Ep. 105: Roland Abi Najem - Cybersecurity Practices

Contact Roland Abi Najem:
https://www.linkedin.com/in/rolandabinajem/


Roland Abi Najem's Website: https://www.rolandabinajem.com/


FULL EPISODE TRANSCRIPT:Mitch:
(00:00)
Welcome back for episode 105 of Count Me In, IMA’s  podcast
about all things affecting the accounting and finance world. I'm
your host Mitch Roshong, and today's episode features
cybersecurity and digital transformation expert Roland Abi Najem.
Roland is founder and CEO of Revotips, Expert Tech Consultants,
and Solutions. In this episode, my co-host Rouba dives into
better understand the evolution of cybersecurity, including the
risk areas and how finance and accounting professionals can
better enhance digital safety measures across their
organizations. Keep listening as we head over to the conversation
now.

Rouba: (00:46)
You’re a cyber security expert in the region, you have been one
for many years. What does the work that you do entail?

Roland: (00:57)
Well, basically it's the most important thing to me on a personal
level I should work on is, being up to date on daily basis. And I
really mean it on daily basis because sometimes if you, for me,
on a personal level, I have at least for example, a minimum three
to four hours readings per day. And, I have to stay up to date
with all technology related issues about, all type of,
technology, the less the news and cyber attack happened,
worldwide and so on. So because we always learn from case study
happened worldwide. Moreover, I have to say after this was all a
governance issue about new laws, new regulations, because also
those, rules and regulation of, being up to date, also kind of on
daily basis. And, we have, let's say GDPR in Europe, perhaps a
hundred rules and regulation here in the region. So we must
follow those guidance as there'll be, for example, in GDPR, if
you don't follow the guidance and regulation, you'll have fin, 10
million euros and so on. Moreover when it comes to cybersecurity,
it's not only about the technical know-how of each person, what,
what any company will look for when they are working with a
certain cybersecurity company or consult them, they will look
first for personal know-how. They will look first for, as a
company reputation and a brand name and the look for the person
or the petition of each individual who's going to work in
cybersecurity because, you know, when you are working on
cybersecurity, sometimes when I'm doing, let's say a penetration
testing and so on. So, you might have access to very confidential
data and so on. So for other companies, they will need to make
sure that they have full trust in the company and each individual
working on the project. Plus we all know that, working in the GCC
region, is really challenging because you are working like, with,
a different type of culture and society. Within in one company
was in one country is so working with a different culture,
different society, different mentality, you are working in
different industries like, government, all I'm guys, banking,
staffed up everything. So, you need to be, aligned with all types
of cultures and societies in order to understand the needs and
the requirements and how they think and how they perceive things.
So actually it's kind of hectic to be combined and I'll combine
all those together and to stay up to date with them. But actually
this is what makes, let's say the thing different, and, this is
what gives me added value, in this industry.

Rouba: (03:43)
No, that's quite a task that you have on hand. When we look at
the, the Middle East and Africa cybersecurity market, I mean,
it's witnessed some tremendous growth over the last, few years,
more than a decade even, and it's projected to grow even further
from an estimated 15.6 billion in 2020 to 29.9 billion in 2025.
And the compound annual growth rate is 13.8, which is
exponential. And this is based on the post COVID scenario
forecast. Now, the lion's share really goes to Saudi Arabia and
the UAE, and some parts of Africa when you look at these figures,
but what are some of the most notable initiatives that are taking
place in the region?

Roland: (04:24)
Well, this is a very important question based on what you said on
the growth of, everything regarding to, cyber security in terms
of spending, nowadays, lots of, government issues and rules and
regulations. They are forcing by law each company, especially
when I talk about big companies that have billions of dollars, to
have at least three cyber security providers, because we all know
that when it comes to security, is that is no, let's say a one
plus one equals two. It's not that simple. So you need to have
the different providers see different companies that are working
in cybersecurity for you, because we all know there is nothing
called 100% security and no company can be 100% secure of the
time. If you are currently secured, you are secured, let's say up
to 70, 80% maximum and so on. So there are still gaps. That's why
I asked to have multiple companies under 10 providers. And this
is what makes the industry, let's say, growing up so fast because
for each company needs at least three companies for
cybersecurity. This is number one. Number two, a few days back in
the UAE is a consult ministers form, a concept for cybersecurity,
which is, which shows clearly important nowadays for everything
we got in cybersecurity, because let's say sometimes now we're
on, we're talking about what, what we're talking about, the Cyber
War, not the normal wars, is that like a World War One and World
War Two. So I'll talk about the Cyber War and we all know that
everything is happening between, uh, let's say, North Korea and
Iran and Saudi Arabia and USA and so on, and we're not talking
about a cyber war. It doesn't come with only with what you call
it say about, only a just hacking and cyber attacks and so on.
It's all sometimes about data. And we all know, for example,
what's happened between Donald Trump and the big fight. And most
of the big parts of it was political and part of it was economic,
but the biggest part is about the data. Where am I going to
store  the data and how we are going to, to store it
somewhere. So I'm not sure the initiative is, in Saudi Arabia,
they have what we call the National Security Authorities, where
you can, for example, if you are under attack or do you have, now
you can claim directly online and they will support you, and in
many ways. Here in Kuwait, since I'm based in Kuwait, we have,
two laws, you have the Image alone, and we have a Cyber law,
every since cyber crime law, and so on. So, the biggest
challenge, and, here, I think is, how we can join all those laws
with international laws in order to, to be aware of all the laws
and regulations worldwide in order to try to make for everyone.
Because let me give you an example, let's say in the UAE or the
Kuwait or whatever, they have lots of Eu...