Dana Al-Abdulla

Cyber Security and Data Privacy Expert, State of Qatar
Dana Al-Abdulla leads national cybersecurity government responsibilities and functions in the State of Qatar. With more than 16 years of experience in cybersecurity, she has contributed to many national initiatives, such as the establishment of the Qatar Computer Emergency Response Team (Q-CERT), working on improving the cybersecurity posture in Qatar with her expertise in incident response and penetration testing. In addition, she has led the establishment of national information security compliance initiatives, fostering trust in the cybersecurity supply chain through establishing and supervising assurance programs. Dana is now leading national cyber governance initiatives, including cybersecurity strategy, national cybersecurity policies and standards, national cyber risks, and data privacy regulations.
Dana is a computer engineer and holds a Master’s degree from HEC Paris in Strategic Business Unit Management. She is certified as a GIAC Security Leadership Professional (GSLC) and a Global Industrial Cyber Security Professional (GICSP).
Show more

What does a typical day of work look like for you?

A typical workday is busy with new or ongoing activities related to national cybersecurity initiatives of various scopes and impacts. These initiatives include national cybersecurity policies, critical infrastructure protection efforts, cyber assurance programs and data privacy supervision.
With many priorities, effectively planning tasks and organizing schedules are critical success factors.

What aspects of your career journey have taken you by surprise?

Moving from the technical domain of cybersecurity to the governance domain was not the journey I expected at the beginning of my career. I’ve always been proud and confident about developing my career on the technical side of cybersecurity. I assumed I would never find passion on the governance side.
However, that assumption has entirely changed after accepting the opportunity to lead a government unit that supervises cyber compliance programs. After this slight twist in my career path, it took me a while to find myself and construct a vivid vision and objectives related to cybersecurity governance. Gradually, I started to enjoy it and feel more passionate about it day after day.

Tell us about the cyber project you're most proud of working on in your career.

I started a cybersecurity awareness blog with a friend early in my career. I am still proud of that blog because it uniquely shares information and explains cybersecurity through Arabic literature and simplicity. It was one of the projects I enjoyed working on because it combined my passion for cybersecurity with my Arabic writing skills. I am proud to know that one of the articles is taught by the Arabic department of a local university as an example of literature and technical content.

How has public perception of cybersecurity changed over the course of your career, and how do you predict in the future?

I assume that everyone using technology has been targeted or heard of someone targeted by cyberattacks. Therefore, I think the perception of cybersecurity has vividly changed due to the rise of phishing campaigns that pressured the public to gain awareness about protecting themselves online and to understand the importance of cybersecurity. I think awareness of cybersecurity’s significance will keep rising as emerging technologies become closer to our lives. The world will need more cybersecurity professionals than in the past.

Tell us about your first job (can be anything!) and one lesson you might have learned from it.

My first job as an incident response specialist involved considerable hardship. It was extremely challenging to conduct self-learning activities and time-consuming to develop knowledge and experience. The plethora of information related to cyber incident management, including tutorials and simulation platforms available online, is different from what it used to be a decade ago. I remember spending many hours troubleshooting virtual machines to understand how a simple tool works. Trying to learn it all from the beginning was not good practice. I would summarize the lesson learned from that time as having a good mentor at the beginning of your career. I would also recommend asking for more guidance to boost your learning experience.

What’s one piece of advice you’d give your younger self about getting started in cyber?

Tell us about a role model or mentor who has helped shape your career.

A meeting gets canceled and you have a surprise 30 minute window of free time — how do you spend it?

I would use that time to reply to emails.

What are the ways you stay grounded and take care of yourself?

When you think about your personal legacy as a leader, what do you hope people will remember?