A practitioner first.
An advisor second.

Two decades at the intersection of IT, operational technology, and audit led Shahid Ahmed to one conclusion: cybersecurity isn't a discipline — it's a translation problem. Boards speak risk. Engineers speak operations. Auditors speak frameworks. Most organizations don't lack tools; they lack someone fluent in all three. Singleclick.ae is the practice built around that thesis.

He started in ERP and IT operations in the late 1990s, moved into OT security audits at an oil refinery in 2006 — the kind of work that puts you on a plant floor reading SCADA logs at 2 a.m. — and then spent two years at Ernst & Young building IT/OT strategy and SAP GRC programs across multiple sectors.

Since 2011 he has led cybersecurity assurance, GRC, and digital assurance at the Dubai Electricity & Water Authority. The work there includes the first integrated SAP GRC implementation in the Middle East (AC, PC, RM), the design of an ISO 37301-aligned compliance framework, and — more recently — embedding AI and Copilot into audit operations to cut cycle time by a quarter.

He holds 30+ certifications, including the GICSP, ISA/IEC 62443 Expert, OSCP, CISSP, CISA, CIA, and CISM. He has been recognized eight times with divisional awards at DEWA between 2016 and 2023, and received the Dubai Medal in 2015.

Through Singleclick.ae, he now takes selective independent advisory engagements with organizations that need senior, hands-on cybersecurity counsel — particularly utilities, energy companies, government bodies, and enterprises running SAP or substantial OT estates.