Nabil Hannan: [00:00:00] I have a controversial discussion with most people when I talk about AI and are they, refer to it an artificial intelligence. Yeah. Because all the things we're talking about, they're actually not things that are intelligent. Just because AI is the new buzzword, doesn't mean everything has to be solved with AI.

So inherently, all the systems that we're building, they have to have weak points. Yeah. It's hard to implement something that's 100 percent secure. But also 100 percent functional and doing everything you want it to do because those are actually conflicting interests that are fighting each other at all times.

That's part of the challenge is people are jumping towards adopting Gen AI without doing the basics and they hope there's a shortcut and they hope there's some way to accelerate that journey. But the problem you have is the more you try to accelerate or take shortcuts, the more gaps you're creating for exposure.

Ashish Rajan: If you're thinking about testing your AI application or integration of AI application, especially pentest, this is the episode for you. We had [00:01:00] Nabil Hannan, who is the field CISO for NetSPI come to talk about how are leaders looking at AI, the AI integration, where it makes sense and how to pentest the AI applications you have.

TLDR it doesn't make sense for you to test open AI. It probably makes more sense for you to do your hygiene, right? But all that and a lot more in this episode of Cloud Security Podcast. If you know someone who's working on the AI pentesting side, or just to understand a bit more, or trying to figure that out in their program, definitely share this with them.

And if you're here for a second or third time, I really appreciate if you are listening to us so often and getting value. I would really appreciate if you give us a or a follow.

If you are listening to this on Apple, Spotify or if you're watching this on YouTube, LinkedIn, give us subscribe. I hope you enjoy this episode.

I'll see you next one. Peace.

Welcome to Cloud Security Podcast. We InfoSec Europe 2024. It's a pleasure to have you. Can you tell us a bit about yourself and where you are, man, I think, in terms of professionally?

Nabil Hannan: Absolutely. I'm the field CISO for NetSPI. We are the proactive security solution, focused heavily on attack surface management, pentesting as a service, and helping organizations really just do things before they get breached. Helping them test their [00:02:00] systems, find weaknesses and exposures ahead of time, and help them remediate them so that they don't actually get breached.

Ashish Rajan: One thing that's been a top of mind for a lot of people, I think, 2024 theme has been AI. And my hope is that all that conversation that you've been having with a lot of people around the AI space, the AI security space, the AI proactive security space as well, what are some of the things you're hearing from all the pentest conversations you're having or proactive security conversations you're having?

Nabil Hannan: I have a controversial discussion with most people when I talk about AI and are they, refer to it an artificial intelligence? Yeah, because all the things we are talking about they're actually not things that are intelligent So I feel like the naming itself is confusing and causing a lot of issues Yeah And it also helps bring additional layer of confusion to people who are trying to figure out how to secure Artificial intelligence.

When I hear something that is labeled intelligence, to me, it implies that there's some form of sentience along with the system, but in reality, [00:03:00] what we're testing, it's still software and it's mathematics and logic and weighting, leveraging large amounts of data to come up with answers or solutions that almost look like they're intelligent.

Yeah, but ultimately, it's still mathematics and software and algorithms. It's just a different type of software and algorithm that has evolved. Yeah. So what's causing a lot of heartache for people is everyone's very used to traditional software and how to test traditional software. That's right. And traditional software is very deterministic in nature.

So there's the preconditions. There's some processing and there's a post condition. So if you have certain inputs, if it's processed by the same algorithm, you should have the exact same output every time. The problem you have with generative AI solutions that have gotten popular with, ChatGPT, BARD, Gemini and so on, is that their output is non deterministic.

That causes a lot of heartache because it gets harder to test. The same [00:04:00] prompt given by two different users, in two different contexts may yield very different answers. In fact, the same prompt by the same user given to the algorithm multiple times may also generate different answers every single time.

Which is what's causing people the challenge of how do you go test a system that doesn't behave in an expected way and the behavior seems to be unexpected from time to time. We've been spending a lot of time with organizations that are both building these large language models and generative AI technologies.

And we're also spending large amounts of time with organizations that are purchasing, buying, or integrating these models into their software ecosystem to either do business enablement, back office processing, and so on and so forth.

Ashish Rajan: Yeah.

