In the United Arab Emirates, cybersecurity is a major area of economic stability. As Dubai ranks 5th globally in cybersecurity, the professionals protecting its digital infrastructure are under more pressure than ever. Among these leaders, Ayoub Fathi stands out as a unique bridge between the world of elite hacking and corporate executive leadership.
As the Group Vice President and Chief Information Security Officer (CISO) at noon, Fathi is responsible for protecting millions of daily customers across the Middle East and North Africa (MENA) region. His journey reflects a broader trend in the global market: the transition of “Whitehat” hackers into high-level strategic roles to combat increasingly sophisticated digital threats.
Ayoub Fathi’s Educational Path in Computer Science and Data Engineering
Ayoub Fathi’s professional foundation began in Marrakesh, Morocco. His academic path provided the technical rigor necessary for a career in high-level security engineering. He attended Université Hassan II, where he earned a Bachelor of Applied Science in Computer Science and later a Master of Data Science and Engineering.
This combination of computer science and data engineering is critical in the current market. Modern security is no longer just about firewalls; it is about analyzing massive datasets to identify patterns of malicious behavior. For investors, this trend of data-driven security is worth watching, as it defines which companies can scale safely without losing customer trust.
Ayoub Fathi’s Professional Growth Mirrors Industry-Wide Cybersecurity Transformation
Fathi’s career can be divided into three distinct phases: independent research, entrepreneurship, and executive leadership.
- 2009 – 2013: He served as an Independent Security Consultant, honing his skills in identifying system weaknesses.
- 2013 – 2017: He founded Sacurify, a security consulting firm, and worked as a consultant for HackerOne.
- 2017: He was part of the founding team and served as CISO for a “Stealth Startup” in Dubai.
- 2017 – Present: He joined noon, initially heading information security for e-commerce before rising to Group VP and CISO.
This progression shows a strategic move from finding individual bugs to building entire organizational defense systems. Businesses should pay close attention to these changes in how security talent is cultivated and retained.
How Whitehat Research Laid the Foundation for Ayoub Fathi’s Cybersecurity Career?
Before becoming a corporate executive, Fathi was one of the most successful security researchers globally. His work on the HackerOne platform earned him a spot in the global top-100 hackers. He participated in international live-hacking competitions, often finishing in the top 10 globally.
His research has contributed to the security of billions of users. Fathi has identified and reported hundreds of critical vulnerabilities for Fortune 100 firms and government entities, including:
- Facebook (Meta): Identified dozens of vulnerabilities.
- OpenAI: Uncovered critical loopholes in ChatGPT shortly after its launch.
- Google, Microsoft, and Shopify: Provided research that helped secure their platforms.
- U.S. Department of Defense: Contributed to securing federal infrastructure.
This background in “offensive security” is what makes his defensive strategy at noon so effective. He understands how attackers think because he has spent a decade successfully emulating them in controlled, legal environments.
Also Read: Dr. Ebrahim Al Alkeem – Leading the UAE’s Strategy Against Financial Crime and AI-Driven Threats
Noon’s Digital Fortress in the MENA Region
When Fathi joined noon in 2017, the company was in its early stages. He was tasked with building the entire information security program from the ground up. This involved not just technical implementation but also creating a security-conscious culture during a period of explosive growth.
Noon is a retail giant in the UAE and Saudi Arabia. Protecting such a platform requires a multi-layered approach:
- Vulnerability Management: Ensuring that new features do not introduce security risks.
- Cloud Security: Protecting a massive cloud environment that handles millions of transactions.
- Application Security: Integrating security testing directly into the software development life cycle (SDLC).
- Governance, Risk, and Compliance (GRC): Ensuring the company meets international and regional regulatory standards.
This could shape the market in the coming months as more MENA-based startups look to noon’s security model as a blueprint for safe expansion.
Ayoub Fathi’s Continued Contribution to Ethical Hacking and Cyber Defense
Fathi is recognized as one of the most influential CISOs in the region. He currently has over 10,496 followers on LinkedIn, ranking him among the top 6 most followed CISOs in Dubai. This influence is a result of his active participation in the global security community.
His technical profile on HackerOne remains a testament to his expertise. Despite his executive duties, he holds 12 platform badges and has found over 60 verified vulnerabilities. His skills cover a vast range of technologies, including Java, Python, Ruby, and Shell Scripting, along with deep expertise in penetration testing and incident response.
