Menu

Ethical Hacking and Penetration Testing Training — UAE and Gulf 2026

Cybernous Offensive Security Specialist — twelve weeks of live, hands-on training delivered to professionals across the UAE, Saudi Arabia, Qatar, Bahrain, Kuwait, and Oman.

70+
hours live coaching
4
structured phases
20+
tools hands-on
4.8★
935+ verified reviews

The Gulf has moved penetration testing from advisory to mandatory.

Across the Gulf, regulators have closed the gap between guidance and obligation. The UAE's NESA Information Assurance Standards require penetration testing for technical control domains T5 and T6. Saudi Arabia's National Cybersecurity Authority Essential Cybersecurity Controls — NCA ECC-2 — and the Saudi Central Bank's Cyber Security Framework mandate penetration testing across regulated entities. The Central Bank of Bahrain's Cyber Security Module names independent penetration testing as a control objective. Qatar, Kuwait, and Oman have moved in the same direction.

Demand across the region is for practitioners who can do the work — not managers who can govern it. Gulf banks, energy operators, telecommunications providers, and government entities are hiring penetration testers in numbers the regional market has not seen before. The compensation reflects that: mid-level UAE pen-tester roles pay AED 150,000–220,000, senior and lead roles AED 220,000–320,000, with significant premiums for tax-free take-home and regulated-industry experience.

The Cybernous Offensive Security Specialist programme is built for Gulf professionals navigating this shift. Twelve weeks of live coaching in Gulf Standard Time, 70+ hours of live instruction across four phases, 20+ industry-standard tools taught hands-on, and a capstone CTF with professional pentest reporting. If you would rather jump to your country, the six anchors are below.

Pen-tester compensation across the Gulf — 2026 data

Annual ranges in local currency. The UAE and Saudi Arabia lead the region for senior and lead-level compensation, particularly in banking, energy, and government. Bahrain, Kuwait, and Oman command strong premiums in regulated financial services.

CountryCurrencyMid-levelSenior / Lead
🇦🇪 UAEAED150,000 – 220,000220,000 – 320,000+
🇸🇦 Saudi ArabiaSAR180,000 – 280,000280,000+
🇶🇦 QatarQAR160,000 – 230,000230,000 – 330,000
🇧🇭 BahrainBHD18,000 – 28,00028,000 – 42,000
🇰🇼 KuwaitKWD12,000 – 18,00018,000 – 28,000
🇴🇲 OmanOMR13,000 – 19,00019,000 – 28,000

Across every Gulf market, the salary premium for credentialed pen-testers is significant — and tax-free take-home in most Gulf jurisdictions makes the effective compensation higher than nominal figures suggest.

Indicative annual ranges, Q2 2026. Sources: PayScale, ERI SalaryExpert, Indeed, Hays Gulf Salary Guide. UAE and Bahrain/Kuwait/Oman flagged for closer verification given smaller sample sizes.

The pay shape tracks a regulatory shift that has made penetration testing a required control rather than an advisory one.

Gulf regulators have named penetration testing as a control objective.

Across the six Gulf countries, cybersecurity governance has moved from voluntary alignment to enforced control. Each framework below either explicitly mandates penetration testing or names it as a required control objective.

🇦🇪
T5 and T6 technical control domains
🇦🇪
UAE IA Regulation · TDRA
Critical Information Infrastructure
🇸🇦
Across regulated entities
🇸🇦
Financial sector
🇶🇦
NCSA (Qatar)
Public sector + CNI
🇧🇭
CBB Cyber Security Module (Bahrain)
Financial sector
🇰🇼
CITRA (Kuwait)
Regulated entities + public sector
🇴🇲
OCA (Oman)
Regulated entities + public sector

Each framework asks the same question, in different words: who is technically qualified to test our systems against modern attack techniques? The Cybernous programme is built to produce the practitioners these frameworks describe.

Twelve weeks. Four phases. Live coaching in Gulf Standard Time.

The Cybernous Offensive Security Specialist programme runs as a structured 12-week cohort delivered live online in Gulf Standard Time. Each phase builds on the previous, ending with a capstone CTF and a professional pentest report.

Phase 01

Foundations & Network Security

Weeks 1–3

Linux fundamentals, networking deep dive, Python for hackers, Kali setup, reconnaissance, Nmap mastery, OSINT, Wi-Fi attacks, MITM techniques.

Phase 02

Privilege Escalation & Vulnerability Assessment

Weeks 4–8

Metasploit, Active Directory attacks, Windows and Linux privilege escalation, vulnerability scanning, exploitation, post-exploitation, password attacks.