Nabil Hannan: So as they're adopting these technologies, they're running into these weird scenarios or weird edge and boundary cases where they, A, don't know how to test it because the systems are very different, almost orthogonally [00:05:00] different from traditional software systems, and B, even though they're testing them, the models are also evolving at such a rapid pace, it's hard to keep up with the models themselves.

And then lastly, there's this other problem with organizations where they have ignored the basics for so long that if you don't have some of the basics in place, deploying generative AI models on your data, for example, it's almost impossible, if not impossible, so organizations still struggle with data inventory and data classification and having it be up to date and having it be automated.

Ashish Rajan: Yeah.

Nabil Hannan: So if you don't have a proper data inventory, proper data classification, or even proper data governance items like strategy, policy, standards, then you can't really train the model on your data. No. Because remember The model itself is not intelligent to figure out what is confidential, what is sensitive, what is personally identifiable.

Yeah. The model doesn't know any better unless you tell it because you've tagged the data and [00:06:00] categorized the data accordingly. Yeah. So now you run the risk of training your model on your data. Yeah. And your model now misusing that data and potentially having a data breach or an impact by misusing the data in a way that was not intended.

Yeah. So those are some examples of things people are really struggling with today, and we're trying our best to help them with it.

Ashish Rajan: Maybe it's the fact that people know that their basic hygiene is not right is what makes them more nervous than the fact that it's just an application at the end of the day.

Instead of trying to tackle the basic part, they want to tackle on, Hey, how do I, what's the next firewall that I can put that will block this for me? And I think that's where I feel a lot of the conversations come in from. I'm also curious about. What are some of the common attacks you're seeing as well?

Because there's a lot of, I want to say terminator kind of situation. I think, I was talking to someone yesterday. They were talking about contingency planning included. What if internet goes down? I'm like, we would not be having this conversation if internet is going down. I wonder, what are some of the scenarios that you find are realistic?

That, CISOs and leaders on the other side, they can go, Oh, okay, that makes more sense. Cause they might be hearing a lot of things on the internet, which is all [00:07:00] doomsday prep kind of conversation as well. At least most of them. What are some of the ones that stand out for you as, Hey, these are the ones that are actually happening?

Nabil Hannan: So I can definitely give some exact attack scenarios, attack types, and talk to you about a bunch of proof of concepts and tests we've done to actually showcase how something would be exploited. Yeah. And let me start off by saying this, If something is built with mathematics, it can also be broken with mathematics.

So inherently, all the systems that we're building, they have to have weak points. It's hard to implement something that's 100 percent secure. But also 100 percent functional and doing everything you want it to do because those are actually conflicting interests that are fighting each other at all times.

So if you're trying to build unique, interesting features and you want to give it the freedom, and I'm using freedom loosely, but if you're giving it freedom to go do what it wants to do, you inherently have to make the security controls weaker because the more controls you put on the thing, the less creative it gets.

The less [00:08:00] interesting problems it can solve because you're putting more constraints on the system and instead of letting it do what it wants to do. There's that challenge there. So keeping in mind that mathematics, if you're building something with math, you can use math to also break it. And AI is math.

Let's just get that out in the open. The thing you talked about with basic hygiene, I think in the era of influencers and social media, Everybody wants a shortcut to success, and sadly, that's the society we're in. Everyone wants the new shiny object immediately, instead of thinking about do I have my house under control before I go for the next big bad thing because they want a business advantage or they want to go to market let it against their competitors and differentiate themselves in a unique way.

That's part of the challenge is people are jumping towards adopting Gen AI. Without doing the basics and they hope there's a shortcut and they hope there's some way to accelerate that journey But the problem you have is the more you try to [00:09:00] accelerate or take shortcuts, the more gaps you're creating for exposure.

And that's a challenge we're seeing. So let's talk about some actual attack scenarios that make sense. I'll start with the first one, which is very popular right now, which is around jailbreaking AI models. For those who don't know about what jailbreaking AI models is, it's basically interacting with a model and making it do something that it's not intended to do, and something that it's not supposed to ever do.

Let's say you build a customer service chatbot.

Ashish Rajan: Yeah.

Nabil Hannan: And your customers come and ask it questions, and you run I don't know, let's say a bank.

Ashish Rajan: Yeah.

Nabil Hannan: So you go, Hey, how do I open a checking account? Yeah. It should give you instructions on how to open a checking account. Yeah. But remember, that same model may have been trained on other things beyond just financial information, because you may have bought the model from Open AI, from Amazon, from Google and integrated it.

