Karim Lalji

Karim has over 15 years of experience in information technology and information security along with a diverse background starting his career as a software engineer and sysadmin. Karim currently works for a global professional services firm where he leads a team of consultants focusing on offensive security, penetration testing, red team and adversary simulations for a wide range of clients with varying sizes and industry verticals. He has spoken at conferences, recorded podcasts, and published research papers (including the SANS reading room).

More About Karim


In addition to teaching for SANS, Karim is a post-secondary instructor at the British Columbia Institute of Technology (BCIT) in Vancouver teaching undergraduate courses in information security. Karim holds 10 GIAC certifications including the prestigious GIAC Security Expert (GSE). He also obtained the Masters of Science in Information Security Engineering (MSISE) at the SANS Technology Institute.

Karim is very passionate about all things security and enjoys sharing his experiences with others.



SANS@MIC: Why So Serious? Insecure Object Deserialization Demystified


The Cyber Wire Research Saturday Podcast – Like anything these days, you have to disinfect it first


Real-Time Honeypot Forensic Investigation on CyberBunker, a Darknet Organized Crime Network

Fear of the Unknown: A Meta-Analysis of Insecure Object Deserialization Vulnerabilities