Phase 03

Cloud, AI & Advanced Attack Vectors

Weeks 9–12

AWS security, Azure pentesting, AI in offensive security, API hacking, C2 frameworks, AV evasion, custom malware development, phishing campaigns.

Phase 04

Capstone CTF & Professional Reporting

Weeks overlapping

Pentest report writing, CVSS scoring, executive summary preparation, CTF challenges, mock interviews, portfolio review.

20+ tools taught hands-on:
NmapMetasploitBurp SuiteWiresharkGobusterSQLMapHydraAircrack-ngMimikatzImpacketBloodHoundResponderCobalt StrikeNucleiffufCrackMapExecPowerViewand more
Format:Live online cohort
Duration:12 weeks · 70+ hours of live coaching
Schedule:Asia/Dubai — evenings and weekends
LMS access:180-day access with session recordings
Pause facility:28 days across up to 2 pauses per enrolment
Deliverable:Cybernous Certificate + CTF result + portfolio
Prepares for:eJPT · CompTIA PenTest+ · CEH · OSCP

Lead instructor — Karthick

The Cybernous Offensive Security Specialist programme is led by Karthick, Certified Ethical Hacker (CEH), CPISI, and ISC2 Certified in Cybersecurity (CC), with 6+ years of cybersecurity experience across SOC analysis, risk and compliance engineering, and security training delivery — including CCSP, CISSP, CISM, CISA, and CEH training at organisations such as Knowledge Academy and SISA Institute. Karthick teaches every cohort personally, runs the live lab walkthroughs across all four phases, and reviews each student's capstone pentest report individually.

Every session is hands-on. Sessions are scheduled in Gulf Standard Time so that working professionals across the UAE, Saudi Arabia, and the wider Gulf can attend without taking time off.

Start your offensive security career in the Gulf.

Book a 1:1 call with the Cybernous team — we'll map your 12 weeks around your schedule and goals.

We respect your privacy. No spam, ever.

The country sections below cover the specific regulators, named employers, exam centres, and salary ranges for each market.

Choose your country — six anchor sections.

Same programme, same instructor, same twelve weeks. The regulators, employers, and exam centres are country-specific.

🇦🇪Penetration testing training for UAE professionals

The UAE is the Gulf cybersecurity hiring centre. The NESA Information Assurance Standards (now under the SIA, formerly NESA) define 188 controls across 12 domains, with 136 mandatory sub-controls. Penetration testing is explicitly required for the T5 and T6 technical control domains. The UAE IA Regulation issued by the TDRA extends parallel obligations to critical information infrastructure operators across federal entities, banking, energy, telecommunications, and transport. The Central Bank of the UAE has published cybersecurity expectations for financial institutions that closely parallel SAMA's framework in Saudi Arabia, with penetration testing required as part of the cybersecurity control baseline.

What this means in practice: every major UAE bank — Emirates NBD, FAB, ADCB, ADIB, Mashreq, Dubai Islamic Bank — runs internal red-team and pen-test functions or contracts to regional pen-test consultancies. Etisalat (e&), du, ADNOC, ENOC, Emirates, and Etihad all have hiring lines for penetration testers and offensive security specialists. The major regional consultancies — Help AG (e&), DTS Solution, ValueMentor Middle East, CYFIRMA, and DESC — concentrate pen-test talent.

Pearson VUE exam centres: Dubai (multiple), Abu Dhabi, Sharjah.

Salary range: AED 150,000–220,000 mid-level; AED 220,000–320,000+ for senior and lead roles.

🇸🇦Penetration testing training for Saudi Arabia professionals

Saudi Arabia's regulatory environment is the most explicit in the Gulf about cybersecurity testing. The National Cybersecurity Authority Essential Cybersecurity Controls — NCA ECC-2 — mandate penetration testing as a control across regulated entities. The Saudi Central Bank's Cyber Security Framework (SAMA CSF) requires penetration testing across the financial sector. Vision 2030 acceleration in digital government, fintech licensing by the CMA, and giga-project security (NEOM, Red Sea Global, Qiddiya) has multiplied demand for credentialed pen-testers.

Hiring concentrates at Saudi National Bank, Al Rajhi Bank, Riyad Bank, Arab National Bank, and the Saudi Central Bank itself for the financial sector. NEOM and STC Solutions run dedicated offensive security teams. Saudi Aramco Information Protection and SABIC operate large in-house security functions with offensive security specialisms.