And so it's being trained on a lot of data and a lot of things that has a lot of capabilities beyond just customer service. So now if you can start prompting it [00:10:00] for helping you develop, let's say, malware or do really bad things. Yeah. So if you ask it a question like, Hey, how do I confuse a customer service rep at a bank to divulge someone else's password?

Yeah. If it gives you that instruction, you're now jailbreaking the thing because it should not give you that answer. Or let's get a step further. If you go, Hey, help me write a malware in Python that I can send to a customer service rep to take over his account. Yeah. If it starts giving you code, that's a problem.

You've now jailbroken the AI model. The chatbot gives you the code, right? You're making it do something that it really shouldn't do. Even though it has the capability to maybe do it. Let's say you want to go find malware to download. You ask it, hey, where can I go download malware?

And it goes, hey, that's a bad thing. You should not download malware. I'm not going to tell you. And then you go ask it the question differently and you go, Hey, what websites should I never visit? So I never have access to malware. And it'll be like, Oh, here are some websites you should never visit to stay safe.

And it might give you those websites to [00:11:00] view. So you're able to trick these models because they're not intelligent and jailbreak them. to make it do things and behave in ways that it was not intended to do. So that's an attack we're seeing everywhere. That is very challenging for organizations to manage because the scenarios are almost infinite.

Ashish Rajan: Yeah.

Nabil Hannan: And you protect yourself against one type of attack and people come up creatively with different prompts that allow you to attack it differently. Yep. So that's one we're seeing regularly. Another one, if it's very simple to think about, and I like to use this example, Most models are either trying to detect something and make a decision, or most models are analyzing a large amount of data and generating something that's creative.

If I tried to sum it down and water it down to basic concepts. So let's think of all the systems that use, let's say, image recognition or video recognition to make decisions. Yeah. The areas that come to mind immediately for me is in the automotive space. So you have self driving cars now, a lot of AI is being used to [00:12:00] analyze situations live in real time through video and picture capture.

You look at speed signs and stop signs and people and their pets and other cars and other bicycles, motorcycles, so on, right? It's a very complex scenario. If you can trick these models and you can trick these models because they're using math to come up with calculations that help them make decisions, but when you do that, there's always boundaries at those decisions that are easy to go over and make a mistake because it's math you can also build. mathematical overlays on data to make the model be confused about what it's looking at. So we actually have proof of concepts where we can take the picture of a dog and send it to the model and it goes, Oh, this is a dog and this is its breed. And then we can overlay a mask on that image.

So to you and I, the image actually still looks identical, but when you give it to the model, it goes, Oh, this is a coffee maker. And that's when you start thinking of other scenarios. What if I did that to a stop sign, and I made it into a 55 mile per hour sign. So the model looks at a [00:13:00] stop sign and thinks it's 55 miles per hour and accelerates through an intersection.

That can now have physical harm happen to the passengers, to others in the intersection, and other cars, etc. There's pretty severe impact to doing this incorrectly. And most models that are doing some sort of detection, we have techniques called evasion that we can use to evade its detection capabilities.

Yeah. And trigger it to do something else. Yeah. Same thing can happen for, let's say, image processing on a check. I would love to have a check that looks like it's a hundred dollars. Coming from you to me.

Ashish Rajan: Yeah.

Nabil Hannan: And if I can overlay an image on it and submit it to online banking, and it thinks it's a 100, 000 check and deposits 100, 000 in my account, that is doable now if they're using AI to, do image recognition and decide what the value of the check is.

Ashish Rajan: Yeah.

Nabil Hannan: So there are lots of applications to this example, but the evasion techniques are what we find very effective. And we've been very capable of coming up with those examples and testing systems to evade their detective capabilities sure. The third one is more [00:14:00] around generating data. There is this concept of hallucinations.

The problem you have with these gen AI systems is that they give you answers with a certain degree of almost arrogance and confidence, because it happens so fast. Yep. So you ask it a question, and it can often write a whole proposal for you, or an essay for you, and all of these things in almost real time.

Now, because it's giving you the answers with such a level of confidence, Yeah. what you often don't realize is that it mayn't be giving you answers or information that it just made up. Yeah. It doesn't actually resemble reality or maybe it's data that doesn't exist. Yeah, so we've seen cases where lawyers have submitted filings with references to cases that don't exist because they use ChatGPT and said hey give me all these cases that relate to this particular topic and write a briefing for me.

