Uncertain Times — Infosec's here to help. Learn about remote testing and other COVID-19 resources.

Hunting criminals and stolen identities across the internet

Explore the hidden corners of the internet and the stolen identities that live there with today's guest, Amyn Gilani, Vice President of Product at 4iQ. He talks about his path from red teaming to cyber attribution intelligence, where bad guys hide on the internet, and what it's like to be “on a mission to unmask cybercriminals.”

Amyn Gilani is the Vice President of Product at 4iQ, a Los Altos-based adversary intelligence company. Previously, he was a Chief Technologist at Booz Allen Hamilton where he provided expertise to federal and commercial clients focusing on incident response, red teaming, threat hunting and cybersecurity operations engineering. Prior to joining Booz Allen, Amyn was a Vice President in Information Security at Goldman Sachs where he led red team operations and emulated sophisticated attacks against securities trading platforms and payment systems. He began his career serving in the United States Air Force as an intelligence analyst and was on detail at the National Security Agency and United States Cyber Command.

  • View transcript
    • [00:00] Chris Sienko: We recently hit yet another huge milestone here at the Cyber Work Podcast, 25,000 YouTube subscribers. Thanks to all of you who watch and listen each week, to those of you who watch the YouTube videos go live and chat with other and comments and everyone who is helping us to grow this great community.

      To give back, we’re now giving you 30 days of team training for teams of 10 or more. Your Infosec Skills account will help your entire team develop their skills and earn CPEs through hundreds of IT and security courses, cloud hosted cyber ranges, hands-on projects, skills assessments and certification practice exams. Plus, you can easily monitor, assign and track training progress with team admin and reporting features.

      If you have 10 or more people who need skills training, head over to infosecinstitute.com/cyberwork or click the link in the description to take advantage of the special offer for Cyber Work listeners. Thank you once again for listening to and watching our podcast. We appreciate each and every one of you coming back each week. On that note, I’ve got someone I’d like you to meet. So let’s begin the episode.

       [01:01] CS: Welcome to this week’s episode of the Cyber Work with Infosec podcast. Each week, I sit down with a different thought leader and we discuss the latest cyber security trends. How those trends are affecting the work of infosec professionals while offering tips for those trying to break in or move up the ladder in the cyber security industry.

      Today’s guest is Amyn Gilani, and he comes to us from 4iQ, an attribution intelligence company who are quote on a mission to unmask cyber criminals. According to their statement of purpose, they track the use of stolen personal identities by scouring the hidden corners of the Internet. Before this, Amyn was a red teamer with Booz Allen Hamilton, and we’ll talk a little bit about red team operations as well as well as his time emulating sophisticated attacks against securities trading platforms and payment system.

      Amyn Gilani is the vice president of product at 4iQ, a Los Altos-based adversary intelligence company. Previously, he was chief technologist at Booz Allen Hamilton where he provided expertise to federal and commercial clients focusing on incident response, red teaming, threat hunting and cybersecurity operations engineering. Prior to joining Booz Allen, Amyn was a vice president in information security at Goldman Sachs where he led red team operations and emulated sophisticated attacks against security trading platforms and payment systems.

      He began his career serving in the United States Air Force as an intelligence agent and was on detail at National Security Agency and the United States Cyber Command.

      Amyn, thank you for joining us today on Cyber Work.

      [02:27] Amyn Gillani: It’s a pleasure to be here.

      [02:29] CS: We like to start each show and our listeners know the drill by this point, but hearing about the sort of roots of your interest in beers and security, was this an early interest of yours? Did you get interested in it later in life? Did it come when you were with military?

      [02:42] AG: Well, I wish I did have a compelling story about my history in computer science early in my days, but I really didn’t – Wasn’t was really interested in anything computer related unless it was a videogame. I’m really interested in Sega and Nintendo, Excite Bike, Mortal Kombat…

      [03:02] CS: Ah, Excite Bike. That is a name from the past. I love it.

      [03:07] AG: We did have a computer at home, Windows 95. My uncle one time gave me a book on HTML and how to build websites, and I took a little interest in that, but as a young teenager, I just kind of lost interest immediately. I took it a lot more seriously in life once I joined the Air Force and started working at NSC.

