The Oil & Gas industry plays a critical role in Kuwait’s national economy, an industry heavily targeted nationally and regionally by global threat actors. The Oil and Gas industry consists of upstream, midstream, and downstream companies that must all be protected as part of the national critical infrastructure. The opportunity to have a common Cyber Security Framework between the leading National O&G companies held significant value. This session details the journey in building consensus on common security objectives and the development of a unified governance framework for the Kuwaiti Oil & Gas sector (based on leading industry practices such as NIST, ISO 27001, etc.), providing a way to standardize the required cyber security practices, assess current cyber security maturity and a roadmap to strengthen the ultimate cyber security posture for the sector.