Spotlight on Mohammad A. Al Safi

With over 27 years of experience in the oil and gas industry, Mohammad Al-Safi is a seasoned Cybersecurity executive, serving as Team Leader, Cybersecurity and Support for Kuwait Oil Company (KOC). He is an accomplished CISO recognized for establishing and leading cybersecurity function.  As part of his role in KOC, he oversees Cybersecurity, Technology Resilience and IT Governance functions for KOC.

In addition to his role in KOC, he chairs the Cybersecurity committee of KPC Group Companies and is a member of GCC Oil and Gas Cybersecurity Threat Intelligence Committee. He holds bachelor’s in computer engineering from Florida Tech University and is passionate about Cybersecurity.

Learn more about the Middle East CISO community here.
 

Give us a brief overview of the path that led to your current role.

I started my career after earning a bachelor’s degree in computer engineering from Florida Tech University in 1999 and joined Kuwait Oil Company in 2000 within IT Operations, where I built a strong technical foundation. In 2009, I transitioned into cybersecurity and led the establishment of the organization’s cybersecurity function at a time when the field was still evolving. That experience allowed me to shape strategy, build capabilities, and embed security into the business.

Between 2009 to 2023, I led Cyber Security Risk Management, Cyber Security Operations, Cyber Threat Management and Cyber Security Governance before I elevated to Team Leader, Information Security (CISO) in October 2023. In 2025, I assumed additional responsibilities of Technology Resilience and IT Governance. Today, as Chief Information Security Officer, I focus on driving resilience, advancing cybersecurity maturity, and strengthening collaboration both across K-companies and at the regional level. 
 

What is one of your guiding leadership principles?

One of my guiding leadership principles is to lead with clarity and accountability. I believe in setting a clear direction, empowering teams to take ownership, and creating an environment where people can perform at their best while staying aligned with the organization’s goals. Further, I strongly believe effective leadership starts with investing in people. By empowering teams, encouraging continuous learning, and fostering a culture of accountability, you create an environment where both individuals and the organization can succeed.
 

What is the greatest challenge CISOs face today, and how are you addressing it?

One of the greatest challenges I face as CISO today is balancing the need for robust risk management with the business’s demand for speed and innovation. Organizations are rapidly adopting new technologies such as Cloud, AI driven tools and digital services and Cybersecurity must keep pace without becoming bottleneck. Ensuring timely risk assessment while reducing lead time for providing actionable security guidance to business teams is critical. If the security processes are too slow, they hinder innovation and if they are too fast without rigor, they increase exposure.

To address this, we focus on embedding security earlier into the business and technology lifecycle. This includes adopting risk-based prioritization, automating assessment processes, where possible and enabling ‘security by design’ principles. I am working closely with business to shift the perception of cybersecurity from a control function to a business enabler – one that provides clear and timely insight into the risks while supporting fast and secure adoption of new technologies. For this, continuous awareness initiatives are conducted to ensure business teams understand both the risk and value of Cybersecurity.
 

What is the key to success for someone just starting out as a CISO?

Transitioning into CISO role is not a technical promotion but it’s a shift into a business leadership role. Your success depends less on how much security you know and more on how well you can make others care about it. Business leadership doesn’t think in terms of technical vulnerabilities, but in terms of production, operational continuity, regulatory compliance, international standards, risks and reputation.

It is important to build strong relationships with IT, business, legal, risk and procurement teams as your success will depend a lot on how you establish trust with these functions. Strong relationships reduce resistance and security decisions move faster.

Prioritization is key. As CISO (or a leader of any function), one must realize that every issue can’t be resolved at once instead identify the top issues/risks and focus on high impact, visible areas. At the same time, accept that some risks will remain and communicate the same to your business leadership. 

Finally, invest in your people. It is important to upskill your people, hire right minded talent or fill the gaps through strong partnerships.
 

How do you measure success as a leader?

In my role, success is measured by how effectively we reduce risk while enabling the business to operate with confidence and speed. The business should move faster and more confidently, not slower. 

Skilled team, strong security posture, resilience against threats, and a well-informed, security-aware organization demonstrated through key performance indicators are key to success.
 

What is the value of being a member of Gartner C-level Communities?

The real value lies in connecting with peers at the same level of responsibility, sharing experiences openly, and learning from different approaches. It helps validate strategies, challenge assumptions, and continuously improve leadership decision-making in a rapidly evolving environment.
 

Governing Body members share their insights and leadership perspectives to shape the agendas and topics that address the top priorities impacting business leaders today.