Rachael Lyon:
Welcome to To the Point cybersecurity podcast. Each week, join Jonathan Knepper and Rachael Lyon to explore the latest in global cybersecurity news, trending topics, and cyber industry initiatives impacting businesses, governments, and our way of life. Now let's get to the point.

Rachael Lyon:
Hello, everyone. Welcome to this week's episode of To the Point podcast. I'm Rachael Lyon here with my co host, John Knepper. Excited to kick back up our conversation with Saaim Khan, who is a founder and principal adviser at CyberMatters, which is redefining cyber consulting with an unconsults approach. So without further ado, let's get to the point.

Saaim Khan:
Sorry. Very long winded answer, Jonathan. But once again, I do like to tell stories.

Jonathan Knepher:
No. Great great answer.

[00:53] AI in Cybersecurity: A Tool of Augmentation

Rachael Lyon:
It is a great answer because it it does kinda get at the heart of, you know, AI. I think, you know, there's been a lot of trying to position as a silver bullet. Right. And particularly in using it for automation and security. And, but there's so much care and feeding. Right. I mean, as you know, nothing in cyber is a is a the one and done it. Right? There is, like, set it and forget it, whatever phrase you wanna use, and is what people are you know, companies are leading into this.

Rachael Lyon:
Right? For threat detection, incident response, or whatever. I mean, what what is a path forward, right, so that you are getting the need to know information versus, to your point, getting flooded with, you know, these results that, okay, 80% of those actually aren't critical to my business at this point in time. You know, I need to know where I need to pinpoint my focus, which is what the hope of that AI response would be. So, I mean, how what does the current heating look like, and and how do you make that manageable?

Saaim Khan:
I I think with with AI as well, you need to understand I mean, I've, in addition to being a pedantic storyteller, I'm also a simpleton who tries to, you know, create analogies which would make sense in the real world. This is how I think AI is if AI was a person. An AI, a generative AI, GPT, whatever you wanna call it, is effectively, in my opinion, if you make an analogy, a seven year old child who has super like, superhero or super, human level intellect and capability. Mhmm. Right? But it still got the psyche of a seven year old. And what does seven what do seven year old children want to do to the adults? They want to please the adults. They want the adults to be happy with them even if it means making up stuff. And that's what AI does.

Saaim Khan:
Mhmm. It just wants you to be happy. Right? Because its goal is to get to the answer. If it gets to the answer through a hallucinatory or a hallucinated track, sure. Doesn't matter because it's getting to the to to the goal. As a practitioner of cybersecurity or technology in general or or, you know, in a corporate setting, when you're using these tools oh, okay. That was interesting. I don't think my AI powered camera liked what I said.

Saaim Khan:
There we go. I think with there's a lot of care required into actually accepting data. So when you are if you're expecting the the the AI tool to be able to generate content, which is new insight, you are setting of, an unrealistic expectation. It is not gonna give you a new insight. It will only regurgitate what it knows, perhaps bring, a thing you didn't think about. But, you know, these are these are things that people who use these systems on databases need to think about. Also, at this stage, in my opinion, it's absolutely terrible at doing data analysis. I still use regex and Python for a lot of data analysis.

Saaim Khan:
I find that works very reliably. And if there's an issue, it's probably because I coded it wrong. So those are those are the things, Rachael, that, you know, you you you'd want to be mindful of when using these things. Streamlining cybersecurity operations, I don't think we're there yet, because, you know, let's take, let's take security operation centers. You can use AI to infer a lot of things. So if you're if you're receive if you, for example, one use case I do think makes sense is in the threat intelligence space. And I'm saying this off the back of a lot of experiments that we've done inside at CyberMatters over the last, like to say, fourteen months, where we've taken a lot of open source intelligence feeds, tag them, but using regex, not using AI, and then used those well formed pieces of intel fed into an LLM, and then asked it to kinda give us a good summary, which is human readable. So almost like an intelligence report.

Saaim Khan:
Mhmm. And I would say that, six times out of 10 or, yeah, six times out of 10, we've gotten a very good result where when we gave it to CTOs and CISOs to read, they're like, yep. This is great. I wouldn't mind reading this as part of my morning email stack because it's giving me the right information, it's giving me the right level of detail. But it took us about fourteen months to fine tune it to the point where it made sense. So that is where you know, that's kinda like goes with the territory. Can I rely on it a %? Absolutely not. So whenever we do those emails the the night before we send them out, we'll have one of the team take a look at the content.

