Shah Sheikh, DTS Solution's Co-founder / Sr. Cybersecurity Consultant & Advisor, shares his take on why organizations need to take penetration testing seriously, and why a lack of threat information sharing in the region is a huge risk to enterprises.


Why are systems integrators one of the most important parts of the IT value chain?
The answer to this is simple – SI’s bridge the gap in competency and support ecosystems which are not easy to adopt in enterprises. Organisations need to go back to the basics instead of being driven by vendors. I often see organisations that have made large expenditures in cybersecurity products and solutions, yet when we perform a penetration test we are able to obtain full domain admin access within a matter of hours.

How has DTS Solution proven itself to be an industry leader in systems integration?
DTS Solution is a leading cybersecurity consulting and advisory firm with roots in system integration. Gone are the days of pure-play SI related work, if you don’t approach system integration in a consultative and advisory manner with a solid background in architecture and business requirements, turnkey projects are likely to fail. This is where we consider ourselves unique. We have delivered some of the most advanced cybersecurity integration projects in the region, from introducing security automation and orchestration in one of the first SDN/NFV next-generation data centre deployments, as well as designing and deploying security operations centres for IT and OT environments that protect critical infrastructure and implementing nationwide DDoS mitigation solutions.

Are the Middle East’s systems integrators equipped to tackle market demand and complexity for digital transformation projects?
At the current pace of digital transformation and innovations that are happening I would say that regional SI’s are somewhat lacking in ramping up core competencies. We see a lot of clients moving towards Blockchain, artificial intelligence, big data analytics and machine learning, yet the eco-system of talent is quite imbalanced. More needs to be done in the region to enhance the talent pool of data scientists, machine learning statisticians, blockchain developers.

What levels of regional demand for SI services are you seeing across the world’s most emerging, game-changing technologies such as artificial intelligence and blockchain?
We are now seeing a major influx of RFPs from enterprises that want to use artificial intelligence and supervised and unsupervised machine learning capabilities to detect cyber threats across endpoints, network infrastructure and at the application level. Enterprises can no longer cope with the demands of running security operations, where the number of cyber-threats simply outnumber the number of qualified and competent resources in the field. Automation is the key, but it has to be the right automation to support cybersecurity initiatives. Reducing cyber-risks and managing your risk posture is a form of art, and not a science.

What are the biggest technological challenges faced by GCC enterprises, and how are you positioned to tackle those challenges?
In cybersecurity the challenges are clear – how to stay protected from cyber adversaries that target you from all possible angles. Cyber criminals are very organised, yet organisations that work in specific sectors lack threat information sharing, collaboration and breach notification. We still see siloes across the industry, and this does not support cybersecurity initiatives. We need to move on from the notion of naming and shaming, as being breached is so common. I personally believe that declaring a breach is one of the most ethical things anyone can do, but yet it’s a taboo in our region. Things may change with regulatory requirements, but this has already. My motto is simple – together we are stronger as a community.