Q: ["In your own experience, how would you define phishing?]

A: Using some form of internet communication to decieve and individual to convince them to provide information they would otherwise not

Q: ["What was phishing like at the start of your career. Such as how common was it, how sophisticated, was it convincing?"]

A: Phishing was less convincing in the past, less sophisticated. Two things that have changed to make it more useful to threat actors is AI and how much emphasis companies place on identity security such as authentication like multifactor security as 3 distinct metagames. when things started, security was all about securing external network and firewalls and such. then when covid, and remote work, security moved to endpoint, like computer and EDR's used to prevent directly on the machine. In recent times, moved to identity. How you as an individual authenticated and authorship.

Q: ["How do you see AI and LLM's being used in the field, and in particular for phishing?"]

A: Making it a lot faster to send out phishing emails. threat actors are able to automate the process. A lot more convincing emails, perfect english, etc. Everyone uses AI for emails, so it blends in. Other areas: AI used in anomaly detection, finding if user things are abnormal. Log analasys, automated scanning, code generation.

Other: On one of his teams, they are AI able to parse through logs of cases and can work through cases in about a day, where it used to take about a week. Cyber data is multiplying; there will never be code. Even with automation, the number of cases keeps increasing. Big reason AI is scary, that students see work as a start and end point, but the real world is a lot more flowing and ambigous. Cyber is interesting because the work of a single attacker might take multiple teams of defenders to analyse and defend. Very asymmetric, very useful for defending, especially if the user attacking uses it as well.

Q: ["In your own experience, how would you define phishing?]

A: It's attacking the human. Setting out a piece of bait so that someone goes often the beaten path and can then be compromised.

Q: ["What was phishing like at the start of your career. Such as how common was it, how sophisticated, was it convincing?"]

A: It was much less common back then because people there weren't lists like there are now. Back then they didn't have your email unless you went some place like a concert and gave it out. Now it's very easy to get. Phishing is harder to detect now too because of AI. It also was more prevalent in ads with less protections against it. Email providers track and block a lot now and ad hosters are more strict.

Q: ["How do you see AI and LLM's being used in the field, and in particular for phishing?"]

A: Back when I started the canonical example of phishing attack was a Nigerian prince and the attack itself usually involved lending money. Those were fairly easy to recognize but with the advent of AI, it's harder to recognize that it's a malicous actor creating an email making generation or even assisted generation a big use case. The other is enabling malcious actors to easily find vulnerable targets with LLMs scanning the web and reporting them. Something like knowing when a person is out on vacation to use that piece of information in an attack on them.