Booz Allen Commercial delivers advanced cyber defenses to the Fortune 500 and Global 2000. We are technical practitioners and cyber-focused management consultants with unparalleled experience – we know how cyber-attacks happen and how to defend against them.
Our strategy and technology consultants have empowered our international clients with the knowledge and experience they need to build their own local resources and capabilities.
In facing challenges of modernization, our Middle East and North Africa clients have complex requirements that benefit from our proven experience in guiding major programs and projects for governments and private-sector organizations. The services we offer in UAE, Qatar, Egypt, Turkey, Kuwait, Morocco, Jordan, and other regional countries build on our consulting legacy.
Our clients call upon us to work on their hardest problems—delivering effective health care, protecting warfighters and their families, keeping our national infrastructure secure, bringing into focus the traditional boundaries between consumer products and manufacturing as those boundaries blur.
Booz Allen was founded on the notion that we could help companies succeed by bringing them expert, candid advice and an outside perspective on their business. The analysis and perspective generated by that talent can be found in the case studies and thought leadership produced by our people.
Explore our featured teams and missions. Search openings and find out how you can support our meaningful missions.
Continue your mission with us. Get advice from our recruiting team, and browse our FAQs.
Seeking an internship or entry-level position? Learn about the impact you can make on our team.
Find out more about our application process, explore our benefits, and review our FAQs.
Learn more about Booz Allen's diverse culture and environment of inclusion that fosters respect and opportunity for all employees.
Our 26,300 engineers, scientists, software developers, technologists, and consultants live to solve problems that matter. We’re proud of the diversity throughout our organization, from our most junior ranks to our board of directors and leadership team.
Booz Allen takes pride in a culture that encourages and rewards the many dimensions of leadership—innovative thinking, active collaboration, and personal service. We’re particularly proud of the diversity of our Leadership Team and Board of Directors, among the most diverse in corporate America today.
As the MENA region continues to develop technologically, cyber attacks targeting government and private sector entities are increasing in parallel.
While basic attack mechanisms including phishing, denial-of-service, and credential compromise remain common, more sophisticated cyber threats driven by the growing prevalence of artificial intelligence (AI), social media, and the Internet of Things (IoT) are creating new attack vectors and mechanisms that threaten the safety and security of both organizations and citizens. Consequently, there is an urgent need to anticipate and plan for this evolving cyber environment and while leveraging best practices to combat emergent cyber threats. Booz Allen Hamilton’s 2019 MENA Cyber Threat Outlook Report highlights the imperative of evolving cybersecurity approaches away from its traditional focus on security compliance and instead moving towards a holistic culture of proactive security across the entire enterprise environment.
The 2019 MENA Cyber Threat Outlook Report outlines the following recommendations for proactive defense based on emergent threat trends:
The growing availability and deployment of AI technology, while providing numerous benefits, has also given rise to an array of new or more sophisticated cyber threats, perhaps most notably so-called “deepfake” videos that exploit AI systems to create believable—but fake—videos depicting individuals saying or doing things that never occurred. These videos can spread false, misleading information that is used to discredit or damage the reputations of brands and organizations. Cybersecurity and information technology (IT) teams must monitor their threat environments to proactively identify and escalate potential threats in partnership with enterprise risk management teams to help prevent the spread of misinformation threats. These teams must also engage with organization leadership in awareness and crisis response training to practice managing reputational risks associated with the fallout from these and other reputational attacks.
The rapid expansion of mobile applications, digital payments, and e-commerce platforms in the MENA region is encouraging cybercriminal organizations to find new ways to monetize their trade, which includes not only financial fraud but also the theft of sensitive information belonging to private sector companies and customers. In 2018 for example, cyber threat actors accessed customer data belonging to the regional ride-hailing service Careem, which affected an estimated 14 million users across the Middle East. To help avoid catastrophic data breaches, it is imperative for organizations to secure and encrypt databases, conduct regular vulnerability and compliance scans, and implement data-loss protection programs and identity access management to identify and track access records for accounts and data.
Attacks against critical national infrastructure (CNI) entities are increasingly attractive for state-sponsored attackers. Cyber espionage incidents are increasing in the United States and around the world, as evidenced by recently discovered probes targeting dams and water facilities, telecommunications infrastructure, energy companies, and government institutions, among others. Regionally, hackers have successfully attacked energy and petrochemical facilities, most notably in the Triton and ongoing Shamoon attacks. Likewise, cybercriminals are also interested in targeting and acquiring the industrial tradecraft secrets and intellectual capital held by private sector CNI companies, which are increasingly lucrative targets. CNI organizations should work to secure systems from the ground up to include a focus on multi-layered network segmentation, network security monitoring, secure-by-design principles, and supply chain visibility to protect infrastructure from compromise.
As threat actors continue to more capably obfuscate their attacks, frustrating attribution efforts, the risks associated with misattribution of attacks—especially in politically charged geopolitical environments—is rising. Government strategies of naming and shaming suspected hackers and responsible states, while designed to deter cyber attacks, run the risk of inflaming or escalating tensions. Confused or incomplete attribution reports, which can suffer from confirmation bias or a conflation of tool use with adversary identity, could likewise cause state-sponsored hackers or cybercriminals to retaliate against adversaries. As such, entities should employ caution when attributing cyber attacks to specific actors and, in the aftermath of events, focus on incident response and remediation activities before pursuing attribution, especially in a public environment.
Increasing device connectivity and deployment is facilitating a broader cyber attack surface and new vulnerabilities in IT infrastructure. Wireless routers remain a prime entry point into IT infrastructure because of weak passwords and lax security controls that allow hackers an ingress point and network foothold. This access can then be exploited to infect IoT devices including smart televisions, internet-connected cameras, printers, kitchen appliances, electronic home assistant devices, and more. Infected IoT devices can be swept up into botnets for denial-of-service and other attacks. To help protect these networks, investment in strict security practices is key, including updating software and implementing patches, conducting regular vulnerability and compliance scans of enterprise networks, and implementing strong password policies to secure routers and other network devices.