      [03:28] CS: Okay. What aspect of – You get to the Air Force and like what is it there? Did they say we want you to work on security or computer stuff, are you sort of like looking at the options and you’re like, “Oh, this sounds interesting to me.”

      [03:41] AG: Yeah. I actually joined – I joined the military as an intelligence analyst. Not necessarily focused anything on computer security, but mostly on tracking adversaries. This was around the 2004 timeframe, post-9/11 of course. My mission was to track bad guys to their devices or understanding where they are location-wise and it was really more about tracking.

      Then eventually after the 2007 surge, once we no longer work on this kind of operations, my commander told me to look into changing units into this thing called JFCC-NW, which is the Join Functional Component Command of Network Warfare. It has a very small Wikipedia page, but essentially it was the offensive arm of cyber command, what cyber command is today. It was a blessing in disguise, and that’s when I really got into computer security and is more on the offensive side. It was the peak of offensive security at that point.

      [04:45] CS: Right. What I was going to say, that jumps perfect into the next question, is that clearly you got some degree of excitement about sort of going after the bad guys. Is this sort of where you started focus on attack focus pen testing and red team operations? Is there something about the thrill of the hunt specifically that brought you to this career direction?

      [05:03] AG: Yeah, absolutely. Going after bad guys and stuff, it was great to use open source methods at one point, but then as like the attack landscape like kind of changed. We had to adapt to it, right? Whenever you have adversaries, first, using text messages for their operations. Now they’re using websites. They’re using Al-Queda-based magazine like Inspire and stuff like that. It’s up to us to do disruption and disruption at the same time. We just had to evolve the way enemy evolved, and that’s what we do today as well.

      [05:37] CS: Okay. I want to talk more about your red teaming past later on, but for now I want to talk about your work with 4iQ. Tell me about the company’s mission. I summarized briefly in the bio of unmasking cyber criminals. What are your methods and what are the tools you use to accomplish this and sort of what’s the parameter of what you do?

      [05:55] AG: Yeah. The mission of 4iQ is essentially to disrupt adversaries and to protect identities as well. We do have two different business lines on that. Identity theft, of course we have all these great information from breached information. As you guys know, breaches happen all the time. You have the Marriot group breached constantly. It’s constantly a new cycle and people are becoming numb to it. But essentially, we’re collecting that data and taking it and of course protecting people immediately with it. We’re working with people who are folks on the consumer end and we power a lot of those companies to help protect identities on the consumer end. Anytime a breach happens, we like to alert that provider immediately saying that this account is compromised. These passwords are out there and they should change it. Take quick action on it, right? Also with the enterprise with this data, we’re helping prevent account takeover. That’s the obvious thing, right?

      [06:53] CS: Right.

      [06:54] AG: We later realized that the bad people, the most heinous people in the world are also in this data and we created a platform that could find that needle in the haystack and really dive deep on these people, and we’re not just collecting credential data for the unmasking part. We’re actually grabbing usernames from dark market forums, from crypto wallets that are associated with ransomware. There’s a lot of cabin logging and labeling that we’re also doing and being able to correlate that with breached data, we can find the real people behind it. We’re correlating IP addresses, passwords. We’re also correlating usernames. Pretty much any attribute that you can find in a breach. We’re trying to correlate all that information so people can – They can’t hide it behind any kind of username or monitor anymore.

      [07:49] CS: Wow! I guess I want to sort of find out a little bit about like how your team works. I’m curious about the division of labor. You say you’ve got people sort of collating all of these things. What is a team look like who’s like working on one particular criminal or does everyone have sort of multiple caseloads?

      [08:07] AG: Yeah. Actually we’re not cataloguing adversaries the way other threat intelligence organizations would. Our platform is more of an enablement tool that we have of course 25 billion records and numbers. It doesn’t really mean anything at that scale, but really what we’re doing here is we’re just sourcing a lot of these criminal networks and we’re creating a tool where anyone who’s working on investigation, whether it’d be on the fraud or anti-money laundering side where they want to make sure that they’re onboarding like a legitimate person using their credentials, we’re validating that. There’s a lot to be fed about no history as well.

