Signal › Contributors

Samir Haddad

Cybersecurity at Signal · Dubai, UAE

I started in cybersecurity at Mandiant (now part of Google Cloud) in 2016, on the incident response team. For three years, my job was to fly to companies that had been breached and figure out what happened. I've responded to incidents at Fortune 100 companies, hospitals, government agencies, and a casino. The casino breach was the most interesting. The hospital breach was the most disturbing. I still think about the hospital.

Incident response teaches you things that vulnerability scanners can't. You learn that breaches don't happen because of sophisticated zero-day exploits. They happen because someone clicked a phishing link six months ago, the attacker moved laterally through the network using credentials that should have been rotated, and nobody noticed because the SIEM was generating 10,000 alerts a day and the security team had two people. The pattern is depressingly consistent.

I left Mandiant for CrowdStrike in 2019, joining the threat intelligence team. My focus was on tracking ransomware groups, specifically the economics of ransomware as a business. Ransomware groups operate like startups: they have developers, operators, negotiators, and affiliates. They have pricing strategies and customer service. Some of them have better operational discipline than the companies they attack. Understanding the adversary's business model is, I believe, more valuable than understanding their technical capabilities.

At CrowdStrike, I also got a front-row seat to the cybersecurity vendor landscape. There are over 3,500 cybersecurity companies. Most of them sell overlapping products to overwhelmed CISOs who can't evaluate them. The average enterprise has 70+ security tools, and the mean time to detect a breach is still 200+ days. The industry has a product problem and a signal-to-noise problem, and more tools won't solve either.

I left CrowdStrike in 2024 to write about cybersecurity for people who make business decisions. Not technical deep dives into malware (there are excellent researchers who do that), but the strategic layer: how should a board think about cyber risk? What's the actual ROI of a SOC? Why do companies keep getting breached in the same ways? What can we learn from the adversary's business model?

I'm based in Dubai, which has become a surprisingly important cybersecurity hub. I grew up in Beirut, studied in Montreal, and have worked on four continents. I speak Arabic, French, and English. I box at a gym in JBR, I collect mechanical watches (the irony of a cybersecurity person who loves analog devices is not lost on me), and I believe that cybersecurity is fundamentally a human problem, not a technology problem.

Experience

Threat Intelligence, CrowdStrike
Incident Response, Mandiant
BSc Computer Science, McGill University

Articles by Samir Haddad (4)

PR Wire Services Are Back. Here Is Why AI Search Made Them Matter Again.Four tools claim to measure AI search visibility. Three are doing different things. Here is what each actually measures, what it costs, and when to us · May 25, 2026 PWAs and AEO: Why Service Workers Are Cannibalizing Your AI Crawl BudgetQuora's organic traffic has collapsed by an order of magnitude since 2020, yet ChatGPT, Claude, and Perplexity still cite well-written Quora answers a · May 25, 2026 Customer Success Case Studies: Structure Them So LLMs Cite Your NumbersCISOs are running EDR, XDR, SIEM, CNAPP and SSPM shortlists through Perplexity and ChatGPT before they ever open a Gartner Magic Quadrant — and the cy · May 25, 2026 Geo Experiments Prove AEO Works: The ZIP-Code Holdout MethodologyProfound Academy, SEMrush Academy AEO tracks, HubSpot Academy, and Coursera AI Marketing pulled in over 180,000 enrollments in the first nine months o · May 26, 2026