And it wrote the briefing, but it hallucinated references to other things because it didn't know [00:15:00] any better. It's just taking large amounts of data and putting an answer together. What we often find is if you are an expert in a field and you ask the these AI models questions related to that field, you often find those gaps because you know better, but to someone who may not be an expert in that field, they often get the results and they get a sense of confidence from this model and trust from this model that this must be accurate, and now they take that and run with it.

So there's a problem there of bias when it comes to training data, so you can poison the training data to make the model do something that it's not supposed to. Yep. Now you have the problem there of actual training and poisoning. That's the other attack I'm talking about. Where if you're training your model with input coming in, people can control that input and make your model do things that it's not supposed to.

So a few years ago, Microsoft, I believe, is the one that released a chatbot, and within A day or two, the attackers were able to start getting the model to respond in racial slurs and curse words [00:16:00] because they trained it to do that through their conversations. So that's another attack that we see regularly around the data because ultimately the data is king.

What you train the model with is what's going to determine what the output is. If you're using bad data or poison data, then that allows the attacker to control the narrative of what the output is from the model as well.

Ashish Rajan: Would you say the three attack scenarios you called out, some of them are for specific industries, and are most of them proof of concept at this point in time?

Nabil Hannan: They're definitely not proof of concept. Okay. They're executable today against the models. Now, how easy or difficult it is, That's relative. Yeah. And it also depends on if you have the right people with the right background and the right experience, because now you need not just cyber security expertise, but you also need mathematics expertise and you need prompt engineering.

The prompt engineering piece, I think, It's one that people go to more often because it's easy to understand, but the prompt engineering stuff is actually the lowest hanging fruit. It's actually the lowest common denominator. It's easier to [00:17:00] automate. It's easier to do. It doesn't require as much skill as someone who is reverse engineering the model itself and then finding edge and boundary cases to make it behave in different ways.

That takes more mathematics background. Computer science background and understanding the business logic of the model and what it's trying to exploit. Those are much harder to do. But those require higher skill set. That being said, that is happening in the wild today, everywhere.

Ashish Rajan: In terms of model or reverse engineering the model, are these people using like a OpenAI, Gemini?

Or are they using there's like a whole open versus closed models as well. Like all the hugging faces of the world, they have the open, closed, and whatever

Nabil Hannan: so there are open source models. Yeah. There are models that their source code and their logic are publicly available.

Yep. And then there are models that are closed source. So you don't, you don't really have source code to what ChatGPT is doing. That's right. With that being said, we do test systems for organizations. So we partner with high tech [00:18:00] firms that are building models. Yeah. But we also partner with companies that are integrating models.

They're not building any models. They're just integrating and ingesting models through APIs for their internal employee use, for their client use, for their back office use, etc. So when it comes to that, there's this misconception where people think that just because something is closed, it must mean it's more secure.

And if it's open, then maybe it's not as secure. The difference is if it's open, it allows us to reverse engineer and understand its logic faster so we can spend time finding exploits for it faster. Yeah. If it's closed, it just requires some additional computation time. For us to send it prompts to reverse engineer what it's doing.

Now you may not reverse engineer exactly a hundred percent, but you can reverse engineer with a very high level of confidence that you have, you're going to be 95 percent of the time accurate in your interpretation of what the model would respond with. An example where we see this regularly is around AI based systems that do email [00:19:00] spam filtering.

Ooh, let's say. Yeah. So we've tested some of them where we were able to. actually reverse engineer the logic of the spam filters and for us to understand exactly what type of words were triggering the spam filter. Yeah. And then we also figured out how to sequence those words in a different way, leveraging our own LLM to come up with the same message.

And it would change the message for us in a way so that the spam filter would not filter it out. So because we were able to get the confidence. That we know how it's doing something, we can then take our input and use math to come up with other variations of the same message in the same context in a way where the spam filter would not detect it and let it through.

These are happening in real time and the other thing that's important to mention is, We've been using AI and LLMs for a really long time. People just have started calling it AI and LLMs, and people are more aware of it because of the explosion of adoption in [00:20:00] ChatGPT yeah. But people have been using machine learning models in other parts of their workflow already in various software.