      Really, the division of labor of the company, a lot of it is going into engineering to develop this very sophisticated platform. Of course we also have a threat intel analysts as well that are collecting this data and having presence in these forums in order to obtain that data.

      [09:08] CS: Okay. How did your company come to the decision to go into sort of attacking the problem of attribution by chasing down stolen personal identities and so forth? You mentioned some of these organizations, but I don’t hear that much about these types of hunters. Most security groups that we talk to work on the defense and remediation side of things. I’m curious how you came to sort of settle into this relatively uncommon area of the security space.

      [09:32] AG: It’s totally uncommon, right? I think the vision is –

      [09:36] CS: It’s something that like people are frustrated about. It feels like you hear that all the time. It’s like why can’t we take the fight to them and stuff like that?

      [09:43] AG: Yeah, we should. We should. Of course, we should.

      [09:45] CS: Right. That’s why it’s so exciting to hear about this.

      [09:47] AG: Yeah. This is actually the most exciting thing. I think – Just a little history. I started off my career in the Air Force and NSA like hunting bad people, and it was so much fun. Those authorities really only exist in the intelligence community in the military, but once I moved on to Booz Allen and Goldman Sachs, the operation of that type, it really doesn’t exist. It didn’t exist at that point. Once I saw this platform, actually, Julio Casal, our founder and CTO, he showed me this tool and he’s like, “Yeah, we’re just kind of unmasking bad people.” I realized that, “Hey, you’re actually solving the problem of attribution. You’re actually unmasking cyber criminals,” and I was thrilled about it, right?

      That drew to me to it and I was brought on to bring this product to market and see how we can sell it in the US. We found a critical need for it too, because it’s not about finding the bad person and attacking them. It’s really about how does this bad person really impact your network? How do they disrupt your operations? It ultimately costs a lot of money towards fraud because of this.

      Right now, we’re really trying to help to know your customer, organizations, the anti-money laundering and fraud organizations as well as those teams that are focused on cybercrime intelligence. How can we really understand the people that are attacking us and how can we disrupt them so we can ultimately reduce the loss of fraud within the organization.

      [11:29] CS: Who are you clients? Are you sort of working for sort of legal organizations that are working – And you’re sort of like the research department or are you working for people like banks or whatever who have been hacked and want to sort of like get back? I don’t really have a sense of that.

      [11:49] AG: Yeah. The people who are really interested in this type of work. Right now, short answer of course would be financial organizations, but as well as law enforcement and telecoms community only because there’s a couple of factors that are really helpful. There’d be the appetite, right? Who has the appetite to take on this type of mission? The authority, you want to make sure that the organizations that has an attribution program actually is able to – They’re legally able to take down bad people or actually arrest them and have some kinds of orders in order to reduce this kind of risk.

      Of course, they have to have the ability as well. They have to have the resources and teams. Right now, as I mentioned, law enforcement and government in general is a good client of ours, but as well as financial, because essentially they’re charged to really reduce the risk. If we’re continuously playing whack-a-mole of blocking in the case of compromise, it’s a never-ending game, whitelisting, blacklisting certain sides. We’re always just tackling the problem in a very one-dimensional way, where I think that if we were to go after the adversary itself, that would cause the real disruption and there’s a much better ROI.

      [13:12] CS: Yeah. You’re kind of facilitating for people who have the actual legal recourse to sort of come in and do the arrests.

      [13:19] AG: Yeah, exactly.

      [13:20] CS: Okay. What are some of the challenges in going after cyber criminals in this way? Have you had to worry about like retribution? Is there anything where like other hackers sort of like try to hack you guys to sort of take revenge or anything like that?

      [13:34] AG: That’s a great question. We haven’t seen anything at that scale fortunately, and I think that the retribution part is always going to be a concern, right? There are so many organizations and security that are out there that kind of expose much larger networks, right? Like if there’s a particular nation state actor that used a certain attack against the bank. They’ll have not only their TTPs, but also who is compromised and they can kind of categorize exactly who this person is. I think a lot of security organizations are going through this issue of potentially being retaliated.

