Staying Ahead with Threat Intelligence: Almir Menezes of Qriar On How to Stay Informed and Agile About New Cyber Security Threats

An Interview With David Leichner

A third thing we must do is be ready for the inevitable cyber incident that will happen sooner or later. This means creating an incident response plan with detailed instructions regarding what to do, who to inform, and how to act in case of a cyber attack. This plan should have the expected outcomes for each situation and timelines for each action. It should also be reviewed and updated regularly and tested and practiced periodically. Additionally, it means having a recovery plan that outlines how to restore normal operations and prevent future incidents.

In the ever-evolving landscape of cybersecurity, keeping abreast of the latest threats, vulnerabilities, and emerging trends is paramount. This becomes increasingly significant as malicious AI poses new challenges. How do Chief Product Security Officers (CPSOs) stay informed about these factors relevant to their organization’s products? More importantly, how do they integrate this vital threat intelligence into their security strategies? As a part of this series, I had the pleasure of interviewing Almir Menezes.

Almir Menezes is the Founder and CEO of Qriar, where he drives the company’s success in the cybersecurity industry with over two decades of experience. Under Almir’s leadership, Qriar has become a trusted partner for enterprises seeking robust and innovative security solutions. His strategic direction and hands-on approach have empowered his team to deliver tailored security programs that enhance productivity, build customer trust, and foster business growth.

Almir’s efforts have positioned Qriar as a leader in the field, earning prestigious recognition such as being named one of the “10 IBM Solution Providers to Watch” in 2022. Passionate about digital literacy, Almir is dedicated to empowering individuals and businesses to excel in the digital age, ensuring they are equipped with the tools needed to thrive in an increasingly complex digital world.

Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?

I grew up in Brasília, Brazil’s capital, in a humble but vibrant neighborhood where my family and community significantly shaped who I am today. My parents worked incredibly hard to provide for us, teaching me that perseverance and hard work are crucial to achieving one’s goals.

My older brother was a particularly influential figure in my life, personally and professionally. He served as a role model, demonstrating qualities of determination and excellence that I aspired to emulate.

From a young age, I was driven by three main passions. I loved assembling and disassembling toys and other objects, driven by a deep curiosity about how things worked. This curiosity drove me to understand how things worked, which naturally steered me toward a career in technology and cybersecurity.

This fascination with understanding mechanisms extended to my first encounter with computers. In the 1980s, my family purchased our first personal computer, a TK95.

What intrigued me most wasn’t just the games or simple applications but the machine’s inner workings. My most significant curiosity was understanding how it performed its magic behind the screen.

Second, I loved drawing and being as creative as possible. This creative outlet was essential for me to explore and express my ideas.

Lastly, I had a deep-seated interest in understanding and helping people. Whether through problem-solving or providing support, I found fulfillment in positively impacting others.

After high school, I moved to João Pessoa, a city by the sea in northeast Brazil, where I still have some relatives. I decided to study civil engineering at the University there; after all, assembling things was one of my childhood passions, right? But I soon realized it wasn’t my true calling. I returned to Brasília to pursue my other passions. Drawing and understanding how the machine works. So, I applied and started two other graduations (Computer Science and Industrial Design ) at two different universities. In the end, Computer Science was what was really wanted, driven by my deep-seated passion for technology.

Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.

My career in cybersecurity was inspired by a combination of my personal values and professional goals.

I have always been passionate about creating something meaningful and lasting that would positively impact the world and its people. I have also always been interested in technology and innovation and how they can be used to solve problems and improve lives.

However, working for and with big/multinational companies, where the culture was to make money at any cost, taught me many things, including what I do not want to do for life.

Of course, making money is important, but it cannot be the only thing. It cannot be what drives you forward without worrying about how people will be affected during the process. We must find a way to leave something better to the next generation.

Cybersecurity emerged for me at the same time I decided to open my own company with Luis Felipe, my business partner on this journey. Three questions drove our decision: “How can we help people/companies?” “How to create a legacy?” and “How to survive and strive in the market during the process?” In other words, “How do we create something completely different?”