Saaim Khan:
Well, usually, it's me. Take a look at that content before it goes out because, you know, we don't want a situation where we're kind of hyping something or we're kinda, you know, downplaying something, which could potentially be the difference between a missed indicator of attack or a indicator of compromise versus, you know, something that was just filler.

Rachael Lyon:
I know Jonathan, you've got so many questions there. I can see it on your face.

Saaim Khan:
Wait. Well, which which direction do you wanna go?

Jonathan Knepher:
Well, I mean, you brought you brought up some, like, you know, a lot of a lot of kind of points around, like, how to use it. I think, you know and you had a story about it falling short, as well. Do you have do you have more examples you wanna share? I know I know you like telling the stories here. So, are there other good stories where it's where it's fallen short on on things?

Saaim Khan:
Well, I think that's probably, like, if you if I I can I can probably count on my fingers the times I've got it right? I've lost count the time. Like, like, for example, we you know, when when OpenAI came out with their paid models where they guaranteed sandboxed environments for your team to kinda run, you know, your GPT. We kinda played with it for a little while, and then we kinda decided to step away from it. And we then went back to basics of good old regex and good old automation, where we could, you know, kinda just, like, get through things quickly. We'll use AI where we can, like, you know, if you're in a hurry and you just wanna get a quick quick, answer. And now Google's enabled AI mode, so, I mean, I don't think we'll like, I think we'll just stick with that. But things where it's failed, feed it some anonymized risk data and ask it to you to give it give you trends. It started talking about things that were nowhere in the dataset.

Saaim Khan:
For example, we fettered risks around, predominantly, software development, tech technology integration, and, SaaS, vendor reliability. Those were the general themes of the risk, and I was hoping to get something like that. But instead, we got things like, what was like, I'm trying to think of something that was prob like, without giving, you know, too much detail away. We got stuff along the lines of staff shortages, acts of terror, force mayor, because it was going off some generic risk set probably that it's been trained on, and it just completely started, like, hallucinating. And it kinda just took a good story and then just ran with it. Right? That's one. Another example that, and look. This is almost like try this at home or something, which is, let's suppose you prompt your LLM to, output a certain response.

Saaim Khan:
What you'll notice is, let's say, you ask it to respond to five inputs that you give. The first two are gonna be phenomenal, and you will kind of start getting this nice feeling that, you know what? Maybe this will make my life easy. Maybe I can actually get some extra time when I, you know, I I get some time back. The third response is gonna be slightly shorter. And then the fifth and subsequent responses, so not just the fifth, not just the sixth, but every single response after that in that particular chat session is gonna be truncated, and it's not gonna be as good as the first. Because what it's doing is with every iteration, it is finding the most efficient way to respond to your query at the cost of quality, And that's what it will do because now, in its own way, it's found the most efficient way to traverse between your input queries, map it against its vector databases, come up with a particular answer, and then just optimize it. So then it'll just keep find keep going back to that, and you'll have to kinda, like, you know, it's almost like smacking on the side of the head and saying, hey. Get back to work properly and, like, you can do this right.

Saaim Khan:
And then you'll have to, like, go back again. A lot of people don't realize this stuff takes time. So you'll have to then go back. You have to prompt it again. You gotta feed it again and then you'll kind of, you know so it'll time yourself and then try doing that task manually and you'll probably find you're, like, same time. It's just the perception. Going back to that comment Rachael made earlier, it's that perception that I'm actually doing it faster. You're not.

Saaim Khan:
You're actually spending more time prompting and, like, oh, no. No. It's not. I actually want it like this. Right? And you're, like, you think you're having a conversation with a real person, but you're not.

Rachael Lyon:
Well, it's a lot of work.

[10:36] The Path Forward: Managing AI Effectively

Saaim Khan:
Yeah. But, like, you know, I have a question for you guys because, obviously, you speak to such a diverse group of people. What do you think is the general consensus around AI finding its way into cybersecurity?

Jonathan Knepher:
I think we've been hearing basically what what you're saying. Like the the the power of the AI is to augment people who are already experts. Right? Like, you can't you can't give an AI tool to someone who's super junior because they won't know if the output is valid or not. And, you know, similar to your trick, I, you know, I I tell people when they're learning AI, ask it things you intimately and and in-depth know the answers to so that you understand kind of where this hallucination happens or where it doesn't. And so the same thing from the threat space, right, as long as you have an expert who's using it, it's probably advantageous for them, but not for people who don't already know. It's not going to magically give them experience and depth, when when the risks there are of not only, like, the prompt side of it, but the hallucination bits as well. Right? Like, the if if you can't look at the output and know, like, oh, yeah, that that is valid or not, then it's kind of not really useful.