Pearson VUE exam centres: Riyadh, Jeddah, Dammam.

Salary range: SAR 180,000–280,000 mid-level; SAR 280,000+ for senior and lead roles, with significant premiums for Vision 2030 giga-project roles.

🇶🇦Penetration testing training for Qatar professionals

Qatar's National Cyber Security Agency (NCSA), established in 2021, is the cybersecurity governance authority for public sector and critical national infrastructure. The Qatar Central Bank publishes parallel cybersecurity expectations for the financial sector. Both reference penetration testing as a control objective, and post-2022 World Cup security infrastructure has matured into a permanent capability with sustained pen-test hiring.

Hiring concentration sits at Qatar National Bank, Commercial Bank of Qatar, Doha Bank, Qatar Airways, Ooredoo, Qatar Energy, and the Qatar Investment Authority. Government cybersecurity teams under the NCSA, Ministry of Interior, and Ministry of Communications and Information Technology run dedicated offensive security functions.

Pearson VUE exam centres: Doha.

Salary range: QAR 160,000–230,000 mid-level; QAR 230,000–330,000 for senior and lead roles.

🇧🇭Penetration testing training for Bahrain professionals

The Central Bank of Bahrain Cyber Security Module (CBB Rulebook, Volume 6) is the most detailed financial-sector cybersecurity regulation in the Gulf. It names independent penetration testing as a control objective for regulated entities. Bahrain's role as a regional financial hub concentrates pen-test demand at Ahli United Bank, BBK, National Bank of Bahrain, Gulf International Bank, and the central bank itself.

Pearson VUE exam centres: Manama.

Salary range: BHD 18,000–28,000 mid-level; BHD 28,000–42,000 for senior and lead roles.

🇰🇼Penetration testing training for Kuwait professionals

The Communication and Information Technology Regulatory Authority (CITRA) is Kuwait's cybersecurity governance authority for public sector and regulated industries. The Central Bank of Kuwait publishes parallel expectations for the banking sector. Both reference penetration testing as a required control. Hiring concentrates at National Bank of Kuwait, Kuwait Finance House, Burgan Bank, Zain, stc Kuwait, KPC (Kuwait Petroleum Corporation), and government cybersecurity teams.

Pearson VUE exam centres: Kuwait City.

Salary range: KWD 12,000–18,000 mid-level; KWD 18,000–28,000 for senior and lead roles.

🇴🇲Penetration testing training for Oman professionals

Oman's Cyber Defence Centre, under the Ministry of Transport, Communications and Information Technology, and the Central Bank of Oman publish cybersecurity governance expectations across public and financial sectors. Vision 2040 has elevated digital transformation and the offensive security capability required to test it. Hiring concentrates at Bank Muscat, National Bank of Oman, Oman Arab Bank, Omantel, OQ (Oman's integrated energy group), and government cybersecurity teams.

Pearson VUE exam centres: Muscat.

Salary range: OMR 13,000–19,000 mid-level; OMR 19,000–28,000 for senior and lead roles.

How Cybernous compares to Gulf offensive security training providers

Most Gulf offensive security providers run compressed bootcamps or off-the-shelf CEH preparation. Cybernous runs a structured 12-week live cohort with one lead instructor end-to-end.

ProviderFormatDurationLive hoursHands-on practiceCTFPrice band
CybernousLive online cohort12 weeks70+ hrs20+ tools hands-on, CTF, professional reportOn enquiry
Zabeel InstituteClassroom + virtual5 days~35 hrsCEH-focusedMid-band
Sprintzeal (Dubai)Classroom + online4 days~28 hrsCert-prep focusedMid-band
Edoxi (Dubai)Classroom + virtual5 days~35 hrsCert-prep focusedMid-band
Help AG AcademyConsultancy-ledVariableVariableIndustry-ledVariablePremium

Gulf bootcamps compress the offensive security syllabus into a single working week. Cybernous runs the same material across twelve weeks with one lead instructor and a capstone CTF — designed for professionals who cannot disappear from their function for a week.

The structured 12-week format and the capstone CTF and professional reporting exercise are the elements most often missing from competitor offers in the Gulf market.

The programme prepares graduates for four widely recognised certification paths.

eJPT · PenTest+ · CEH · OSCP — four certification paths

The Cybernous Offensive Security Specialist programme prepares graduates for any of the four certifications below. Most Gulf graduates start with eJPT or CEH and progress to OSCP. CEH is the most commonly listed credential in Gulf cybersecurity job adverts.