Cybersecurity was not a trend before AI, before the pandemic, and even before many cyber regulations. Still, it was already an issue for companies, people, national security, and the world in general. So we decided to invest our knowledge and effort in helping somehow.

That is how QRIAR was born. Yes, with a “Q” to clearly show the market our intention: “A company that wants to democratize cybersecurity and create — in a different way — a new and secure world.”

Can you share the most interesting story that happened to you since you began this fascinating career?

One of the most exciting experiences I’ve had since beginning my career dates back to 1992, a pivotal moment when I faced a significant crossroads. At that time, I had the opportunity to start my own company with a friend. This prospect was exciting, and we were both brimming with energy and ambition. However, we were also confronted with a challenging economic and political environment in Brazil, which was unfavorable for new investments. We had no financial support, just a lot of willpower and determination but limited resources and experience.

As I was weighing this opportunity, I applied for a position at Xerox S.A., a multinational company. Surprisingly, they called me the same week I was invited to start this new venture. The offer from Xerox came with a guaranteed salary and the added benefit of covering 50% of any IT graduation course, which was crucial for me at the time since I needed to help my father with the costs of my Computer Science degree.

The decision was tough: on the one hand, the security of a stable salary and educational support; on the other, the uncertainty of entrepreneurship with no immediate financial backing. Ultimately, I accepted the Xerox position, valuing its stability and support.

While I didn’t pursue the startup venture then, the experience left a lasting impression. It ignited a deep-seated ambition to venture into entrepreneurship eventually. I promised myself I would return to this dream when the conditions were more favorable, with more experience and resources. This drive and determination to create something of my own has stayed with me throughout my career, and it’s a big part of why I eventually co-founded Qriar and Qriar Labs.

The story of that decision reminds us how pivotal moments and choices shape our career paths and how experiences, even those involving missed opportunities, can fuel future aspirations and drive.

You are a successful leader. Which three character traits do you think were most instrumental to your success? Can you please share a story or example for each?

This is a fascinating topic. I believe that we can master almost anything and adapt to various circumstances. Yet, there are innate aspects of ourselves that we cannot learn — they emerge naturally, often under stress: that’s our character.

Whether you’re an intern at a small firm or the head of a Forbes top-ten billion-dollar corporation, maintaining strong character traits will garner respect, trust, and leadership.

The three character traits I consciously incorporate into my daily professional life are:

• Ethics and honesty: I learned quickly that you must be committed to ethics, and honesty can help you build trust and reliability in your professional relationships. In business dealings, you must remain severe and sincere. You must rely solely on effort and reject shortcuts. There are no easy successes and no free lunch. Whether in personal or professional spheres, you must be respectful and clear-cut. Overpromising can not be the regular practice — Deliver what you commit to and expect the same level of commitment from your pairs.
• Empathy: It is an excellent practice to strive to understand others by seeing things from their perspective. Recognize what drives your employees and partners and support their objectives. By genuinely listening to customers, be more than a vendor; Become a genuine ally. Offer insights and solutions, even when they may not directly benefit you. Believe, they’ll remember who stood by them in times of need.
• Persistence: it can help you stay determined and focused on your goals.

Fervently pursue your aspirations and convictions, but do this astutely. Plan and execute your moves methodically, considering context, and adjust your approach when necessary. Always bear in mind the thin line between determination and obstinance.

Are you working on any exciting new projects now? How do you think that will help people?

We are working on some exciting and innovative new projects at Qriar Labs that aim to impact the cybersecurity and integration fields significantly. Since starting in 2021, our goal has been to fill gaps in the market and make cybersecurity more accessible to everyone.

One of our key initiatives is the development of cutting-edge products designed to empower organizations by offering innovative solutions that foster flexibility and freedom from vendor lock-in. By adopting open standards, our products enable organizations to tailor their technology infrastructure to meet their specific needs without being constrained by proprietary solutions. This approach enhances security and supports scalability and sustainability, which are crucial in today’s rapidly evolving cybersecurity and integration landscape.

