Speakers To Watch At Black Hat MEA 2025: Carnival Corporation’s Margarita Rivera

The who's who of the global cybersecurity landscape is coming together in Saudi Arabia for the fourth edition of Black Hat MEA, running from December 2-4 2025, in Riyadh, and joining the speakers on stage will be Margarita Rivera, Chief Information Security Officer (CISO) at global cruise and leisure travel operator Carnival Corporation. 

In her current role at Carnival Corporation, which, by the way, is a Fortune 200 company that operates eight brands, over 90 ships, and a global workforce across more than 40 countries, Rivera is tasked with protecting a highly complex environment that combines enterprise IT, marine and operational technology (OT), guest-facing systems, and global supply chains. Together with her team, Rivera manages Carnival Corporation’s cybersecurity strategy, governance, engineering, identity, threat operations, and shipboard security as the company continues its digital transformation across shoreside and fleet operations. “Because our business literally moves across the world, cybersecurity isn’t just an IT function—it’s a mission-critical capability that enables safe operations, protects our guests, and supports the resilience of a global hospitality and travel brand,” Rivera tells Inc. Arabia.

This brings home the point that Rivera says is one of the biggest misconceptions about cybersecurity today, which is that it’s merely an IT problem. “It’s a business risk,” she clarifies. “It impacts safety, operations, revenue, and brand trust.” But Rivera notes that the industry also suffers from other misconceptions, which include the assumption that having more tools automatically equates with better security. “Most breaches happen in organizations that already have dozens of tools—what they lack is integration, visibility, and effective processes,” she points out.

Another mistake, notes Rivera, is business leaders assuming that their organizations are not under threat--rather, “everyone is a target,” she stresses. “Even if you don’t think your data is valuable, your infrastructure is,” she declares. In fact, it is precisely these areas that are shaping the cybersecurity landscape, with Rivera pointing to the rise of artificial intelligence (AI)-driven attacks and automation as rising threats to organizations today. “Threat actors are using AI to scale social engineering, accelerate reconnaissance, and generate more customized, high-velocity attacks," she notes. "It compresses the time defenders have to react."

Rivera also highlights that as hybrid work and software-as-a-service (SaaS) ecosystems expand, identity is becoming the new perimeter, acting as the number one entry point into enterprise environments. Additional challenges can be found in supply chain and third-party risk, with Rivera saying, “Complex vendor ecosystems mean organizations are increasingly breached through partners, integrations, and cloud services rather than direct attacks.”

Other risks, Rivera tells us, come from the convergence of IT and OT security, with industries like maritime, aviation, energy, and manufacturing facing “growing pressure to secure operational technology that was never designed with security in mind.” She adds that geopolitical tension is also increasingly driving cyberactivity, with Rivera noting that regional conflicts and state-aligned actors are increasing both the frequency and the sophistication of targeted attacks around the world.

But while the threats may be rising, so are the opportunities, and Rivera sees the next frontier in cybersecurity being defined in areas such as AI-augmented defense, where AI is used to automate detection, accelerate investigations, and reduce analyst workload. She also points to identity intelligence and zero-trust at scale, particularly in complex global enterprises, as a significant opportunity for innovation. Critically, Rivera tells us that OT security modernization is instrumental to cybersecurity innovation, as it allows organizations to protect critical infrastructure and operational environments where digital and physical systems meet. And finally, she stresses the need for lean, adaptive security programs, telling us that organizations need to rethink slow, traditional security models in favor of rapid learning, continuous assessment, and faster decision cycles.

When it comes to the Middle East, Rivera notes that these trends are often amplified by the region’s rapid digital transformation. “Ambitious national initiatives, emerging mega-projects, and cloud-first strategies create both incredible opportunity and increased exposure,” she says. “The pace of innovation here is exhilarating, and security must match that velocity.” This is why, Rivera adds, the region is primed to become a compelling hub for cybersecurity transformation.

And in that regard, three things stand out for Rivera: the region’s unmatched speed of transformation, its massive, visionary mega-projects, and its strong national investment and leadership commitment. “Saudi Arabia is moving faster than nearly any region in the world in adopting new technologies, building digital infrastructure, and driving innovation," she says. "This creates a natural accelerant for cybersecurity advancement.” This, coupled with initiatives such as NEOM, The Line, and giga-scale development projects creates greenfield environments where next-generation security “can be built from the ground up,” Rivera adds.

Critically, Rivera points to strong investment on the national level and leadership commitment as key to creating the enabling environment for cybersecurity innovation to thrive. “Cybersecurity is treated as a strategic priority—not an afterthought—at a policy, national, and organizational level,” she says. “That level of alignment is rare globally. All of this creates a unique ecosystem where ambition, investment, and talent converge, making the region a powerful force in shaping the future of cybersecurity.” 

At Black Hat MEA 2025, Rivera will take part in a panel discussion titled “Women in Focus: Diversity as a Multiplier,” as well as on a panel in the Executive Summit titled “When Borders Blur and Breaches Escalate.” Plus, in a keynote session, Rivera will discuss “Lean Strategy,” which will focus on how organizations can move faster, learn faster, and build security programs that adapt at the speed of today’s threat landscape. “Traditional strategy models were designed for a slower world," she explains. "They rely on multi-year roadmaps, heavy governance, and rigid planning cycles. But cybersecurity—and business—no longer operate at that pace.”

Through her session then, Rivera will explore topics such as why global giants like BlackBerry, Nokia, and Kodak collapsed, how speed beats size in modern security, why learning cycles need to be shorter than attack cycles, how to build lean, high-velocity, high-impact security programs, and finally, she will walk through the practical steps that CISOs and leaders can implement immediately to combat cyber threats. “Attendees should join if they want to rethink how they build strategy, accelerate decision-making, and lead teams in a world where movement, adaptability, and learning are the true competitive advantages,” she concludes. 

Catch Rivera at this year's edition of Black Hat MEA, the world’s largest gathering of cybersecurity professionals, taking place from 2-4 December 2025, at the Riyadh Exhibition and Convention Center in Malham. Inc. Arabia is a Media Partner for Black Hat MEA; register to attend the event by clicking here.

Pictured in the lead image is Margarita Rivera, CISO, Carnival Corporation. Image courtesy of Margarita Rivera.