      [14:13] CS: Okay. In your interest in sort of getting out of the sort of whack-a-mole move of just defense, defense, defense and actually going after them, do you have a sense – This is probably unlikely, but do you have a sense of like what the total sort of number of adversaries there are? As you take out these, are you taking them out the way that like you see the sort of Al-Queda org charts and things like? Are there sort of like big guns that you’ve taken out that have sort of like destabilized aspects of hacking or people just kind of keep scrambling and filling the holes?

      [14:51] AG: It’s such an interesting time right now, but it’s hard to put a number on it only because the larger – Cybercrime is almost like a business, right? I can know what the numbers are. But –

      [15:03] CS: Yeah, it is a business.

      [15:03] AG: Was it $3 to $6 trillion will be lost in 2020 because of cybercrime? It seems like it is a – When you look at it as a market perspective, it’s obviously a very big business and good business to get into. I think even if we take down certain actors. There might be an increase in the type of – I think there’s still be a lot of people that are getting into the game as well doing low-level ransomware-type acts and stuff like that.

      But I think the problem is that the fact that not many organizations are going after these criminal groups. It makes it a lot easier for that business to continue, right? Criminals would be doing it. There’s really no retaliation or any kind of action against law enforcement against them. As long as there’s really no real action, it’s going to continue to grow, and that’s why we want to reduce that number of cybercrime. We want to make sure that there is some kind of responsibility behind any kind of attacks.

      [16:05] CS: What exactly are the sort of hidden corners of the internet? You mentioned it briefly, but like where are you looking for these sorts of people? How are you sort of doing the tracking of IPs? What are the areas of the internet that we don’t know about and we don’t want to know about that you’re in regularly?

      [16:21] AG: Yeah. We’ll start with the basic ones that are just right out there, right? You can go to RaidForums. You can just Google it right now, RaidForums, and you can find terrible things right away. Sometimes it’s right in front of your nose? But there’re other places where of course there are more nefarious things available, not just credit card dumps. There’s a bunch of terrible stuff out there, like human trafficking related things or child pornography. There’s a lot of heavy stuff out there that is being sold and traded and those are the types of people that we want to take down. Those are using ITP and torrent networks and there’re just a lot of different sites that are out there, protected sites, but as well there are similar sites like Sik Road and alpha beta keep popping up. There are always these marketplaces that sell weapons to manuals and how to build bombs and just a bunch of stuff. It’s endless. It’s endless. I think that a lot of them also just open source. They can just look it up today, which is unfortunate too.

      [17:29] CS: Okay. I think of like a hacker kind of getting in. They’re sort of disguised, but they’re basically using like the network of the banking company and they’re going in there. Do you have to do a – Your employees have to be like a similar disguise to do into some of these kind of Silk Road places? Do you ever find out that you’re in there asking questions and people are like, “Wait a minute. Are you a cop? Are you coming for us?” or whatever? Is there anything like that?

      [17:56] AG: Yeah. There’s always stuff like that out there. I don’t want to reveal too much, but of course you have to protect your employees as well, right? You don’t want to them to be in any kind of danger. But I think that conducting surveillance and understanding what’s out there is really helpful to know as well and how our clients as well as us, how we should be prepared and how we should be protecting our families as well.

      [18:20] CS: Right. I want to pivot this a little bit. The name of the podcast of course is Cyber Work and we want to talk about sort of careers and how you can get into these things. Did your background in penetration testing and red teaming prepare for you for this type of work? I mean, it sounds like you were kind of doing them on parallel tracks. But are there ways in which the two processes are similar and ways that they’re different? The sort of like intelligence work that you do versus like red teaming?

      [18:47] AG: Yeah. In this case, I think that having an intelligence background could, because essentially 4iQ is an intelligence company, right? Intelligence background but also understand adversaries. It just happened to be a perfect fix. I mean, this is my dream job, hunting bad people in a public place with the authority I think is pretty awesome, right? I think that’s the real mission that we’re behind.

