Mark Thurmond, CO-CEO, Tenable
With AI supercharging adversaries and Saudi Arabia’s digital landscape growing at unprecedented speed, Tenable is championing exposure management as the strategic discipline essential for unified visibility, stronger governance, and continuous pre-emptive protection. Mark Thurmond, Co-CEO, Tenable shares his insights with CXO DX
What is the message or positioning Tenable is emphasizing this year at Black Hat MEA?
Tenable is emphasizing the need for a fundamental shift in cybersecurity strategy from reactive “firefighting” to proactive “fireproofing”. The core message is that the traditional security playbook is obsolete in the age of AI.
Tenable is introducing and advocating for a new discipline: Exposure Management. This involves providing unified visibility across the entire attack surface and using defensive AI to anticipate, prioritize, and eliminate the exposures that matter most before an attack can occur. The theme of Tenable Co-CEO Mark Thurmond’s keynote at 2.20pm is “Beyond the Silos: Exposure Management in a New Age of Risk”
Discuss Tenable’s focus on the Saudi market and how Saudi Vision 2030 is acting as a key driver for major cybersecurity investments?
Saudi Arabia is highly important to Tenable’s global growth strategy due to the undeniable ambition and speed of the region’s digital transformation under Vision 2030. Vision 2030, through giga-projects like NEOM and the HUMAIN/AWS AI Zone, is driving massive investments in cloud, AI, and IoT, which fundamentally expands the digital attack surface that cybercriminals seek to exploit. Cybersecurity investment is a strategic safeguard for these futuristic initiatives. Tenable supports this by helping to secure the essential digital foundations of the nation, seeing its role as providing the essential cybersecurity for the survival of these complex digital ecosystems.
How do you see major trends and awareness around exposure management driving demand and growth for such solutions in the Kingdom?
Major trends in Saudi Arabia are converging to drive demand for exposure management. The nation is dealing with an exploding attack surface, increasingly fragmented defenses (averaging 83 security tools), and the rise of a rapidly maturing adversary weaponizing AI.
Exposure management provides the necessary unified visibility and strategic approach to manage this complexity, which traditional models cannot. Furthermore, the need to comply with local frameworks like the NCA Essential Cybersecurity Controls and PDPL, which require clear data governance, is reinforcing the demand for an approach that provides a complete, unified view of risk.
Why is a pre-emptive approach to cybersecurity and exposure management more critical than ever in the face of AI-powered attacks?
A pre-emptive approach is critical because AI has fundamentally transformed the economics of cyberattacks, making them faster, more sophisticated, and harder to detect. AI can speed attack development timelines from weeks to literally minutes , and human-crafted phishing emails that take 16 hours can be created even better by AI in just 5 minutes. Since humans cannot manually analyze and respond to threats executed at machine speed, a pre-emptive strategy, which fights AI with AI, is the only way to anticipate and eliminate risk before it emerges, moving from reactive firefighting to proactive fireproofing.
Are there any major announcements expected in terms of MoUs, partnerships or new solution roll-outs around Black Hat MEA 2025?
At Black Hat MEA, Tenable will announce the formal establishment of a new legal entity in the Kingdom of Saudi Arabia. This move signals its investment in the region and a commitment to supporting the nation’s ambitious digital transformation under Vision 2030. In addition, Tenable will be showcasing its AI-powered Tenable One Exposure Management Platform with live demonstrations. The company actively engages with the region through partnerships and events like Black Hat MEA to facilitate the transfer of cutting-edge methodologies.
How does Tenable plan to support localisation and compliance needs specific to Saudi organisations, especially around data residency, sovereignty, and regulatory standards?
Tenable supports localisation and compliance by providing a platform that gives organizations clear visibility and governance over their data and digital assets. The establishment of a new legal entity in the Kingdom strengthens Tenable’s ability to provide local access and support for its platform.
The Tenable One platform helps partners meet vital regulatory frameworks like the NCA’s Essential Cybersecurity Controls and Saudi Arabia’s PDPL by focusing on unified visibility and data governance, which is essential for ensuring accountability and knowing exactly where data resides.
With the growing convergence of IT, OT, cloud, and identity infrastructure in Saudi’s critical sectors (energy, utilities, government), how is Tenable tailoring its exposure-management framework to address hybrid landscapes and OT/IT risk?
Tenable is tailoring its framework by providing an exposure management platform that offers unified visibility across IT, OT, cloud, and identity. This unification is essential because a weakness in one domain can be chained to compromise another, such as an IT-side vulnerability leading to an OT environment breach. Tenable’s approach for OT/critical infrastructure uses passive visibility to continuously monitor all connected OT assets without intrusive scanning, safely mapping environments and identifying risks in real-time. This holistic approach is designed to secure complex hybrid landscapes and ensure the resilience of critical national development goals.
Leave a reply
