SSP 006: Karim Hijazi - Sea Cucumbers, Turtles, and Porcupines
Share:
Join the #SSPTribe
Stay informed and engage with the community!
Offensive Security. It’s typically frowned upon in the Cyber Security community…
Unfortunately, “Hack Back” can lead to some serious consequences if the proper safeguards aren’t in place.
How do you gather the right intelligence? Is it time to hack those who are hacking us?
Today we’re speaking with Karim Hijazi, CEO of Previalion as he shares his thoughts behind offensive security.
We’ll unpack his passion towards evolving into the sea urchin or the porcupine in toady’s modern Cyber Security landscape.
You’ll quickly connect with Karim’s unique ability to break down complex concepts into easily digestible metaphors that you can understand and implement in your own security program.
Let’s get into it!
Today’s Guest
Karim Hijazi - Connect
Bio:
Karim has been at the forefront of attacker counterintelligence and infiltration research for the last decade, developing new ways for security teams to clandestinely monitor hackers and anticipate attacks before they happen. Prior to launching Prevailion, Karim was the founder/CEO of Unveillance, an early pioneer in advanced threat intelligence and the first cloud-based data leak intelligence platform.
Karim successfully exited Unveillance in 2012 with an acquisition by Mandiant, and he was then appointed as Mandiant’s new director of intelligence. While at Mandiant, Karim played an important role in that company’s well-known APT1 report released in 2013, which definitively linked the People’s Liberation Army of China to widespread cyber espionage activity against US interests. Mandiant was acquired by FireEye soon after.
During the hacktivist heydays of the early 2010s, Karim engaged in a well-documented battle with the Anonymous offshoot “LulzSec,” after the group compromised an InfraGard database. Karim’s confrontation with the group was featured in Parmy Olson’s book, “We Are Anonymous,” as well as national media like CNN and CNET. During the Arab Spring, Karim also served as a key contributor to the Cyber Security Forum Initiative’s “Project Cyber Dawn Libya,” which provided the first in-depth look at Libyan cyber warfare capabilities and defenses. CSFI’s membership includes military officials, academics and business leaders from the US and around the world.
Over the years, Karim has served as a cybersecurity industry source for many prominent news outlets, including CNN, Fox News, Washington Post, The New York Times, Forbes, CyberScoop and many more.
Before devoting his work full-time to defense and intelligence product development, Karim served as founder at Demiurge Consulting, a counterintelligence and countermeasure consultancy whose clients and collaborations included Coca-Cola, TSYS, Baker Botts LLP, McKesson, Palantir, MIT, Berkeley and Stanford Universities.
Listen to Karim's Podcast, Introverted Iconoclast Here
You’ll Learn:
Offensive Security vs. Defensive security
How to evolve into a Porcupine
How to source intelligence
Boundaries to be aware of when thinking offensively
Should we hack the hackers?
How to pro-actively managing risk to steer away hackers
Resources:
Riverside.fm - How we recorded our virtual interview (Affiliate Link)
Buzzsprout - Our podcast hosting platform (Affiliate Link)
Descript - How we produce the full transcript for our shows (Affiliate Link)
PodMatch - It’s like a dating app for podcasts. If you have a story to tell, PodMatch will connect you to Podcasts where your story is relevant to their audience. (Affiliate Link)
Eddie Thomason: Unlock Yourself: How to Earn the Success Your Were Born to Create (Amazon link) - Professional development book
Equipment I used:
All Links below are amazon affiliate links. These are products that I bought with my own hard earned dollars to create a show/experience that my audience will enjoy. As you can tell, equipment is expensive. These links will help support the show at no additional expense to you. If you have any questions about any of the items and how I use them, email me at eddie@simplysecurepodcast.com.