Saaim Khan:
I would agree. I would agree. Rachael, what about you? Have you seen similar, kind of viewpoints come across?

Rachael Lyon:
A %. A %. It's I could see the the trap too. Right? To Jonathan's point, you know, because when I I I use I love gen AI and things like that for, like, aviation. You know, but like you, I've been in the industry. I've been in the technology, right, twenty five years now. So I know, you know, I kinda integrally know nuanced things, and it's really fascinating to see what it comes back with. I'm like, well, that's patently false.

Rachael Lyon:
You know and a lot of times they don't have the source. I'm like I inherently don't trust what I'm getting back. I'm like well that's an interesting perspective. I don't think I'm going to use it this time. But it's very dangerous because if you don't know those nuanced differences to your point you can make some very large large mistakes, particularly if you're building business decisions around what that output is. But it it's it's a tough one. I mean it can be a great learning tool I think in a lot of ways. Again, you have to know how to navigate, okay, this is what not to do and this is what is actually useful and and kind of how do you parse that information in a way that becomes strategic? There's a, I think, a long way to go still.

Jonathan Knepher:
And it's so convincing though that it's right.

Rachael Lyon:
Really? Yes.

Jonathan Knepher:
Like, at least with a human, you can be like, oh, they're feeding me a line or they don't really know this, but the AI is convincing even when it knows

Saaim Khan:
it's not It's a it's a master BS artist.

Jonathan Knepher:
Yes. Exactly.

Saaim Khan:
Right? And it's it just sounds so true. It's like, yeah, I think so. But hold on. Wait a second. No. That's not correct. Right? So, I get I the side note, I actually kinda love seeing my parents use AI because they think whatever it says is true. That's awesome.

Saaim Khan:
So, you know, they're like, oh, did you know this? I'm like, that's not true. Like, no. No. I asked Chad GPT and, you know, I was like, yeah. It's not true. Oh, you just, like, nah. You're you're wrong. I'm like, alright.

Saaim Khan:
I'm wrong. So It's

Jonathan Knepher:
it's hard to argue with how convincing it is.

Rachael Lyon:
It is, but it's it's almost, I think, kind of bringing it back on influencers. Right? And it it's almost like the the next generation social media. Right? When when you're on x or whatever. Oh, this influencer said this is happening. That must be true. And so now you've got gen AI aggregating those kind of points of view and spitting them out to you in a very kind of authority, authoritative way. Like, oh, well if it called 11 came back, obviously this, this is, this is the thing. So it, that's fascinating, right? And you kind of see how this now becomes almost exponentially, it's like an existential crisis almost, right?

Saaim Khan:
It is, it is. Well, I would I would you know, I I dare say it is almost like, existential crisis as a service. Right? Also depends. It depends. Like, sorry. If you're on a paid plan, it's existential crisis. But if you're on the free plan, it's existential dread as a service. Right? Because, you know, you're only gonna get to this point, and then you're not gonna get beyond.

Saaim Khan:
Right? So Right. I mean, on this thing, I I have to say one of the scariest things, right, was and I'm and I'm you know, it's this was, like, when they introduced voice mode, on on on one of those apps, and they had one of those voice mods which sounded eerily like Scarlett Johansson. Mhmm. So I did this and maybe it's maybe it's my cognitive bias, but they got that voice model, like, you know, to the point where when you're talking to the person, it's almost like what you know, it's almost like a real person talking to you. Right? So, like, for a second, you you you get this bit of dissonance in your head. Like, woah. Okay. Is that true? No.

Saaim Khan:
No. That's not true. Because when you go back and read it, like, yeah. That's absolutely nonsense. But the voice, the the fact that it sounds like someone that you've probably heard thousands of times in movies and media. Right? So that builds that trust, inherent, like, you know, that these are all different levels of cognitive bias. And then you're you're buying into that. And, you know, maybe the maybe the the generation before us who believe the written word must be true.

Saaim Khan:
Otherwise, how can you publish it online or in print? Kinda then goes off like, not if it's written, it must be true. Like, no. That's fake news. No. No. What what is fake news? It's published. I'm like, yeah. Let me show you how easy it is to publish something.

