Spotlight on Nasser J. AlGhamdi, GM of Cybersecurity (CISO), Saudi Commission for Health Specialties

Nasser J. AlGhamdi is a digital trust and cybersecurity executive with over a decade of experience building national-scale security, resilience, and transformation programs across government and enterprise environments. His career spans hands-on forensics, large-scale infrastructure delivery, and C-level cybersecurity leadership, with a consistent focus on aligning security outcomes to business and societal impact. He currently leads enterprise cybersecurity strategy and regulatory compliance at a national level in Saudi Arabia.

Learn more about the Middle East CISO community here.
 

Give us a brief overview of the path that led to your current role.

My journey began in a highly technical environment where I worked in incident response. Early in my career, I worked in forensics, infrastructure, and critical systems, which exposed me to the significant costs of poor security decisions. I then led large-scale national programs, Security Operations Centers (SOCs), safe city initiatives, and enterprise platforms, managing risks across technology, personnel, and policy. This operational experience now informs my role as a Chief Information Security Officer (CISO), where I translate complex cyber risks into executive decisions that protect our mission, reputation, and growth, while also enhancing business resilience.
 

What is one of your guiding leadership principles?

I focus on establishing clear outcomes, decision rights, and accountability, then empower capable teams to deliver them. Over-managing leads to fragility; well-aligned teams build resilience.
 

What is the greatest challenge CISOs face today, and how are you addressing it?

The biggest challenge is scaling trust at the same speed as digital transformation, especially under increasing regulatory pressure and threat sophistication. Organizations are moving faster than their security maturity, creating hidden risks. I address this by embedding security into business architecture, automating compliance where possible, and prioritizing resilience over theoretical perfection. The goal is not zero risk; it’s controlled, visible, and recoverable risk.
 

What is the key to success for someone just starting out as a CISO?

Lead with context, not tools. Understand the business model, regulatory environment, and risk appetite before proposing solutions. Credibility at the C-level comes from judgment, not just technical depth.
 

How do you measure success as a leader?

I define success through outcomes rather than just activities. This includes reduced incident impact, faster response times, measurable improvements in compliance, and teams that function effectively without frequent escalations. When the organization becomes more resilient, decisions are made more quickly, and security is trusted rather than circumvented; this indicates that leadership is performing well.
 

Governing Body members share their insights and leadership perspectives to shape the agendas and topics that address the top priorities impacting business leaders today.