In an age of transformational technological innovations, the arena of cybersecurity is expanding. Industry Leaders are redefining strategies and making a massive impact through their dedication and innovative thought process Among these leaders is Hani Bani Amer, who has positioned himself at the top with vision, technical know-how, and erudite leadership. As the Head of Information Security of Al Etihad Payments (AEP), he has led the growth of the UAE’s digital payments sector, pushing the boundaries of what is possible while bringing confidence in everything they do. Having spent more than two decades on an illustrious career, Bani Amer’s unyielding commitment to innovation, leadership, operational excellence and building strong digital footprint. says much about his indomitable drive towards progress. His leadership is a testament not just to his vast technical know-how but also to his enthusiasm for building robust, future-proof cyber infrastructures that protect and empower communities in today’s interconnected society.
CIO Look got an opportunity to sit down for an informative interview with Hani. In this interview, he opened up about his professional journey, experiences, challenges, achievements, and future plans. Following are the highlights of the interview:
Could you share the key milestones in your personal and professional journey?
Absolutely. My career in technology started back in 2005, just three months after I graduated from university. I consider myself quite fortunate to have landed my first job so quickly—especially at a time when many fresh graduates struggled to break into the industry.
Before graduation, a close friend advised me to pursue my first professional certification. That suggestion turned out to be a game-changer. It gave me a head start and positioned me well for job opportunities right out of university.
But like many early-career professionals, I had a lot of unanswered questions: What do I really want to do? What will make me happy? Where can I contribute the most? How can I make a lasting impact? These questions kept me up at night. I went through several interviews—some were tough, and a few were outright discouraging, especially given that expectations were often too high for someone fresh out of school. Still, I learned a lot from each experience.
At one point, I found myself torn between pursuing a career in technical roles or shifting toward sales. Eventually, I realized that the most effective sales professionals in technology are those who truly understand the technology—those with a solid technical foundation. That insight helped shape my decision.
So, I committed to a technical path and started my career as a Network Engineer. From humble beginnings with technology partners and service provider companies, I transitioned into managing network and security operations at a bank, followed by a role in the oil and gas sector, focusing on security operations and administration. My journey later took me to a couple of major solution provider vendors.
Today, I’m proud to be leading the Information Security function at Al Etihad Payments. It has been and still is a path filled with learning, growth, challenges, and continuous evolution that this field demands.
Please tell us about your experiences of being the Head of security at different functions and organizations.
Every experience I’ve had as Head of Security has been unique and stimulating in its own way. The expectations and challenges vary significantly depending on the organization’s business vertical and the specific function within the security landscape. I’ve have been privileged to work in both the banking and finance sector as well as the oil and gas industry—two vastly different in terms of risk appetite, regulatory requirements, and operational dynamics.
In addition, my career has spanned across both operational and governance-focused roles within the cybersecurity industry. These two roles, while complementary, are fundamentally different in their responsibilities and strategic objectives.
As Head of Security Administration, I am positioned on the front lines as the first line of defense. My primary responsibility is to build, implement, and operate security controls in alignment with the organization’s approved governance frameworks.
In contrast, my role as Head of Information Security Governance is centered on building the overarching information security program. This includes developing policies, frameworks, cybersecurity incident response planning and compliance initiatives, while working closely with business units to ensure these were effectively implemented and adhered to across the organization. It requires a more strategic view—focusing on risk management, regulatory alignment, stakeholder engagement, and cross-functional governance.
Each role taught me different aspects of leadership and cybersecurity. One demanded operational agility and technical depth; the other required strategic foresight, policy development, and the ability to drive culture change. Together, they’ve provided me with a holistic view of the cybersecurity landscape and a strong appreciation for the interplay between governance, compliance, and operations.
What motivates you to keep pushing boundaries and to deliver the best information security services?
That’s a tough question, but to answer it, my core motivation lies in building things differently—smarter, stronger, and more resilient. I’m driven by the challenge of designing security architectures and cybersecurity programs that not only meet compliance standards but genuinely protect an organization’s data, systems, and operations—regardless of the nature or sophistication of the threats they face. Whether it’s safeguarding the confidentiality, integrity, or availability of critical assets, I see cybersecurity as an enabler, not an obstacle, to business success.
My broader ambition is to help shift the cybersecurity industry from a reactive, assumption-based industry to a more proactive, intelligence-driven approach. One that is grounded on facts, not fear. We need to build digital ecosystems that can absorb attacks, adapt to threats, and continue to operate with confidence. I believe that by laying strong security foundations, we empower not just individual organizations, but the broader digital community, to thrive in an increasingly hostile cyber landscape.