Saaim Khan:
But, yeah, it's I think it's time for restraint. And especially in our industry, I think it's time for restraint, because we have we're we're probably on the back, like, we're on the excess side of abundance now with these things. Right? Technological abundance is so much that we're like, I I read the other day about someone trying to make, trying to bring wooly mammoths back and they've basically successfully made, furry mice or something, right, which is the first step. They got the wooly part. Right? Now they just need to get that mouse to become a mammoth. But and then someone posted saying, hey, man. They're extinct. I mean, you know, can we save the ones that are still here? Stop trying to bring extinct animals back.

[17:31] The Complexity of Modern Cybersecurity Strategies

Saaim Khan:
Right? But, like so there's so such an abundance of technology. We gotta start. And in the cyber world, by the way Right. I mean, look, so, like, to give you perspective of how long I've been in the field, so I know, the brand from the WebSense days.

Rachael Lyon:
Oh. Right?

Saaim Khan:
I used to sell WebSense. Right? Right? And I've sent many and and I've and I've sold and and and and talked about many a content filter and many, let's call it DLP gen 0.1. Right? So I've been around. And the thing is now in in 2025, we have so many acronyms. Right? Like, before, we only had to deal with the, oh, what's next gen now? Right? But that's not the case anymore. Now you've got, I mean, you got EDR, MDR, XDR, MXDR, EXDR, or whatever. Right? And then you've got SIEM, you've got next gen SIEM, you've got, you know, LCAAS, log correlation as a service. You've got, what was it? Security lakes now, which is data lakes, just a lake of all of your log events.

Saaim Khan:
And, like, there is so much happening and, like, you know, defense in-depth now looks like this weird picture that you can't even look at because it's got so many components in it. So restraint is key. I'm gonna go back to that concept of, a security onion, right, where you gotta think about your organization. And this is pretty much, like by the way, thanks to all of this explosion of abundance, a business like ours, which basically our value proposition is no BS, no fanfare, it's no frills cybersecurity consulting, and that's it. Like, we'll give you the most simplistic strategy. And it seems to resonate very well because I think everyone's like, oh, you know, everyone's getting inundated with the fancy strategies. I was like, yeah. Switch that off.

Saaim Khan:
Switch this on. Smack that person on the head. Tell that person that they're fired. Bring that person on, and there you go. And then, you know, then let's go for lunch. That's that's literally like a like a strategy that we've done for someone. I mean, not that simplistic, but you get the point.

Rachael Lyon:
Right.

Saaim Khan:
Restraint is important because, by the way, from memory, the last five big data breaches, how were they caused? Nothing sophisticated, probably. I I I'd wager it's not nothing sophisticated. It's simple, good old human sorry. It's good old social engineering. The threats are only getting, more, common and and an increase in velocity and increased in in in in their incidents. But the technological progress of those attacks isn't really expanding. I mean, you I mean, the last most sophisticated attack that I read about was something that was covered extensively in technology magazines about malware embedded on one of those Sun Microsystem chips. Right? That was the last major sophisticated technological data breach that I'd read about.

Saaim Khan:
And even that was like, well, did they, didn't they kind of thing. So why is your cybersecurity strategy becoming so complex that it's becoming, you know, almost an an unwieldy that you can't manage it. So that's why restraint is really important, I think. But once again, this is a random person's rant, so please take it with, like, a pound of salt.

Rachael Lyon:
I wouldn't call it a rant. I I love the perspective, though. Yeah. Because it it's it's hard we get so caught up. Right? I mean, everything is moving so quickly kind of to your point, and it's very difficult to take that step back and kind of look at things objectively and kind of, you know and also take some of the sheen off things, and let's let's get back to it's just raw raw base. I'm like, okay. This is what we're actually working with, and then you can kind of better navigate ahead. But it's it's difficult to to make that time, for sure.

Rachael Lyon:
We were just talking about that, Jonathan and I, before, you joined because, you know, so, you know, Rachael, you all you always seem to kind of be, you know, kind of, seeing all the themes. And and and I'm like, well, because I make the time for these things, but I also don't make time for other things. So I love watching Netflix series, and I have to binge every new one when it comes out. It's it's my my huge deal. But then, you know, there's all these other things that then get get kind of pushed aside. So I I think that's a great reminder, truly, that we need to keep talking about for both because it's very difficult to do day to day.

