From Newcomer Dreams to AI-Driven Cyber Defense

  • Blog, Insights

Top News in Cyber Defence

From Newcomer Dreams to AI-Driven Cyber Defense

From Newcomer Dreams to AI-Driven Cyber Defense

By Miran Qarachatani

Hey there, I’m Miran. I’m a junior developer working on cybersecurity and AI at White Tuque and studying computer science in my final year at Lakehead University. Four years ago, I stepped off a plane in Canada with big dreams and no clear roadmap. Today, this country has welcomed me with open arms and given me the freedom to become who I wanted to be. Now I want to give back through my research in AI and helping Canadian businesses become more secure.

 

The Beginning

 

I chose computer science because it’s one of the fields that will create the biggest impact in the world. There’s something deeply satisfying about seeing your creations come to life on screen and solving all the subproblems of a complex project. More importantly, we’re living through a historical moment. Think of it like specializing in steam engines during the industrial revolution or working on the printing press when it was invented. AI isn’t just a technical trend. It’s a new paradigm of human existence, and I wanted to be actively part of that instead of just watching.

My program is a collaboration between Georgian College and Lakehead University, with the first two years at Georgian in Barrie and the last two on Lakehead’s Orillia campus. Lakehead offered me theory, while Georgian got my hands dirty. I’ve been fortunate to have exceptional professors at both schools. I’d need a whole blog for each to give them proper credit.

Richard Freeman, my mentor and professor who taught me three courses, has been pivotal in both my personal and professional development. Aside from teaching, he’s involved with Georgian’s Research and Innovation department, where they collaborate with industry partners, local businesses, and students to build innovative projects. As a student who showed curiosity and work ethic, Rich reached out to me about the opportunity to work on something exciting part-time over the winter alongside my studies. Getting more hands-on experience while working with my favorite professor was an instant yes.

 

Meeting White Tuque

 

My work involved a project with White Tuque, a young company led by pros on the cybersecurity operations side. The idea was to develop a client portal to simplify cybersecurity for organizations without compromising efficiency. The vision was compelling. Not only did I get to work flexibly with people I liked, but I also got to work on something I was truly passionate about.

The project was just a vision at first, so starting from scratch, I handled everything from database architecture to choosing a technology stack and design. Working with Rob the founder, and Laura, the CEO was invaluable. I learn a lot at our weekly meetings, seeing things from their experienced point-of-view.

Rob has extensive experience in incident response across large organizations and a unique product vision for an all-in-one cybersecurity platform that makes security both simple and engaging. His gaming-inspired approach to cybersecurity solutions brought a perspective that I found exciting to work with.

Laura, with her systems design engineering background and leadership experience, consistently asked detailed questions that made us realize critical considerations we might have otherwise missed. Her attention to system design and operational details helped ensure we were building something robust and practical. I feel very fortunate to have gotten a glimpse of their knowledge and insights, with more exciting work ahead in the coming fall semester.

After four semesters of rewarding work and great progress, AI was always in the back of my mind. I was learning it on the side, and when I received the opportunity to work on using AI for vulnerability repair at Polytechnique Montréal with Professor Foutse Khomh (one of the leading researchers in software engineering), I had to say yes.

While being excited for my Montréal opportunity, I didn’t want to leave my work at White Tuque. This project was my baby; I was on it when it was just an idea, and now it’s a living application. Furthermore, my experience with AI was directly relevant to my work at White Tuque. When I approached White Tuque with this situation, I was fortunate to get the offer and join their team directly on a part-time basis, which allowed me to be exposed to both theory and application, exactly where I want to be.

Join the crowd at Saint Joseph’s Oratory to see the sun go down over the city. It’s the biggest church in Canada and has a beautiful view.

The Montréal Chapter

 

I moved to Montréal in May to dive into vulnerability repair research. Here’s the problem:  A vulnerability is basically a bug that lets attackers make software do things it shouldn’t.  Since the modern world runs on software, if someone can make your software behave as they want, they can cause a lot of damage.

It’s surprisingly easy to create vulnerabilities. Software is complex, and sometimes a vulnerable line of code will have cascading effects on everything that depends on it. Every software system is like Lego blocks put together, and if you have one vulnerable piece, it can take down your whole business. With millions of lines of code involved, it’s very difficult and time-consuming for developers to patch vulnerabilities manually. That’s why an automatic way to create patches is invaluable.  Large Language Models (LLMs) like ChatGPT, with their ability to generate code, have opened doors to a new way to tackle this problem that is more efficient than traditional methods.