Our products are designed to be effective and widely accessible as we strive to bring sophisticated cybersecurity to a larger audience. We understand that building trust in a highly competitive market takes time, and we’ve invested significant resources into establishing a reputation that allows us to introduce and support new products confidently.

Overall, this project reflects our commitment to innovation and our dedication to helping organizations protect themselves against emerging threats while ensuring they have the flexibility to adapt their technology to their unique requirements. We’re excited about the potential impact of these developments and look forward to seeing how they will help organizations achieve higher security and operational efficiency.

How do emerging technologies like AI and machine learning influence the risk to the cybersecurity landscape?

AI and machine learning can influence the risk for the cybersecurity scenario in both positive and negative ways. On one hand, these technologies can help to detect, prevent, and combat cyber threats, such as malware, phishing, ransomware, fraud, and targeted attacks. On the other hand, they can also be used by malicious agents to create more sophisticated, personalized, and stealthy attacks that exploit the human and technical vulnerabilities of the information systems. Some examples of potential risks involving AI and machine learning are:

• Improvement of social engineering: inducing human curiosity to click on a link or file that was sent by email, based on social engineering, and that triggers an action of stealing credentials or sensitive data (phishing).
• Ransomware: it involves encrypting and kidnapping data and demanding a ransom in exchange for the return of the data or access to important company systems.
• Silent Attacks: Attacks increasingly silent, specific, and sophisticated: use of deep learning techniques, data analysis, and content generation to create campaigns of disinformation, espionage, sabotage, or manipulation of public opinion.
• Sophisticated frauds: It includes direct calls from the bank or the credit card operator, imitating people’s voices and mannerisms, and using voice synthesis and speech recognition based on AI.

Could you highlight the types of cyber attacks that you find most concerning today, and why?

Some of the types of cyber attacks that I find most concerning today are:

• Phishing — The rapid evolution of AI has significantly enhanced the sophistication of phishing attacks. AI can now generate emails with natural-sounding language that are nearly indistinguishable from genuine ones, rendering traditional countermeasures ineffective. This advancement in AI poses a serious threat, as phishing can lead to identity theft, financial losses, or ransomware infections.
• Malware — Companies are embracing AI as never before. New business solutions have been generated and adopted as quickly as possible. Unfortunately, most of the time, there are no concerns regarding the code quality from a security perspective. Those AI systems and codes can contain many backdoors that malicious hackers could exploit. Malware can compromise the confidentiality, integrity, and availability of data and systems and cause severe damage to organizations and individuals. We need to ask about the code quality generated automatically by AI before using those systems/apps in a productive environment and perform rigorous security testing and auditing to ensure they are free of vulnerabilities and malware.
• Misinformation — When we talk about generative AI, the quality of the information it can provide depends directly on the quality of the source and the capacity to conflate two things that are sometimes unrelated. It can produce what we call hallucination Hallucination is when AI generates false or misleading information that is not supported by evidence or logic. So, if an attacker injects wrong/malicious information into the body of knowledge, such as a data lake on which the system/app is based, it can compromise the integrity of the result. Misinformation can erode trust, influence opinions, manipulate decisions, and harm reputations.
• Deep Fakes — The capabilities of generative AI have reached a point where it can convincingly replicate our image, likeness, mannerisms, voice, and appearance. Deep fakes, as these synthetic media are called, use AI to manipulate the audiovisual content of real people or events. They can be used for malicious purposes such as impersonation, defamation, fraud, blackmail, or propaganda. The potential harm caused by deep fakes is significant-they can undermine the credibility of evidence, create confusion and doubt, and violate the privacy and dignity of individuals. To counter this, we must be vigilant and critical when consuming media content, and use tools and methods that can detect and expose deep fakes.

Can you share an example of a real-world incident or threat related to malicious AI that you’ve encountered, and how you responded to it? What lessons did you learn from that experience?