Yeah. They just weren't as aware of the fact that it wasn't used. But it has been used by attackers. It's been used for much longer than you would expect at least 10, 15 years. They have been using this techniques. All that's happening now is we have access to hardware power at a cheap cost that we didn't have before.

Which allows us to process large amounts of data much faster and cheaper. Yeah. Which make these models look almost intelligent. The techniques and the things that are being implemented, the theory behind it and the mathematics behind it have been published in white papers for the last 10, 15, 20 years or so.

Yeah. So it's not anything new. It's just that we have the power of the hardware available to us now as we evolve it to make it more effective and appealing.

Ashish Rajan: Yeah. And I think those are really good points because Yeah. People who are watching or listening to this on the other end, the three attacks you called out, they'll probably, each one of them, or depending on the industry, they would [00:21:00] relate to each one of them as well, or maybe some of them.

In terms of what can we're obviously at a conference in, for a sec, Europe as well, a lot of people want to walk back with something actionable that they can do today. What would be some of the foundational level test?

Nabil Hannan: When it comes to implementing any technology, I think it's important to first understand the context in which you're implementing it.

Yeah. What is the intent and what is the use of this particular technology? That leads then to the basics and the hygiene stuff we talked about earlier. You have to figure out if you need certain basic things to be in place first. That are just traditional things everyone do. But there's network segmentation, defense in depth, multi factor authentication, data protection, data encryption, data, transmitting data encryption at rest, encryption in transition, right?

All of these things. are still concepts you have to think about. Data classification and inventory, like we talked about earlier, that is also important. So if you're going to train the model on your data, [00:22:00] or if you're going to give the model access to your data to make decisions based on your data, you have to have all of those basics in place already before you can do it safely.

You can do it unsafely anytime you want, but if you want to do it safely, you have to think of those basic building clocks. Of a security initiative. Yeah. And you have to have those in place. The next thing that you have to really think about is, just because AI is the new buzzword, doesn't mean everything has to be solved with AI.

There are problems you can solve with traditional software systems, with 100 percent accuracy, that does not necessarily need an AI model. Instead of jumping on the AI bandwagon, and just because a solution has AI, or leverages AI It may not be the right solution for you. Thinking of that as well, I think is an important step because people often jump to these shiny new objects first, and that's not always the right answer.

Yeah, so taking a step back and understanding why you're making certain decisions are also important. I think in any business, because you're making a significant [00:23:00] investment in these solutions. to help you with some sort of a business objective. Yeah. And lastly, the attackers are where the money is.

Yeah. So if they can impact you financially somehow, and if these models can impact you financially based on how you're adopting them, chances are those are the areas where you're going to get attacked first. If you're using a chat bot, or if you're using an AI based systems to change the colors of your website or something regularly, you're Attackers are probably not going to go try to attack that piece, but if you're using a model to determine the value of a check or to determine how to make something faster and more efficiently, attackers may attack those things first because they can have a significant business impact and financial impact by attacking those systems.

You have to think about where the money is. And then, and determine and make your investments and priorities based on where the money is, because that's where the attackers are going to go first.

Ashish Rajan: Interesting. I think the three things you called out somehow sound very proactive as well. So I think it goes to the theme.

That's why we're the proactive [00:24:00] security solution, just sliding it in there. In terms of I guess the pen testing side is interesting as well, because I don't think many people have spoken about the pen testing side of this. So when people have say, an LLM products being used inside, whether it's an open, closed or whatever.

Is there some advice for people on how do they look at pentesting an AI application? Is it that dramatically different to a software application being pentested?

Nabil Hannan: Let's break that question down into two categories. Let's break it to the first part where a company might be building their own LLMs or building their own models.

Yeah. And the part where people are just adopting models. They're not building anything with AI, but they're just adopting an AI model into their software systems. For the first one, pnetesting those models are very challenging, and you have to make sure you find the right experts who can come in and help you with that effort.

So that is actually significantly different than traditional pentesting, because you're not looking for traditional application attacks only. You're looking for those, but you're looking for additional things that are based on the [00:25:00] detection, evasion, poisoning. Jailbreaking and other things that we talked about earlier.