Nonetheless, vulnerability repair remains a challenge, especially for large software and complex software.  LLMs still hallucinate and fail to understand the complexity of the systems as a whole. Sometimes they generate new vulnerabilities, change functionality, or fail to fix existing ones completely.

 

The Research

 

My research explores techniques to help them generate better patches. Specifically, I’m using a technique called retrieval-augmented generation to help LLMs understand code beyond just the isolated function, to understand the project as a whole and break down the problem in steps. The approach detects the vulnerability, adds additional context about that type, and repeats over an iterative process until a good patch is created.

It’s nuanced work. Vulnerabilities don’t follow simple patterns. They require understanding full systems without disrupting performance. I tested my approach on many large programming projects including the Linux Kernel (the central component of the Linux operating system), and Tcpdump (software that captures and inspects network data). These massive, intricate codebases made it difficult to properly test and validate my approach. These challenges taught me that validating patches and testing is very important and isn’t as straightforward as I thought, which explains why so many security fixes either break systems or miss critical edge cases.

Beyond the lab and codebases, Montréal itself became an integral part of my chapter here, offering a vibrant contrast to the intensity of research and serving as a second education in its own right.

Montréal is famous for its street shows and circus acts. We saw this amazing performer near the Mount Royal chalet, with a big crowd watching.

The City

Montréal was a beautiful experience. The city’s walkability is remarkable. Many streets are pedestrian-only, creating this relaxed atmosphere. The natural beauty of Mount Royal and the St. Lawrence River provide the perfect backdrop for thinking and creating.

Montréal is a food lover’s paradise. I’ve had some of the best meals of my life there, experiencing cuisines from around the world. The city feels less corporate than others. You see more local restaurants than franchises, each with its own character and story.

The festivals are incredible: Jazz Festival, Just for Laughs, circus festival, F1. I experienced them all. Every weekend offers something special you won’t find in other cities. Staying there over the summer allowed me to explore neighborhoods like Little Italy and Mount Royal Street, where small local restaurants and cafes put tables on the street and people enjoy the sunshine.

Good food is everywhere in Montréal! A delicious sandwich for lunch from Kahwa Café.

 

Montréal hosts the world’s largest fireworks competition. The most beautiful fireworks in the world can be seen here every year.

Back to White Tuque with AI

Wrapping up my Montréal chapter, I am excited to increase my time at White Tuque while prepping for my final school year. Our project is at a particularly exciting stage.

We’re building a platform that cuts through cybersecurity complexity and gives organizations clarity about their security posture. The goal is straightforward: to help businesses understand and manage their cyber risks without getting lost in technical jargon.

I’m bringing what I learned about AI research directly into this work. We’re exploring ways to make security guidance more intelligent and proactive rather than just reactive. The focus is on integrating security naturally into existing business operations.

White Tuque’s strength comes from creating a centralized view of an organization’s security landscape. Combined with AI capabilities, this opens significant opportunities for automation and smarter decision-making. I feel fortunate to be driving these innovations and helping Canadian businesses become more resilient.

This journey from newcomer to working on these challenges has been deeply fulfilling. This is just the beginning; I can’t wait to see the fruit of our work.

Rob and Miran at The AURA Experience, Notre-Dame Basilica of Montréal

Would you like more information on this topic?

Contact Us
  • Read more Blog, Insights

White Tuque Newsletter | September 2024

CyberSafe Chronicles? Tuque’s Take on the News Construction firms breached in brute force attacks on accounting software Hackers are brute-forcing passwords for highly privileged accounts on exposed Foundation accounting servers, widely used in the construction

White Tuque Newsletter | May 2024

CyberSafe Chronicles Newsletter Content Tuque’s Take on the News LastPass: Hackers targeted employee in failed deepfake CEO call LastPass revealed recently that threat actors targeted one of its employees in a voice phishing attack, using

Work With Us.

  •  

Robert D. Stewart

Founder & Head, Strategic Threat Intelligence

Robert is a technology incident and crisis management specialist with over 3200 hours leading critical recoveries and investigations within regulated industries.

Robert has built cyber incident and global crisis processes for the Fusion Centres of two major North American banks. With an extensive focus on operational resiliency, Robert worked as a Global Crisis Management Specialist, leading the technical migration for the pandemic for a multi-national financial institution.

Robert is a threat intelligence specialist focused on preventing large scale incidents and attacks before they happen, with unparalleled experience in incident response: 650 critical incidents within the global financial sector leading to the recovery of over 250 unique global financial systems, with 6000 executive communications and briefings issued, and over 200 post-incident reviews.