How does a single leader manage the security of a multi-billion dollar group? The answer lies in Security-by-Design. Fathi advocates for embedding security into the product development phase rather than treating it as an afterthought.
His Work Is Reinforcing Trust in the UAE’s E-Commerce Ecosystem
Fathi’s work has a direct impact on the UAE’s reputation as a safe hub for digital business. By securing a major player like noon, he helps maintain consumer confidence in the regional e-commerce market.
He is a regular speaker at major industry events, sharing practical lessons on growth and security. His presence at GITEX, BlackHat MEA, and GISEC highlights his role as a thought leader who can translate complex technical risks into business strategy.
His speaking fees, ranging from $10,000 to $20,000, reflect the high demand for his insights on how to balance product velocity with customer trust. He also offers 1:1 video consultations for startups and boards, focusing on organizational design and security engineering.
How Interconnected Systems Are Expanding the Global Attack Surface?
The security landscape is shifting toward Artificial Intelligence, and Fathi is at the forefront of this change. His recent discovery of a loophole in OpenAI demonstrates that even the most advanced AI systems have vulnerabilities that require human expertise to find.
Global infrastructure is increasingly interconnected. A vulnerability in a US-based cloud service can affect a retail company in Dubai. Fathi’s research helps secure this global supply chain. His ability to bridge the gap between “hands-on hacking” and “board-level strategy” is a model for future security leaders.
Managing Cyber Risk in Fast-Growing Digital Enterprises Is Becoming More Complex
The challenges facing a CISO in 2026 are immense. As companies like noon grow, their “attack surface” expands. This means there are more potential entry points for hackers to exploit.
The primary risks include:
- Hyper-growth pressure: Maintaining security standards while the business scales rapidly.
- Evolving threats: Sophisticated attacks like “Broken Authentication” and “Sensitive Data Exposure” remain constant threats.
- Talent shortages: The need for skilled security engineers who can work in fast-paced environments.
Fathi addresses these risks by focusing on Security Engineering and DevSecOps. By automating security checks and empowering developers to write secure code, he reduces the reliance on manual intervention.
Cybersecurity Will Be Defined by AI vs AI Warfare
Looking toward the future, Fathi is likely to focus more on the intersection of AI and offensive security. As attackers start using AI to find bugs, defenders will need to use AI to patch them even faster.
The UAE will continue to lead the region in cybersecurity regulation and innovation. We can expect more companies to adopt the “Whitehat” model, launching their own bug bounty programs to invite global researchers to test their systems.
Ayoub Fathi’s career proves that the best defenders are those who truly understand the art of the attack. His transition from a researcher in Morocco to a CISO in Dubai is a powerful example of how technical excellence can drive global business leadership.
FAQs – Frequently Asked Questions
Ayoub Fathi is the Group VP of Information Security and CISO at noon. He is a renowned cybersecurity expert, entrepreneur, and former elite hacker who has identified vulnerabilities in major companies like Facebook and Google.
Fathi built noon’s security program from the ground up, focusing on a “Security-by-Design” approach. This includes cloud security, application security, and a robust vulnerability management program.
He has uncovered critical vulnerabilities for OpenAI (ChatGPT), Meta (Facebook), Google, Shopify, Microsoft, and the U.S. Department of Defense.
Yes, he is one of the most followed CISOs in Dubai and frequently speaks at major conferences like GITEX, BlackHat MEA, and GISEC.
He was awarded the title of Global Top CISO in 2022 and has been recognized by the New York Times as a global leader in cybersecurity.
Yes, he offers consultations through platforms like Intro, where he advises startup founders and boards on security strategy, organization design, and risk management.
His expertise includes penetration testing, cloud computing, ethical hacking, and vulnerability assessment. He is proficient in several programming languages, including Java, Python, and Ruby.
Fathi discovered a critical loophole in OpenAI after the launch of ChatGPT, demonstrating his ongoing commitment to uncovering vulnerabilities in cutting-edge technology.
Dwayne Paschke is a seasoned content strategist and AI automation specialist with over nine years of experience at the intersection of journalism and digital innovation. A versatile force in the media landscape, Dwayne has built a reputation as an expert content writer and investigative journalist, contributing high-impact pieces to various reputable news websites.