      I honestly think I just got lucky and I wish I could give a recipe for that, but I would say that for those who are listening and that were interested in, let’s say, red teaming. Specifically, there are so many things that you could learn that are just completely available. I learned some of the best tricks. I learned how to use Linux mostly on YouTube before I took my first class or OSTP, right? I think there’s just a lot of great resources available if you wanted to learn about how intelligence, how intelligence analysis processes are dong, the intelligence lifecycle. There are so many great things that are out there in order to really sharpen your skills.

      [19:57] CS: Yeah. If someone wanted to get into the type of work that 4iQ does specifically and chase down cybercriminals and hackers and do cyber attribution. What are some specific skills, experiences or certs that you would want to see on their resume? What type of candidates stick out in the resume pile for this sort of thing?

      [20:14] AG: Specifically on resumes?

      [20:16] CS: Or just you’re sort of getting a sense of the person. What are things you want to hear them say, “Oh, I’ve done, or I’ve tried this, or I learned that.”

      [20:22] AG: Yeah. I’d say you have to do a research. You have to be naturally curious. Because if you really want to understand threat actors, you have to understand their motive, you have to understand their perspective and take a walk in their shoes too, right? I think that anyone who’s worked in any kind of investigations and who’s just naturally curious, they have been really good analysts from what I know. Even when I worked at Goldman, I had a really good colleague. Her name is Sarah and she worked at PETA as an investigator and now she is the global head of intelligence at a really big bank now. I think that having that background and having the drive to learn more, I think that’s the most – That’s probably the best thing you can do. Having that translate in the resume would be I think making sure that anytime you put it down, make sure that you use those words and those actions that show what the impact really was. We needed some kind of investigation or did kind of analysis, right? From a resume base, it’s all about outcomes, right? How do you make an impact?

      But along the side about getting into a job something like this. I’d say that – I mentioned how we evolve to any new tactics. I think people who are seeking jobs in this industry also have to evolve, and I think that a lot of jobs are won by personalities and getting to know each other. Being just a resume in a stack, I don’t think it’s good enough anymore at times. I think you have to utilize. You have to slide into DMs, right? You have to reach up to people via LinkedIn or wherever their avenue is and really try to connect with them? Not sound salesly. Not sound like you kind of sell something, but really show that you are looking for an opportunity and you have the world to prove to them.

      [22:13] CS: Yeah, you’re looking for a life’s mission rather than a next job.

      [22:19] AG: Exactly.

      [22:21] CS: I guess we had another person who’s an expert in red teaming last week, and I don’t know if this applies here, but with the recent shelter-in-place orders due to COVID-19 happening worldwide, I’m assuming that attack services has shifted a bit, but obviously hackers and bad actors, if anything, stepped their game up. Have you seen any different amidst the current pandemic with the way your company has to do its work? Do you find that hackers are behaving differently at all in April 2020 than they were a few months ago?

      [22:49] AG: Oh, yeah. Absolutely, right? I think even the hackers probably have extra time now being at home. I think that in this case we’re seeing a lot of – Two things. I would say a lot of that has to do with the compromise. There’s just an increase. People are using breached data to hack into accounts now. It’s more prevalent now than ever.

      The second thing, what I was going to mention, is disinformation campaigns. We’re seeing so many different new stories whether beyond Twitter or Facebook, but just lost information that’s even given by officials in the US because they must be important. I think that’s probably the most dangerous thing. As we talk about evolution of threat trends. Surprisingly, this threat trend is not malware, right? It’s not something that’s so sneaky or something that’s –

      [23:45] CS: Human element. Yeah.

      [23:46] AG: Yeah. It’s something that’s very obvious. This information campaigns that we’re seeing are who started COVID? Is it because of 5G-related things? Which just sound ridiculous, right? It’s kind of like anti-vaccine but on like on a 20, 30X scale being a problem bigger.

      [24:09] CS: Yeah. I mean, does what you do, do you guys have any ability to sort of impact these information campaigns? That feels to me like a different battle from going after specific actors.

      [24:21] AG: Yeah. One of the things I didn’t mention is that we also have another platform that does a lot of sentiment analysis for social media as well as just like the general surface web. So we’re able to detect a lot of different sentiments that are being pushed out from accounts, and we can actually map out where certain messages are being pushed by geo-location but as well as the types of people. We can categorize a lot of users as well. We could really boil the ocean of where these kinds of campaigns are moving from.