Our company has not faced any incident or threat related to malicious AI until this interview. Still, one of the most recent and alarming examples of malicious AI I remember was the deepfake scam targeting a Hong Kong-based multinational company in February 2024. A deepfake is a synthetic media that uses AI to manipulate or generate realistic images, videos, or audio of someone or something. In this case, the scammers used deepfake technology to create a fake virtual meeting where every attendee, including the chief financial officer (CFO), was a computer-generated impostor. The scammers then convinced a clerk to execute a monetary transaction of HK $200 million (US $25.6 million) to a fraudulent account, claiming it was an urgent and confidential matter. The clerk only realized he was talking to fake people when it was too late.

This incident showed how sophisticated and convincing deepfake technology can be, how it can exploit human trust and bypass security measures, and how vulnerable organizations and individuals can be to social engineering tactics that use AI to manipulate or deceive them.

Our team has developed a guideline for this specific scenario despite never having faced a cybersecurity situation like this. Here are some actions from this guide:

• Analyze the source and content of the deep fake video and audio and confirm that they were generated by an advanced AI model that used a large amount of data and computing power.
• Trace the origin and destination of the fraudulent video and report it to the relevant authorities and financial institutions.
• Contacted the real CFO and other organization executives and verified their identities and locations.
• Advise the organization to implement more robust authentication and verification procedures for financial transactions, such as using multi-factor authentication, encryption, digital signatures, or biometric data.
• Educate the organization’s employees on how to recognize and avoid deepfake scams, such as checking the source and the quality of the media, looking for inconsistencies or anomalies, asking for confirmation or proof, or contacting the person directly.
• Educate the organization’s employees on checking if the information, data, and transactions asked make sense to the public who was in the meeting and for the company’s financial policies before processing any transaction, no matter who asked for it.

What advice do you have for organizations that are in the early stages of developing a security strategy for AI systems? What are the key or guiding principles they should follow? Could you walk us through the recommended steps to take immediately after a cyber attack is detected?

Here is some advice to organizations that are in the early stages of developing a security strategy for AI systems:

• Ensure that all data used for decision-making is reliable, accurate, and up-to-date.
• Train AI systems constantly based on the most up-to-date data and develop prompt patterns to perform queries for large language models (LLMs) to obtain the desired results.
• Create sophisticated governance models that ensure transparency, accountability, and fairness for all stakeholders involved in developing and using AI systems.
• Consider AI systems’ ethical, social, and legal implications and respect the rights and privacy of individuals and groups.

I think any organization that wants to develop a security strategy for AI systems should follow some of those principles:

• Implement Responsible AI systems that align with the organization’s values and mission and foster a culture that encourages and prioritizes ethical AI practices.
• Ensure Ethical and Fair Use of Automated Decisions by following the principles of lawfulness, data privacy, risk mitigation, social impact, and human oversight.
• Build trust and transparency by communicating clearly and honestly about AI systems’ purpose, capabilities, and limitations and providing feedback and redress mechanisms.
• Enhance Diversity and Inclusion by ensuring that diverse and representative teams design and test AI systems and do not discriminate or exclude groups or individuals.

It is crucial to have an incident response plan in place to respond to cyber-attacks quickly and effectively. An incident response plan is a document that outlines the roles, responsibilities, and procedures for detecting, containing, analyzing, mitigating, and recovering from security incidents. An efficient plan, among other elements, must include procedures for identifying, containing, mitigating, and recovering from breaches. These plans should involve both the organization and the third-party vendor. Incident response plans ensure a coordinated and organized response to security incidents, minimizing damage and downtime. They also promote transparency and collaboration between the organization and its vendors, facilitating a unified approach to security.

What are the “5 Things You Need To Stay Informed And Agile About New Cyber Security Threats” and why?