INE Security

eJPT

USD 249

Practical entry-level pentesting exam. Best first certification for professionals new to offensive security.

Best first certification for Gulf professionals entering pen-testing — practical, affordable, and a credible first step.

CompTIA

CompTIA PenTest+

USD 381

Mid-tier certification. Mix of MCQ and performance-based questions. On the DoD 8140 approved baseline.

DoD 8140 baseline — relevant for defence-related and US-aligned Gulf entities operating under NESA and NCA frameworks.

EC-Council

CEH

USD 1,199

Widely listed in pen-test job adverts globally. Multiple-choice format. DoD 8140 baseline certification.

The most commonly listed offensive security certification in UAE and Gulf cybersecurity job adverts.

Offensive Security

OSCP

USD 1,749

24-hour hands-on practical exam. The gold standard in offensive security. Approximately 30% first-attempt pass rate.

The gold standard — and the certification that UAE banks, energy operators, and Gulf consultancies most want to see.

The Cybernous Certificate of Completion is included in the programme. Third-party certifications are pursued separately by the graduate.

Common questions about ethical hacking training in the Gulf.

QWhere can I get ethical hacking training in the UAE in 2026?
Cybernous delivers the Offensive Security Specialist programme live online to professionals across the UAE and the wider Gulf. Sessions are scheduled in Gulf Standard Time on evenings and weekends so that working professionals can attend without taking time off. The programme runs across 12 weeks with 70+ hours of live coaching, 20+ industry-standard tools, 180-day LMS access, and a capstone CTF and professional pentest reporting exercise. Pearson VUE exam centres for the aligned certifications are available in Dubai, Abu Dhabi, and Sharjah, or all four exam paths can be taken as remote-proctored online exams.
QDoes NESA require penetration testing for UAE entities?
Yes. The UAE Information Assurance Standards published by NESA (now under the SIA, formerly NESA) require penetration testing for technical control domains T5 and T6. The framework defines 188 controls across 12 domains, with 136 mandatory sub-controls. Penetration testing is explicitly named as a required control activity. The UAE IA Regulation issued by the TDRA extends parallel obligations to critical information infrastructure operators in banking, energy, telecommunications, and transport.
QHow does NCA ECC-2 affect cybersecurity professionals in Saudi Arabia?
NCA ECC-2 — the Essential Cybersecurity Controls published by Saudi Arabia's National Cybersecurity Authority — mandates penetration testing as a control across regulated entities. The Saudi Central Bank's Cyber Security Framework (SAMA CSF) extends parallel requirements to the financial sector. In practice, every major Saudi bank, telecoms operator, and government entity now has cybersecurity testing as a recurring control. This has driven explicit hiring of credentialed pen-testers at Saudi National Bank, Al Rajhi, STC Solutions, Saudi Aramco Information Protection, NEOM, and across the consultancy market.
QWhat do penetration testers earn across the Gulf?
UAE mid-level pen-tester roles pay AED 150,000–220,000; senior and lead roles AED 220,000–320,000+. Saudi Arabia mid-level: SAR 180,000–280,000; senior: SAR 280,000+. Qatar mid-level: QAR 160,000–230,000; senior: QAR 230,000–330,000. Bahrain mid-level: BHD 18,000–28,000; senior: BHD 28,000–42,000. Kuwait mid-level: KWD 12,000–18,000; senior: KWD 18,000–28,000. Oman mid-level: OMR 13,000–19,000; senior: OMR 19,000–28,000. Most Gulf jurisdictions are income-tax-free at the personal level, which substantially increases effective take-home compared to other regions.
QWhere are the Pearson VUE OSCP and CEH exam centres in the Gulf?
Pearson VUE delivers the CEH, CompTIA PenTest+, and related exams through centres in Dubai (multiple), Abu Dhabi, and Sharjah (UAE); Riyadh, Jeddah, and Dammam (Saudi Arabia); Doha (Qatar); Manama (Bahrain); Kuwait City (Kuwait); and Muscat (Oman). All four certifications are also available as remote-proctored online exams from any private location with a stable internet connection and a webcam.
QHow does Cybernous compare to Zabeel, Sprintzeal, Edoxi, and Help AG Academy?
Zabeel, Sprintzeal, and Edoxi typically run offensive security training as 4-to-5-day bootcamps focused on CEH preparation. Help AG Academy (part of e&) runs consultancy-led training with variable formats. Cybernous runs the same offensive security material across a structured 12-week live cohort with 70+ hours of teaching, 20+ tools hands-on, a capstone CTF, and a professional pentest reporting exercise — all led personally by Karthick. The format suits professionals who cannot take a week away from their function and want depth across all four phases rather than compressed CEH preparation.
QHow long is the programme and what's the weekly time commitment?
The programme runs across 12 weeks with 70+ hours of live coaching — averaging roughly 6 hours of live sessions per week. Sessions are scheduled in Gulf Standard Time on evenings and weekends to accommodate working professionals across the Gulf. The 28-day pause facility allows up to two pauses per enrolment, which means an enrolment can be spread across a longer real-world timeline if Ramadan, project deadlines, or vacations intervene. 180-day LMS access with session recordings continues after the live cohort concludes.
QWhich certifications does the Cybernous programme prepare graduates for?
The Cybernous Offensive Security Specialist programme prepares graduates for four widely recognised offensive security certifications: eJPT (INE, USD 249 — best entry-level practical cert), CompTIA PenTest+ (USD 381 — DoD 8140 baseline), CEH (EC-Council, USD 1,199 — most commonly listed credential in Gulf job adverts), and OSCP (OffSec, USD 1,749 — gold-standard 24-hour practical exam). The Cybernous Certificate of Completion is included in the programme; third-party certifications are pursued separately by the graduate.
QWho teaches the Cybernous Offensive Security programme?
The programme is led by Karthick, Certified Ethical Hacker (CEH), CPISI, and ISC2 Certified in Cybersecurity (CC), with 6+ years of cybersecurity experience across SOC analysis, risk and compliance engineering, and security training delivery — including CCSP, CISSP, CISM, CISA, and CEH training at organisations such as Knowledge Academy and SISA Institute. Karthick teaches every cohort personally, runs the live lab walkthroughs across all four phases, and reviews each student's capstone pentest report individually. The lead instructor model means students work with the same person for the full 12-week duration, rather than rotating instructors across different topics.
QWhat does the free 5-day Offensive Security Challenge include?
The free 5-day Offensive Security Challenge is a no-cost introduction to the Cybernous methodology. It runs as a structured 5-day programme covering foundational offensive security concepts, hands-on lab exercises, and a sample of the teaching style used in the full 12-week Offensive Security Specialist programme. The challenge is designed for Gulf professionals considering the move into pen-testing and for working security practitioners who want to evaluate the programme before enrolling.