Cyber threats are evolving faster than ever, from threat point of view, what is the biggest cybersecurity challenge facing organizations today, and how should they approach solving it?
The biggest challenge today isn’t just the sophistication of cyber threats, but also the speed and scale at which they are evolving, especially with AI and automation now in the attacker’s toolkit. But unfortunately, the weakest link remains to be the human factor. Phishing, social engineering, and credential compromise account takeover still account for the majority of breaches. So the real challenge is how to build security that’s both human-centric and resilient.
Organizations need to shift from a purely reactive mindset to a proactive, risk-aware culture. That means investing in modern integrated detection systems, and embedding cybersecurity into every layer of the business, from infrastructure and code to culture. adopting positive security model, continuous user education, and cross-functional collaboration aren’t just trends; they are essential security needs. The Cybersecurity business problems shall be addressed at a board-level, as a result, the organizations that have treated it this fashion will lead the future.
What are the most significant challenges facing the information security sector today, and how are you addressing them?
The information security sector faces several significant and evolving challenges everyday. Some of the most critical Challenges are increasingly sophisticated cyber threats, ransomware, extortion, and supply chain attacks that are accompanied with the lack of security visibility. The strategies to address them is represented in a number of ways:
- Implementing a positive security model that is implemented on a need-to-do basis eliminating unnecessary exposures to data and system assets.
- Conducting proper behavior and technology assessments prior onboarding any implementing any security technology and or choosing a vendor.
- Implementing advanced detection technologies that can be based on AI for faster anomaly and malicious behavior detection.
All of the above-mentioned would represent the standard and traditional Cybersecurity BAU. What really worries me is that the industry is reactive in nature and is assumption based; which might lead to catastrophic outcomes in the business.
Another perspective would be to conclude reactiveness and start with proactiveness. This ensures that the security controls and systems configuration are built in a way that will end the attack chain at each and every phase of it. The only way to overcome the assumption part is by building an effectiveness validation program that will fuel security posture and security leaders with visibility required and build the trust required.
At last but not least the number one issue that keep all security professional up at night is the lack of the required IT and Security skillset in the market to run and operate systems and data assets.
What is your long-term vision and how do you plan to achieve it?
Security collaboration within the industry and its experts is a key aspect. This is because the security professionals today are mostly working in silos and they don’t communicate nor share experience with each other. Security is a team sport and everyone’s contribution to the industry might lead to major advancements over time. In my opinion, this will set a strong foundation to pave a way for greater security collaboration that will advance the cybersecurity industry on global scale to adopt cybersecurity industry recommendations and best practices.
In what ways have you adapted or innovated to the challenges and opportunities presented by the digital age?
The digital age has transformed how we connect, work, and grow, and adapting to it has required both agility and foresight. Yet, we must not forget basic security hygiene; unfortunately, this is where most organizations set themselves for failure. In the race to innovate and with the daily overwhelming workloads, we often overlook the basics, which can lead to major breaches. However, this should not deter us from innovation. I firmly believe that innovation should occur in areas that embed security into the infrastructure, products, or application from their inception.
The most attractive areas for security innovation would be continuous security validation, not only for security posture but also for monitoring and detecting capabilities. Another promising avenue is Continuous Threat Exposure Management (CTEM), along with cyber risk quantification.
How do you see the role of technology evolving in the information security services sector over the next decade?
Information security technology and services works with full reliance on technology as a backbone, and developments in the Information technology space in terms of infrastructure, applications, integrations, authentication, encryptions etc will have a direct impact on system and data assets confidentiality, integrity and availability. Personally, I believe that we will be seeing identity and access redefined, we will be seeing more of hybrid cloud models, steady movement towards compliance automations.
In addition, organizations will be focusing more and more on post quantum readiness, especially looking deeper into quantum-resistant algorithms to safeguard sensitive data against future quantum computing threats.
At last but not least, an explosion in artificial intelligence adoption to detect, investigate, and respond to threats in real time by implementing tools that will move from alerting analysts to autonomously remediating incidents.
What advice would you give to aspiring leaders who want to make a meaningful impact in their industries?
Cybersecurity is very dynamic and very changing industry and what is considered to be secure now, it might be secure in the next 5 minutes, which require vigilance and staying updated. Keeping up to date with the right work groups and collaboration platform would be a very difficult task to achieve, this is where my ask to cybersecurity leaders is to participate in building proper security collaboration and work groups to share the knowledge and experiences to create the required platforms for knowledge sharing. Cybersecurity is a different and difficult problem to solve and would require all available hands to help in solving it at departmental, organizational, business vertical or industry, country, regional and global levels.
Read More : Gold Hits Record High as Investors Turn to Safe-Haven Assets Amid Global Uncertainty