Cybersecurity Alumni Q&A: Omar Al Mulhem ’24

“The program’s rigorous coursework and practical experiences equipped me with the skills and confidence to excel in cybersecurity’s dynamic and ever-evolving landscape and be an effective cybersecurity leader,” says Omar Al Mulhem, OT Cybersecurity Lead at Saudi Aramco and former software engineer at Honeywell.

Why did you apply for the ME in Cybersecurity at Duke? What career goals did you come to Duke with?

I applied for the Master of Engineering in Cybersecurity at Duke University because of its balanced curriculum that integrates technical and leadership skills, which I believe are crucial to advancing my cybersecurity career. My career goals included deepening my technical expertise in cutting-edge cybersecurity, particularly defending industrial control systems (ICS) and operational technology (OT) environments. I also wanted to enhance my leadership abilities to effectively manage and lead security teams in large organizations. Duke’s program flexibility allowed me to complete the degree in a time frame that suited my professional commitments and included a mandatory internship to apply theoretical knowledge in real-world scenarios. The program’s rigorous coursework and practical experiences equipped me with the skills and confidence to excel in cybersecurity’s dynamic and ever-evolving landscape and be an effective cybersecurity leader.

What was your area of interest in the Duke ME in Cyber Program?

My primary interest was defending against advanced persistence threats (APTs) in ICS and OT environments. I was particularly interested in the courses on cloud security, machine learning malware defenses, and ICS/OT security. These areas were critical to my work in securing the infrastructure of one of the largest oil producers in the world. The unique courses offered by Duke aligned perfectly with my professional needs and interests.

How did you find your current job? What is your primary role in the company?

I would argue that finding my current job was a result of networking and effective marketing of my skills and certifications. I genuinely believe that building a robust professional network is crucial in the cybersecurity industry. I always try to actively participate in industry conferences, workshops, and seminars to allow me to connect with experts and leaders in the field. I also highlight my certifications from reputable institutions like Microsoft, Cisco, and GIAC on professional platforms like LinkedIn. These efforts significantly increased my visibility and opened opportunities for me. My role at Saudi Aramco involves securing and protecting industrial control systems in large oil and gas facilities. As a senior cybersecurity professional, I work alongside a team of talented experts in implementing and maintaining robust security measures, conducting risk assessments, and responding to security incidents, ensuring the resilience of critical infrastructure.

How has your degree helped you prepare for the role?

My Duke degree has significantly enhanced my ability to tackle complex cybersecurity challenges. The advanced technical courses provided me with up-to-date knowledge of the latest security threats and defense mechanisms, especially in ICS/OT and cloud environments. The program’s leadership and project management components equipped me with the skills to lead cross-functional teams effectively and manage large-scale security projects.

Can you list some essential skills you gained during the ME program?

Aside from acquiring a solid cybersecurity technical skill, I would say that the most critical skills gained are:

• Leadership and Team Management: The program’s focus on leadership helped me develop critical skills in managing and leading security teams, which is essential for my role in a large organization.
• Research and Analytical Skills: Engaging in research projects, especially those related to MITRE ATT&CK and its application in ICS environments, honed my ability to analyze complex security issues and develop practical solutions.

What advice do you have for other cyber students on having a good internship and job experience?

To have a good internship and job experience, being proactive is essential. Take the initiative to seek out challenging projects and responsibilities during your internship. This approach enhances your learning experience and demonstrates your commitment and drive to your employer. Networking and building relationships are another critical aspect. Connect with professionals in the field, both within and outside your organization. Building a solid professional network can open new opportunities and provide valuable insights and support throughout your career. Additionally, staying updated and continuously learning is vital in the rapidly evolving field of cybersecurity. Keep abreast of the latest trends, technologies, and threats. Seek learning and professional development opportunities to keep your skills relevant and sharp. By being proactive, building strong professional relationships, and committing to continuous learning, you can maximize your chances of having a successful internship and a rewarding career.