      Of course, with our attribution capability, we’re able to even detect let’s say for election campaigns and seeing who is spreading false information and what accounts belong in that nefarious or malicious infrastructure, right? We can kind of pinpoint which countries or companies are actually pushing this kind of information for confusion and for chaos.

      [25:19] CS: If people are suspecting that some of these stories smell a bit funny or whatever, like do you sort of report your findings in terms of like figuring out where these disenfranchised campaigns are coming from? If so, where would people look for this kind of information?

      [25:33] AG: Yeah, actually we do post some of these stuff on our website when we find these things, but I think the best thing to do is to kind of ask yourself all the time, “Is this real or not?” I mean, I’m not sure if you’re in family WhatsApp chats or not, but mom will always send me things like – Things that are clearly fake. This is the new type of attack and it’s just a scare tactic or a scary new story that just happened. My mom listeners, so she’s probably really mad at me that I called her out. But it’s true, right? A lot of people do get confused by the information because they don’t know how to trust it, right?

      I think everyone should just be a good citizen and just kind of take it at face value and kind of deep in deeper. Have the curiosity built in as an intelligent analyst or just a curious person to make sure that these do sound real and of course check a bunch of different new sources just to make sure.

      [26:34] CS: Yeah, do your due diligence. It’s not enough to just find the thing that sounds good. I want to sort of ask you from a general securities perspective, and especially as someone’s who’s a former red team leader or maybe still do some of that, but are there any suggestions you might have for the currently scattered organizations out there? Everyone’s sort of working from home, working in offside or in unusual places to make sure that their temporarily displaced staff or IT department aren’t inadvertently creating huge security crisis?

      [27:03] AG: Yeah, absolutely. The first thing that we see, like the obvious thing is something like Zoom, right? How do they hack open rooms available to join, right? Open invitations. It’s kind of scary, right? But of course there’re a lot of these measures. You can just Google top five ways to protect our Zoom accounts and stuff like that. For scattered security professionals at this moment, I’d say there’s like probably three big things to really focus on, and this is the same approach that I took at Goldman Sachs when we led the red team there. But there’s three – The first thing would like thought experiments, right?

      As there’s a mobile workforce and everything is different now, I think that understanding what your applications are and kind of thinking about it, like how can an attacker or anyone else that’s unauthorized get into this, right? Just have different scenarios in your head, right? I think that’s really easy to do. I think as security professionals being like naturally paranoid. People are always thinking about this, but a lot of times they don’t write it down or escalate it more saying that, “Hey, we should consider these types of threats.”

      Doing some like general thought experiments, whether you’re planting something in your garden or taking a shower, always be thinking about that kind of stuff because if you realize it, that means that it must be real.

      The second thing is like war gaming it up? Not only war gaming certain threats, but also approaching it the way an adversary would. If I were to play every step of this out, like what are those things we should be considering and what controls we put in today in order to potentially prevent an incident like that? It evolves from of course a thought experiment, war gaming and then to actually doing a pen test on it. See if things are actually exploitable. I think just find those war games are always helpful to mature your security.

      [29:04] CS: Perfect. As we wrap up today, what are some technologies or tactics that are might be coming soon to the world cyber attribution intelligence? What are some things that you can see new tools available to you that you’re looking forward to 2020, 21 and beyond?

      [29:18] AG: Yeah. I would say – Like I mentioned, like this information is a huge thing, right? I think that just information is going to continue to grow and that’s going to continue to be a large threat. But from the attribution perspective in general, I think that we’re seeing that a lot of organizations from financial and law enforcement are actually adapting some type of attribution program, I think that’s awesome, because working with financial organizations and government, but as well as commercial. I know that security teams broadened and anti-money laundering teams are usually siloed. They should never talk to each other? But we’re noticing that a lot of crime is cyber-enabled. So we’re seeing this huge shift from leading innovative – The leading and innovative fangs fuse these two teams together, which I love, right? It’s great to have collaboration. It’s great to understand that there’s a lot of cyber-enabled malware, and that malware is directly impacting fraud. It’s obvious that they should be talking to each other, and I think that’s probably the biggest trend that we’re going to see, is financial organizations are going to mature in that space and hopefully reduce the amount of cybercrime.