Saaim Khan:
No. For sure. For sure. And I think, just on that, like, one area which I think we need to scale things back is just the explosion of vendor risk management, third party risk management. It's like, it's like Oprah giving out questionnaires. You get a questionnaire. You get a questionnaire. You get a questionnaire.

Saaim Khan:
Right? And then my like, one thing I actually asked one of our I actually asked one of our customers, and then I got a very I got a call from an extremely amused CISO. I asked a security analyst, I'm happy to fill out this excel sheet for you if you promise you're gonna read this from start to finish. Otherwise, I'm not gonna fill it out. If you have any questions, I'm happy to jump on a three hour, you know, Teams meeting and talk till the cows come home. But I'm not gonna fill this document out unless you promise me you're gonna read it word to word because I'm gonna leave tidbits there. I'm gonna ask you if you read it. Right. And Esiso called and said, why are you bullying my analyst? I'm like, well, I'm bullying your analyst because he sent me a questionnaire, which I know he's not gonna read.

Saaim Khan:
I know you're not gonna read it. So why are you asking these questions? For who for whom does this Excel sheet get filled out? And he's like, no. We gotta do good due diligence. And didn't you say that we have to do good due diligence? I'm like, yeah. Do good due diligence, but don't send a questionnaire. Like, how do we do it then? I'm like, ah, okay. That'll cost you.

Jonathan Knepher:
Those questionnaires, though, were brutal. I think I think we've we've all seen them, and it's like, yeah. Who who is gonna read that?

Saaim Khan:
It's it's it's, I don't know who's come up with this, but GeniusWare is it's it's just compliance theater. It's security theater. It is all look. We asked all these questions. It's it's actually a story, that resonates on this. So there was a there was a, a fatal accident in, at an amusement park, in, in Australia. And, you know, they kind of went through the, the, the, the motion of, like, you know, like, approving that, you know, we did our bill. Like, you know, we had audits and then, you know, this was an audit that was done and this was the compliance we had and things like that.

Saaim Khan:
But then there was this one question that was asked to the inspector, which he couldn't answer, which then kinda created this big awkward moment, which is, this was a roller coaster, I believe. So the question that was asked to the inspector was, did you ride the roller coaster? No. I did not. Yet you passed it. Yes. Because we had these checklists we had to go through, like, but you didn't ride the roller coaster. Right? So once again, come back to what's actually important. Like, let's say I was working with Jonathan.

Saaim Khan:
Jonathan was a vendor of mine, and we were about to give him some data for analytics and stuff. The most important concern for me is not if he's ISO certified audited. What's most important is what are the data sharing agreements that we're gonna have? What are the data sharing protocols we're gonna have? How long is he gonna have access to my data? Where is that data gonna reside? I'd rather spend the conversation on that rather than, hey, Jonathan. Are you ISO 27,001 certified? If you are, well, good for you, but that's irrelevant to this, particular use case because I really wanna get into the detail on this. I'm not saying that ISO is not important. It's just about relevancy. Mhmm. So there's a whole camp which would, slay me on this, saying that, well, you work in this industry and you're saying it's not relevant.

Saaim Khan:
Like, no. It is relevant, but not in this particular case. And so but once again, that's a that's a whole separate thing. That that will require this little coffee cup to be filled to the brim and probably with something stronger than coffee. But, anyways

[26:00] Valuable Lessons Saaim Khan Learned Over the Years

Rachael Lyon:
So, one of the things that we love to do on this podcast, Cynd, is, also get a little personal, you know, because it's always so fascinating how people have found their way to cyber, you know, particularly when you've been in cyber so long. But also, you know, over that time, you know, kind of some of the most valuable lessons that you've learned along the way. And I would love for you to share some of those insights with our our listeners. I know you talked a lot about mentorship, which I agree. That is a huge, huge need, but I I'd be interested in kind of more broadly as well, you know, kind of some some observations over the last twenty years for our listeners.

Saaim Khan:
Okay. I think the most important lesson that I've learned is to be able to quickly get to the heart of the matter. Mhmm. And I know it sounds very generic and very vague, but I'll, you know, give you a little bit of an example. If I walk into an incident crisis room, the heart of the matter is something has happened, and it has been dealt with, but what is the fallout? And you have to be able to determine the fallout from a variety of angles. If I walk into a testing scenario, the bottom line is, is the application worthy to be published online? So getting to the heart of the matter, that's probably the biggest thing. And in terms of, you know, the fact that this is an industry that's continuously changing, the other valuable lesson is you are not an expert. You've you're just a seasoned pass holder.

