Speakers To Watch At Black Hat MEA 2025: H.I.G. Capital’s Marcos Marrero

The who's who of the global cybersecurity landscape is coming together in Saudi Arabia for the fourth edition of Black Hat MEA, running from December 2-4, 2025, in Riyadh. And joining the list of cybersecurity experts on stage will be Marcos Marrero, Chief Information Security Officer (CISO) at H.I.G. Capital, a leading global alternative investment firm with over US$70 billion in assets under management and offices across North America, South America, Europe, the Middle East, and Asia.

With a mandate to protect the firm’s global digital ecosystem, Marrero's role includes safeguarding information assets, ensuring operational resilience, and enabling secure growth across the firm’s portfolio companies. “At H.I.G., cybersecurity is not treated as a compliance checkbox or an information technology (IT) function—it is a strategic business enabler," he explains. "My role involves aligning cybersecurity with the firm’s investment objectives, overseeing governance and risk management frameworks, and ensuring that security contributes directly to enterprise value creation. Ultimately, my responsibility is to preserve investor trust in an increasingly complex digital and geopolitical landscape.”

For Marrero, one of the most persistent misconceptions about cybersecurity is that it is a technical challenge, whereas it is in fact a strategic and cultural discipline. As he explains it, while technology plays a critical role, the real resilience comes from leadership commitment, government maturity, and organizational awareness. “Cybersecurity succeeds when it becomes part of the company’s DNA—not when it is viewed as a separate department,” Marrero declares. “Another common misconception is that compliance equals security. Compliance provides a baseline, but true security requires continuous adaptation to an evolving threat landscape. Attackers don’t operate according to audit cycles—they exploit complacency.”

And that complacency poses a significant threat to organizations today, with the convergence of artificial intelligence (AI), automation, and digital interdependence rapidly transforming the cybersecurity landscape around the world. “We have entered an era where both attackers and defenders are leveraging AI—threat actors are using it to scale social engineering, automate attacks, and evade detection, while defenders are using it for predictive analytics, threat intelligence, and autonomous incident response,” Marrero says. “The next frontier will be securing AI itself—ensuring the integrity of models, data, and decision-making processes. As organizations embed AI deeper into business operations, protecting these systems will become as critical as securing networks or applications.”

But it’s not just AI that is increasing threats for organizations; Marrero also points to the risks that the cloud-based economy poses as it continues to expand the attack surface across industries. “Complex digital supply chains and interconnected systems require a zero-trust mindset, continuous validation of identities, and real-time monitoring of third-party relationships," he points out. "In industries like private equity, where sensitive deal data and financial information flow continuously, cyber risk has become synonymous with business risk—directly influencing valuation and market confidence.”

As threats rise, Marrero notes that innovation and investment in the industry are increasing in tandem, particularly as boardrooms increasingly realize the financial losses that cyberthreats pose to their organizations. This, in turn, is opening the door for the development of new types of cybersecurity models. “The most exciting innovation frontiers lie at the intersection of AI, behavioral analytics, and quantum computing," he says. "We’re moving toward predictive, intelligence-led defense models that can detect and neutralize threats before they materialize.” Marrero also believes that there is tremendous opportunity in cyber risk quantification, or translating security performance into financial metrics that business leaders can then act upon. “As the discipline matures, we will see cybersecurity move even further into the boardroom, influencing investment decisions, valuations, and strategy at the highest levels,” he adds. 

Commenting on his upcoming visit to this year's Black Hat MEA, Marrero notes that the cybersecurity landscape in the Middle East, and particularly in Saudi Arabia, is “advancing at an exceptional pace,” with the region becoming a producer of innovation in cybersecurity. “Under Vision 2030, national investment in digital infrastructure and cyber resilience has created an ecosystem where innovation, regulation, and capability-building are moving in tandem," he says. "The region has transitioned from being a consumer of cybersecurity technology to becoming a source of innovation, exporting secure-by-design frameworks for financial services, smart cities, and industrial transformation. This dual global-regional dynamic underscores a broader truth: cybersecurity is no longer a defensive necessity but a strategic enabler of trust, innovation, and growth.” 

Marrero adds that, as Saudi Arabia experiences a digital transformation of a magnitude that few others can match, its exposure to diverse threats from both the East and the West is further bolstering its defenses. “Through Vision 2030, the Kingdom is building digital infrastructure, regulatory frameworks, and a skilled workforce that rivals the most advanced economies,” he explains. “What sets Saudi Arabia apart is the alignment between vision, investment, and execution. The government has established forward-looking cyber policies, private enterprises are rapidly adopting advanced technologies, and the academic ecosystem is producing the next generation of cybersecurity talent. The result is a high-velocity innovation environment where ideas move from concept to implementation faster than in many mature markets. Moreover, the Kingdom’s strategic position—bridging the East and the West—gives it unique exposure to diverse threat landscapes and global collaboration opportunities. This convergence of scale, ambition, and capability is transforming Saudi Arabia into one of the world’s most dynamic cybersecurity innovation hubs.” 

At Black Hat MEA, Marrero will deliver a talk on the intersection of private equity and cybersecurity, with a focus on how investment strategies are evolving in response to escalating cyber risk, and how firms can leverage security as a competitive differentiator. “My session will explore practical frameworks for integrating cybersecurity into every stage of the investment lifecycle: from due diligence and acquisition to portfolio management and exit," he shares. "The focus will be on building resilience into enterprise value creation, demonstrating how a well-governed cyber program directly influences valuation, regulatory posture, and investor confidence. Attendees will gain insight into how leading investment firms are redefining cyber governance, measuring cyber performance, and using security intelligence to drive smarter business outcomes. The goal is to reframe cybersecurity from a cost of doing business to a catalyst for sustainable growth and trust.” 

Catch Marrero at this year's edition of Black Hat MEA, the world’s largest gathering of cybersecurity professionals, taking place from 2-4 December, 2025, at the Riyadh Exhibition and Convention Center in Malham. Inc. Arabia is a Media Partner for Black Hat MEA; register to attend the event by clicking here. 

Pictured in the lead image is H.I.G. Capital CISO Marcos Marrero. Image courtesy Marcos Marrero.