “We’ve seen this as necessary for even folks like FBI or other law enforcement officers who have the investigatory or ‘finding bad guys’ part down really well. That will serve you well in cyber, but regardless of your background, you need those building block fundamentals in IT in order to create an effective new career in cybersecurity.”

Books and e-learning courses are useful options because they let you study specific topics at your own pace.


Meeting people and making connections is sometimes essential for starting your career. Networking websites such as LinkedIn can also be a great place to get tips from security professionals.

Join IT Governance’s Cyber Security (GCC) LinkedIn group to stay up to date with the latest information security, data protection and compliance news in the GCC countries.

Get qualified

You will need relevant qualifications in your chosen field to advance your career – the qualifications you need will depend on the path you choose to take. For example, if you want to be an information security manager, a relevant ISO 27001 qualification is a must.

As you develop your career and accumulate experience, you can consider gaining more senior qualifications, such as CISM®, CISSP® and CISMP.

Of these, the CISM (Certified Information Security Manager) qualification is the most versatile. CISM is the globally accepted standard of achievement among information security, information systems audit and IT governance professionals.

There are various areas of cyber security that you can choose to go into, including information security, penetration testing and IT. Information security is generally the most sought-after field, and this often begins with ISO 27001.

ISO 27001 is the international standard that describes best practice for an ISMS (information security management system) – a system of processes, documents, technology and people. For a comprehensive introduction, you should attend our upcoming ISO 27001 Certified ISMS Foundation Training Course taking place in Dubai in November.

This one-day course is delivered by an experienced information security practitioner and combines formal training, practical exercises and relevant case studies. At the end of the course, attendees will sit an exam and, upon passing, will be awarded a globally recognised qualification by the International Board for IT Governance Qualifications.

Find out more about our ISO 27001 Certified ISMS Foundation Training Course >>