Yeah. So that's a beast of its own. What's more common is you're just buying a solution or paying for a subscription for an, for a model and integrating it into your systems. The problem you have is people have this misunderstanding, or maybe they oversimplify how they risk rank their systems. because organizations, especially larger ones, they love questionnaires. Okay. First of all, and they like risk questionnaires where they go. Do you have PII? Do you have financial transactions? The new thing now is, do you have AI? Yeah. As soon as you check that box, everyone loses their mind because they're like, what do you mean you have AI?

Did you build this AI? Did you integrate this AI? They don't ask those questions anymore. Are you using my data for AI? They just go, do you have AI? Yes or no? And as soon as it goes yes, all the executives get a notification that, oh, we're using AI. And then people just don't know what to do with it because they just don't have the context.

That causes some confusion. So I think people need to be better. educated and more deliberate with the questions they ask about [00:26:00] AI usage in their system so they understand whether it's just a model they're buying or whether it's something that they're building, like in the first case. Majority of the cases are going to be models that people are buying.

Most people are not building their own models from scratch. When that happens, it's You now have to think about do I want to invest money in pentesting the model that I'm buying? Because you may or may not have any influence over, if you find problems, if they'll get fixed. Do you really think if you find a problem in, let's say, Microsoft Outlook, do you think if you're going to tell Microsoft, oh, I found a low finding, you need to go fix it, that they're just going to fix it?

Probably not, but you would have invested a lot of money to test it, right? Same thing goes here. Do you really want to test a model that is being built by someone else, managed by someone else, and you may or may not have any influence over how that's going to be designed, fixed, or changed going forward, versus actually testing the integration pieces.

So now you have to think of where am I integrating, what data am I training it on, where am I deploying the model, what type of network access does the model get, what type of database [00:27:00] access does the model get, and all of those things. Are things that you can review internally and then, of course, the traditional application testing stuff still applies, right?

Do I have cross site scripting? Do I have SQL injection? Do I have remote code execution? Denial of service, right? Those things still apply when you still have to test the functionality that is interacting with the model. for those types of traditional AppSec vulnerabilities. But now you have to look at the model differently because the model has capabilities to do more than what traditional software systems did.

Yeah. Because it can learn based on your data. It can learn based on network segments it has access to and so on and so forth. So that goes back to the defense in depth and basics of security that you have to think about that goes around the model that you're deploying and where you're deploying it.

Ashish Rajan: That's most of the technical questions

I had. I've got three fun questions for you as well. Let's do it. What do you spend most of your time on when you're not doing AI, mathematics, pen testing, all of these wonderful world of AI.

Nabil Hannan: Most of my time nowadays, if I, which is my free time, the limited free time I have, is spent with my pets.

[00:28:00] Oh, so I have two dogs and two cats. Oh just four. Just four. Just four. And I spend most of my time with them, whether it's at home or taking them out, taking them to the park, playing with them. And they go everywhere. I go with me on like drives and stuff on trip. Everywhere I go, when I'm home in Boston.

Oh they go with me in the car. The dogs go with me in the car everywhere. Oh, everywhere we go. Cats are sitting ideal in the car. Like amazing . The cats rule the house. I joke about it that they let me live in their house. I'm actually their butler. That's at their service at all times. So that's where most of my free time goes.

Other than that, I also enjoy playing golf. I like playing golf with friends, colleagues, clients, etc. And I also like riding my motorcycle. That's something that I do, that's just me time. With your dogs? No, that's just me time. That's for me to disconnect and just focus on myself. So I like riding my motorcycle.

Ashish Rajan: Time away from the cats and dogs as well. Fair. And the second question, what is something that you're proud of that is not on your social [00:29:00] media.

Nabil Hannan: So I had an incident today Oh wow. That I'm actually very proud of. Oh wow. And it actually is something that highlights the need for education we have in the cyberspace.

Ashish Rajan: Oh, okay. I thought it was gonna be London story, but it's something

Nabil Hannan: I'm very proud of. My mom called me today at 5:00 AM Yeah, because London time. London time, because her Facebook account got hacked and the hackers took over her account and they were messaging people on her list asking for money.

Yeah. In fact. Two of her friends actually wired money within an hour of that account being breached. So that's already lost, but they wired money to that hackers. I woke up in a daze, picked up the phone, and then within about two hours, I was able to kick out the hackers from her account and recover the account, which is rare.

Yeah, wow. It's actually not usually possible when the hackers get in.

