How are we training the next generation of cyber defenders?

Take your cybersecurity career to the next level with insights and inspiration from the global Black Hat MEA community. 

This week we’re focused on…

Where (and how) the next cyber generation trains. 

Why? 

Because the new generation of cybersecurity talent is engaged in dynamic, live training – with breach simulations that prepare them for real-world defence. 

In a Riyadh lab, a group of trainees watch a ransomware attack unfold on a sandboxed network. They isolate the threat, trace its lateral movement, and rebuild the compromised environment – all before they break for lunch.

And across the Gulf, in Abu Dhabi and Dubai, Capture the Flag (CTF) competitors race to exploit or defend systems in real time. Instead of classroom exercises, these are live-fire simulations. And they’re redefining what it means to learn cybersecurity.

Saudi Arabia’s national push for cyber talent development 

The Saudi Federation for Cybersecurity, Programming and Drones (SAFCSP) has made cyber capability a pillar of national development – blending government support with a startup pace.

Through initiatives like the Tuwaiq Cybersecurity Bootcamp, participants complete more than 580 hours of training and 150 practical labs in just 13 weeks. The federation’s CyberHub platform links university clubs and students across the Kingdom, creating a continuous pipeline of red and blue teamers.

Alongside this, the National Cybersecurity Authority (NCA) runs its own Cybersecurity Academy, designed to build a technically and strategically skilled national workforce. Its CyberIC Programme, now in its second phase, trains everyone from government analysts to recent graduates – reflecting the structure of global threats. 

Together, these programmes form the foundation of Saudi Arabia’s vision to become a global cybersecurity hub.

Gamifying cybersecurity education 

While Saudi Arabia leads in infrastructure, the UAE is turning training into a regional tournament. The Cyber Battle of the Emirates (previously Cyber Quest) brings UAE high-school and university students together for an annual Capture the Flag event. The format (immersive, time-bound, and story-driven) mirrors the reality of modern incident response.

When we spoke with Heba Farahat (Senior Cybersecurity Consultant at Liquid C2), she told us that CTFs had shaped her career from the start:

“I believe that CTFs offer one of the most effective ways to learn about cybersecurity in a gamified manner.”

She began as a competitor (her team ranked among the top five in several regional tournaments) and later became an organiser.

“Over the years, the number of participants doubled, attracting players from 15 different countries, with women comprising over 60% of the participants,” she said.

That figure points to a profoundly important change in the region’s cyber training ecosystem: that as it expands, it’s also diversifying. 

Why does experience-based training matter? 

The majority of breaches trace back to human factors. And simulation-based learning builds muscle memory – the ability to recognise, react and recover under stress. 

So these programmes are focused on producing real operators; people who not only have the skills to prevent, detect and respond, but who’ve already proved they can do it in challenging circumstances. 

The emergence of more training opportunities like this in the Middle East also points to an important cultural shift. As the region has invested heavily in digital transformation, its leaders have also recognised that cybersecurity isn’t a support function anymore. It’s becoming a source of pride and economic identity – and one of the most exportable skill sets of the coming decade. 

Moving into the driver’s seat

We’re excited to be a part of cybersecurity’s acceleration in the Middle East; especially because that acceleration is rooted firmly in inclusion and ambition. 

And our own Black Hat MEA trainings are a part of the upskilling process too – our courses represent the cutting edge of cybersecurity education, offering the opportunity to practise critical skills at the highest level. 

Explore more on the blog: Real skills every red and blue teamer needs 

Join us at Black Hat MEA 2025 to be a part of cybersecurity’s evolution in the Middle East and worldwide. There’s still time to get your pass.