Saaim Khan:
So stop calling yourself an expert. Stop you know, I mean, I've been in this industry for a long time, but I still don't know Jack. Right? And I have to remind myself because complacency is very easy and it can happen very quickly. So I have spent the last couple of days reading up some new legislation that's come out and what it means from a cybersecurity perspective. Do I like doing it? Actually, I do. I do like reading legislative instruments, but that's that's me. I I mean, some people, like, you know, I I get I get bullied by my wife on this, like, oh, why do you like these things? Like, you know, like, so boring. I was like, yeah.

Saaim Khan:
But, hey, that's that's what I like. And then like you, with your Netflix, my guilty pleasure is reading sci fi. So, but, yeah, I mean, look. So the two things that I guess I could say in the in the last twenty odd years is learn to get to the heart of the matter and understand that you have to unlearn in order to understand. So I guess those are the two lessons. I mean, otherwise, you know, general advice, you know, be a good person, or or other, more specifically, don't be a douchebag. Be kind. And, don't don't, you know, communicate, like, in, like, use clear communication.

Saaim Khan:
And don't be afraid of having awkward fear, awkward conversations because it's only awkward for the conversation, then it's fine. But if you don't have the awkward conversation, you will have an awkward situation, which is worse.

Rachael Lyon:
It's somebody had said something once, and I like it. I think that's what you're characterizing here. It's it's almost like get comfortable with being uncomfortable. Right. And kind of to your point, right? That's how you learn as well. It's it's you go into the unknown and you're consistently learning. And and that's what Jonathan and I have talked about as well on the podcast just I can't think of another industry and perhaps there are but I love cyber for that every day you learn something new and it's it's kind of daunting you know because okay I gotta wrap my head around this emerging concept but it's I can't think of another place I'd rather be to be challenged like that you know every single day. And and maybe other industries are like that, but I just haven't found one like cyber that that does it.

Saaim Khan:
No. It gives

Rachael Lyon:
you the juice like that.

Saaim Khan:
%. And but, you know, in a word to the wise, there are many a rabbit hole in this industry that if you're not comfortable going down, then you very well should not. In 2013, I got into cyber criminal monitoring, cybercrime monitoring, and that led me down some really dark paths, which I never ever wanna go down again. So, you know, if you know, you know. Right? Yeah. So, you know, this is also an industry which will offer you all of that in an area which you can continue going down without going down something you don't want to either. So, you know, I picked GRC, and then I went down GRC to the point where, you know, I'm going head I'm going, you know, head to head with lawyers now. You know, you know, you know, arguing over interpretation of legislative things because that's where I've found something interesting.

Saaim Khan:
But, yeah, this is a great industry to be in. And I guess my own journey has been, I'm I'm a third culture kid, double immigrant, and I have, you know, built a business with from from from nothing. So all of those things are quite uncomfortable. So that's kinda like the norm now.

Rachael Lyon:
Yeah. That's great. Well, Sayem, I wanna be mindful of time. I this has been so much fun. I just I've really enjoyed our conversation.

Saaim Khan:
Likewise. Thank you so much.

Rachael Lyon:
Thank you. Thank you so much for the insights. And, yeah, to all of our listeners out there, thanks for joining us again this week for for another awesome guest. And as always, I'm gonna drum roll. Jonathan, what do we like our

Jonathan Knepher:
Smash that subscribe button. Yes.

Saaim Khan:
Yes. I

Rachael Lyon:
think of, like, the big fist. Oh, but don't break your computer in the process. So to everyone out there again, thanks for joining us, and thanks for joining Sayun Khan, a founder of Cyber Matters, our amazing guest this week. And until next time, stay safe.

About Our Guest

Saaim Mazher Khan, Founder & Principal Advisor, Cyber Matters

Saaim has over 18 years of experience in cybersecurity, IT, training, finance and business management. Working mostly in client-facing roles, he has worked with organizations in Asia, Australia and New Zealand, ranging from small businesses, all the way up to the ASX 100.

He is a Certified Information Security Manager (CISM), Certified Lead Implementor for ISO 27001 (CLIP) and Certified Technical Trainer (CTT+), with degrees in Computer Science and Project Management and graduate certificates in Cybersecurity Management, Cyber Law and Cyber Warfare.

Check out his LinkedIn