      [30:43] CS: Okay. I want to sort of end in sort of a philosophical note here, but if you could kind of wave a magic wand and sort of make all of these work out, what are the sort of blockades right now? Would you want to see more sort of cyber attribution? Do you want to see sort of more people taking the fight? What would be like an optimal version where there’s sort of enough counter-attackers to take out the attackers and things like that? What does that landscape look like to you?

      [31:08] AG: Well, yeah. If I could just wave a magic wand, I’d probably get rid of all the cyber criminals.

      [31:14] CS: Yeah, and you’re gone with it.

      [31:16] AG: Yeah, I think authority, right? I think that in general whether it’d be espionage related, cyberattacks or it might cybercrime related, I think that private organizations are sitting ducks. The government has not given any kind of authority or ability for organizations to hack back or even retrieve their data back, right? It’s just not a concept that’s real. I think that – Obviously, the government is not going to too much about it. They already have their hands tight trying to protect their own government networks, right? Impossible that they would support any kind of private organization and you show favoritism. Yeah, it’s just not clear, right? If banks or private organizations in general has the authority to take control, I think that would probably the best way to do it.

      Of course, there’s a lot of downside to it. How do you verify you’ve been hacked by this person or this organization? Usually a lot of things, but I think that having that authority would really help. It’s like the old – The letter of marque and reprisal just like the way ships to bet taking down by pirates, when things gets stolen by pirates, there’s the letter of marque and reprisal where ships or kind of like captains of these ships had authority to get their stuff back and defend themselves. I think it’s the type of policy that we should have for organizations, because there is a constant exfiltration of intellectual property that that’s happening here that what makes America great is actually – It’s being diluted by counterfeits and stolen information that we made.

      [33:04] CS: One last question today, if listeners want to know more about Amyn Gilani or 4iQ, where they can go online?

      [33:10] AG: Well, LinkedIn. Amyngillani is my LinkedIn. Then 4iQ, we’re always doing stuff. So please keep an eye out for us. One of the biggest things that we’ve put out recently is that we’re offering our identity theft services out to all healthcare providers and hospitals. You guys can go to our website and check that out and have some free help for a few months.

      [33:39] CS: 4iG is just numeral 4, letter I, letter G.com?

      [33:42] AG: 4iQ. Yeah.

      [33:43] CS: 4iQ. Sorry. Of course. Numeral 4, letter I, letter Q.com.

      [33:49] AG: Absolutely.

      [33:49] CS: Okay. Amyn, thank you again for being here today. This was fascinating. We could go on and on, but I will let you go today. Thank you again.

      [33:56] AG: Thank you so much.

      [33:57] CS: Thank you all for listening and watching today. If you enjoy today’s video, you can find many more on our YouTube page. Just go to youtube.com and type in Cyber Work with Infosec to check out our collection of tutorials, interviews and past webinars. If you’d rather have us in your ears during your workday, all of our videos are also available as audio podcasts. Just search Cyber Work with Infosec in your podcast catcher of your choice, and if you wouldn’t mind, leave a rating and review on your podcast catcher of choice. It really does help us out.

      For a free month of our infosec skills platform that we discussed in today’s show, just go to infosecinstitute.com/skills and sign up for an account and then in the coupon code type in the word cyberwork, all one word, all small letters, no spaces, and get your free month.

      Thank you once again to Amyn Gilani and thank you all again for watching and listening. We will speak to you next week. Stay safe.

Free team skill and certification training

Give your entire team (10 or more) access to hundreds of on-demand courses and hands-on labs — free for 30 days!

Get Started

About Cyber Work

Knowledge is your best defense against cybercrime. Each week on Cyber Work, host Chris Sienko sits down with a new industry thought leader to discuss the latest cybersecurity trends — and how those trends are affecting the work of infosec professionals. Together we’ll empower everyone with the knowledge to stay one step ahead of the bad guys.

Special offer for Cyber Work listeners

Use code "cyberwork" to get a FREE month of Infosec Skills