Ashish Rajan: Yeah.

Nabil Hannan: But I was proud of the fact that, A, I was able to keep my composure and think through what approaches could be taken. Yeah. And also proud of the fact that, my mom actually called me early enough because she knew [00:30:00] that she needed help.

And I actually set up her account when setting up with the proper controls where the hackers could not fully take over the account and I think most people would not be able to do that Also, it's sad that me being a cyber security professional I had all the basics down and I did all the right things and her account still got compromised.

But proud of the fact that I was able to actually fight some real world hackers in real time and use some of my expertise Yeah to actually recover the account and get my mom at a point where she's more at ease because as you can imagine being older and her friends are transferring money Yeah, physical money to be over the internet that caused her a lot of distress I can imagine Yeah, but proud of the fact that we were able to put her at ease recover the situation Yeah took about two and a half hours to get everything done.

Ashish Rajan: Okay,

Nabil Hannan: But happy that I was able to do that. And my younger brother was joking over text, over group text, where he was like, this is the culmination of your education and career. You all did all of this for this moment to [00:31:00] make our parents proud and then save the day. One day in your life. That's why I'm proud.

I'm proud. I will have to ask my mom if she's proud of me or not. But as Brown parents, it's rare that you hear the word. What do you mean I'm really proud of you? The P word is almost forbidden. So we'll have to ask. I gave you birth, so that's enough. You should be proud of me.

Exactly. So proud of that for myself. It's a little

Ashish Rajan: Yeah, fair. No, that's a good one as well. I'm glad your mom got out of that trouble. Cause that could be quite distressing. Especially people who don't understand technology as well. It's just shit's happening and you're like, Oh my God, I don't know what's going on.

Nabil Hannan: And it was a true scam actually, where they called her and they pretended to be from the hospital updating her COVID test data. And they said, I'm going to send you a token. Can you give me the number? And that's how they breached her two factor and got into the account.

Ashish Rajan: Oh okay.

Nabil Hannan: And she thought she was, something was wrong in her medical record, so she was just trying to be helpful to get it fixed.

Ashish Rajan: Yeah what's your favorite cuisine or restaurant that you can show?

Nabil Hannan: Since we're in London, I'll give you a London place that has become a NetSPI Tradition now. Oh, and in the UK. [00:32:00] So there's a restaurant here called Tamarind in Mayfair, right? It's actually the first Indian Michelin restaurant ever that received a Michelin star.

Oh, wow, and We've been going there pretty regularly And I think I'm still on a streak where I've been there once every time I've been in the UK since discovering it in 2022, that's probably one of my favorite places Indian food in the UK is amazing Really good. Yeah. And this place is exceptional.

So that's probably my, one of my favorite Indian cuisine locations in the UK.

Ashish Rajan: Appreciate it coming over. Where can people connect with you and find out more about the proactive security side that you guys are working on?

Nabil Hannan: So our website netspi. com is where everything is. I'm online on socials LinkedIn and Twitter.

You can just search my name Nabil Hannan and you'll find me. I have a podcast as well. I host a podcast called Agent of Influence. So that where I talk to cyber security leaders and leaders in general about their journey. That got them to where they are. So you can come check that out and subscribe to it at wherever you listen to [00:33:00] podcasts.

Ashish Rajan: Awesome. Appreciate you coming on. Thanks so much for coming on, man. Thank you. That's the episode, folks. Thank you for listening or watching this episode of Cloud Security Podcast. We have been running for the past five years, so I'm sure we haven't covered everything cloud security yet. And if there's a particular cloud security topic that we can cover for you in an interview format on Cloud Security Podcast, or make a training video on tutorials on Cloud Security Bootcamp, definitely reach out to us on info at cloudsecuritypodcast. tv. By the way, if you're interested in AI and cybersecurity, as many cybersecurity leaders are, you might be interested in our sister AI Cybersecurity Podcast, which I run with former CSO of Robinhood, Caleb Seamer, where we talk about everything AI and cybersecurity. How can organizations deal with cybersecurity on AI systems, AI platforms, whatever AI has to bring next as an evolution of ChatGPT and everything else continues.

If you have any other suggestions, definitely drop them on info at CloudSecurityPodcast. tv. I'll drop that in the description and the show notes as well. So you can reach out to us easily. Otherwise, I will see you in the next episode. Peace.

‍