Speakers To Watch At Black Hat MEA 2025: Deliveroo’s Derek Cheng

The who's who of the global cybersecurity landscape is coming together in Saudi Arabia for the fourth edition of Black Hat MEA running from December 2-4, 2025 in Riyadh, and joining the roster of speakers is Derek Cheng, Chief Information Security Officer (CISO) at Deliveroo. 

As an executive security leader with over 27 years of experience in cybersecurity and risk management across industry and consulting, Cheng has built and transformed globally diverse cybersecurity teams from the ground up. Having launched his cybersecurity his career as an ethical hacker, Cheng has held roles at Electronic Arts (EA), Deloitte, and Ernst & Young (EY). In 2015, he was appointed as the Security Executive at TalkTalk to transform its security program after the company’s well-publicized data breach.

From Cheng's perspective, one of the major trends that stands out in the current cybersecurity landscape is the recent attacks on the retail industry, “including the likes of Marks & Spencer (M&S), Co-Op, Harrods and Jaguar Land Rover (JLR).” These, he tells us, have made teams such as his at Deliveroo cognizant of the increasing risks to retail business today. As he explains, “Because Deliveroo / DoorDash are also part of the retail industry, it was important for us to understand the tactics, techniques, and procedures (TTPs) they’ve employed as part of their cyber attacks and ensure that we have the appropriate security measures in place to prevent them. For example, one of the key trends we’ve seen is the prolific use of social engineering, including phishing and vishing in order to gain initial access.”

Cheng adds that, to counter these increasing risks and evolving tactics, he believes that innovation in artificial intelligence (AI) can offer many solutions to the industry. “The best cybersecurity use cases I’ve seen for AI are related to Security Operations and Response, including automating incident response, and analyzing massive datasets that would be impossible for humans to process alone. In addition, I see a lot of innovation in risk management/governance, risk, and compliance (GRC), including third-party security, allowing teams to analyze and document risks and policies much faster, and reducing the amount of mundane and repetitive tasks.”

Today, as the MEA undergoes a rapid digital transformation, Cheng notes that the region is, on the one hand, dealing with the challenges that come with being “behind the curve from a tech advancement perspective,” which often results in fewer controls, less visibility, and ultimately, more risk. On the other hand, the region is also undergoing a rapid digital transformation, which is in many cases increasing the attack surface.

In spite of this, he points to the advantages that come with having countries like Saudi Arabia integrate cybersecurity as a key component of their national strategy. As he explains, “Saudi’s national strategy treats cybersecurity as a strategic enabler of its digital and economic transformation. In addition, there has been a strong regulatory push where organisations must comply with cybersecurity controls, data protection, cloud/Internet of Things security, which drives demand for innovation.”

Cheng will deliver two presentations at Black Hat MEA this year, with the first, “Mastering the CISO Maturity Model,” taking place at the Executive Summit. “The CISO role can drastically vary from company to company. This session breaks down the CISO Maturity Model into practical, real-world stages—showing what “maturity” actually looks like today. From strategy and governance to business influence and stakeholder management, you’ll learn how to assess where you are, identify what’s next, and accelerate your growth into a high-impact security leader,” he tells us.

His second presentation, titled “Building a CISO: Choices, Chapters, and Challenges,” will examine what it takes to become a CISO. He explains, “The path to becoming a CISO isn’t linear—it’s shaped by key choices, defining chapters, and hard lessons. This session breaks down how skills, mindset, and pivotal career decisions come together to turn practitioners into impactful security leaders.”

Catch Cheng at this year's edition of Black Hat MEA, the world’s largest gathering of cybersecurity professionals, taking place from 2-4 December 2025, at the Riyadh Exhibition and Convention Center in Malham. Register to attend the event by clicking here.  

Inc. Arabia is a Media Partner for Black Hat MEA.

Pictured in the lead image is Derek Cheng, Chief Information Security Officer (CISO) at Deliveroo. Image courtesy of Derek Cheng.