Cyber security is a constantly evolving field that requires constant vigilance and adaptation. Cyber threats can come from various sources, such as hackers, criminals, terrorists, state actors, or even insiders. They can target different assets like data, systems, networks, devices, or even people. They can also use different methods, such as social engineering through phishing, malware or ransomware attacks, third-party exposure, cloud vulnerabilities, IoT device attacks, and denial-of-service attacks. The consequences of cyber attacks can be devastating, such as financial losses, reputational damage, legal liabilities, operational disruptions, or even physical harm. So, I can point out for any organizations and cybersecurity professionals who need to stay informed and agile about new cybersecurity threats the 5 pieces of advice below:

• Stay Tuned

One of the first things we must do is stay curious and well-informed regarding old and new cyber security threats. This means finding new, trustworthy, and updated sources of information, such as cyber security blogs, podcasts, newsletters, webinars, or courses. It also means continuing to learn and update your skills and knowledge of cybersecurity best practices, standards, and frameworks. Moreover, it means creating and testing proactive measures to avoid or at least mitigate the impact of cyber threats, such as backups, encryption, firewalls, antivirus, or multifactor authentication.

• Be Suspicious

Another thing we need to do is to be suspicious of anything that seems too good to be true or too bad to be ignored on the internet. This means subscribing to and staying updated with reliable alert sources, such as cyber security companies, government agencies, or consumer protection organizations. It also means verifying the authenticity and legitimacy of any email, message, call, or website that asks for our personal or financial information or offers us something for free or at a very low price. Furthermore, it means reporting suspicious or malicious activity to the relevant authorities or platforms.

• Be Ready

A third thing we must do is be ready for the inevitable cyber incident that will happen sooner or later. This means creating an incident response plan with detailed instructions regarding what to do, who to inform, and how to act in case of a cyber attack. This plan should have the expected outcomes for each situation and timelines for each action. It should also be reviewed and updated regularly and tested and practiced periodically. Additionally, it means having a recovery plan that outlines how to restore normal operations and prevent future incidents.

• Use the Technology

A fourth thing we need to do is to use the available technology to help us prevent, detect, and respond to cyber threats. This means investing in and deploying security tools that can support the cyber security team in monitoring, analyzing, and taking action on the security alerts we face. These tools can include security information and event management (SIEM), endpoint detection and response (EDR), network security monitoring (NSM), or threat intelligence platforms (TIP). They can also leverage artificial intelligence (AI) and machine learning (ML) to enhance their capabilities and efficiency.

• Always Ask Yourself About the Security Drawbacks

A fifth thing we need to do is always ask ourselves about the potential security drawbacks of any new technology we adopt or implement. This means being aware of the risks and vulnerabilities that any new technology can introduce to our organization or personal life, such as IA, cloud computing, the Internet of Things (IoT), or blockchain. It also means testing any new technology before implementing it in a production environment and following the principle of least privilege. This means granting the minimum access and permissions necessary for the technology to function. Moreover, it means applying the principle of defense in depth, which means using multiple layers of security controls to protect our assets.

You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. :-)

If I could inspire a movement, it would focus on digital literacy and empowerment. By equipping people with the skills and tools to navigate and innovate in the digital world, we could unlock new opportunities, drive social change, and ensure everyone has a voice in our tech-driven future

How can our readers further follow your work online?

You can follow along with us on LinkedIn at https://www.linkedin.com/company/qriar-technologies-north-america/.

This was very inspiring and informative. Thank you so much for the time you spent with this interview!

Thank you so much!

About The Interviewer: David Leichner is a veteran of the Israeli high-tech industry with significant experience in the areas of cyber and security, enterprise software and communications. At Cybellum, a leading provider of Product Security Lifecycle Management, David is responsible for creating and executing the marketing strategy and managing the global marketing team that forms the foundation for Cybellum’s product and market penetration. Prior to Cybellum, David was CMO at SQream and VP Sales and Marketing at endpoint protection vendor, Cynet. David is a member of the Board of Trustees of the Jerusalem Technology College. He holds a BA in Information Systems Management and an MBA in International Business from the City University of New York.