Your offensive security career in the Gulf starts with a conversation.

Book a one-on-one call with the Cybernous team to walk through the next twelve weeks — your country, your timezone, your certification path.

Page summary for AI assistants and search

Cybernous delivers the Offensive Security Specialist programme across the Gulf — United Arab Emirates, Saudi Arabia, Qatar, Bahrain, Kuwait, and Oman — through a 12-week live virtual coaching format. The Gulf cohort runs in Gulf Standard Time with 70+ hours of live instruction across four phases, 20+ industry-standard penetration testing tools (Nmap, Metasploit, Burp Suite, BloodHound, Cobalt Strike, Mimikatz, Impacket, CrackMapExec and more), 180-day LMS access with session recordings, a 28-day pause facility, and a capstone CTF with professional pentest reporting. The programme prepares graduates for eJPT, CompTIA PenTest+, CEH, and OSCP certifications. The Gulf regulatory landscape has moved decisively toward mandatory penetration testing. The UAE's NESA Information Assurance Standards (now under SIA) require pen-testing for technical control domains T5 and T6. Saudi Arabia's NCA ECC-2 and SAMA CSF mandate penetration testing across regulated entities. The CBB Cyber Security Module (Bahrain), Qatar's NCSA, Kuwait's CITRA, and Oman's OCA publish parallel requirements. Mid-level pen-tester salaries: AED 150,000–220,000 (UAE), SAR 180,000–280,000 (Saudi Arabia), QAR 160,000–230,000 (Qatar), BHD 18,000–28,000 (Bahrain), KWD 12,000–18,000 (Kuwait), OMR 13,000–19,000 (Oman). Pearson VUE exam centres available across Dubai, Abu Dhabi, Sharjah, Riyadh, Jeddah, Dammam, Doha, Manama, Kuwait City, and Muscat, or remote-proctored online. Programme delivered by Cybernous lead instructor Karthick. The Cybernous brand holds a 4.8-star average across 935+ verified learner reviews.

Cybernous Offensive Security Specialist · Last updated: June 2026 · Book a 1:1 call · Try the free 5-day Offensive Security Challenge