Persian last names

Persians didn’t have last names until the 20th century, when in 1925 Reza Shah mandated it. My full last name, Mashhadi Ghadiri, falls into two of the 7 categories of Persian last names. The first part, Mashhadi, refers to someone who has made the pilgrimage to Mashhad, one of the holiest cities in Iran in the Islamic faith, and nods to both power and pilgrimage — Ghadiri comes from ‘Qadir,’ meaning capable. It’s a name about choosing the path with intention.

Naming cybersecurity incidents

Cybersecurity incidents are typically named using one of several conventions to aid tracking, communication, and analysis. Common methods include using the date of occurrence (e.g., “Incident-20250425”), the affected entity (e.g., “M365-Incident”), or the threat actor or campaign involved (e.g., “APT29-LateralMove”). Other approaches focus on the attack technique (e.g., “RDP-BruteForce”), the targeted asset (e.g., “ProdAPI-SQLInjection”), the malware or tool used (e.g., “Emotet-Infection”), or a combination of severity and category (e.g., “Critical-DataExfil”). These naming structures help standardize incident reporting and streamline response across teams, but often can make sharing information or understanding similar attacks across entities or organizations.

So what?

Both systems are designed to convey identity, origin, and context in a compact, recognizable form. Both systems reflect a deep cultural or operational need: to encode meaning, history, and relationship into something short enough to be remembered—but rich enough to be understood.

The version you choose to name a cybersecurity incident—just like choosing a surname—shapes how it’s perceived, tracked, and responded to. Here’s why it matters:

1. Clarity and Communication

• A well-chosen name instantly signals what happened and to whom.
  • “TokenTheft-SessionHijack” is more actionable than “Incident-0425”.
  • Similarly, Shirazi gives cultural/geographic context in a way Reza alone does not.

2. Attribution and Analysis

• Names tied to threat actors (APT29), techniques (RDP-BruteForce), or tools (CobaltStrike) allow teams to connect dots across incidents.
  • Just like Mashhadi tells you someone made pilgrimage to Mashhad, Mimikatz-Use implies credential dumping.

3. Triage and Prioritization

• Including severity or asset class in a name helps with prioritization.
  • Critical-DataExfil is clearly urgent.
  • In Persian names, Qadir (capable) implies rank or responsibility, signaling social weight.

4. Long-Term Tracking and Reporting

• Incident names become part of historical data and intelligence feeds.
  • Consistent naming enables automation, dashboards, and trend analysis.
  • Attacks follow histories and societal changes across ‘generations’ just the same.

5. Cultural and Strategic Implications

• Names reflect what the organization values or fears—whether it’s data loss, nation-state actors, or internal misuse.
  • Just as Persian surnames once signaled social class or religious devotion, incident names can shape an org’s security posture narrative with this incident and future incidents.

---

In short: Choosing the right naming convention isn’t just administrative—it’s strategic. It defines how people talk about the threat, understand its origin, and decide what to do next.

People are always surprised when I say this, but learning Farsi and learning cybersecurity have a lot in common.

One is the language of my heritage. The other, the language of my profession. But both require the same things: pattern recognition, patience, humility, and the ability to sit with complexity.

When I started learning cybersecurity, the connections I made to the world around me felt like entering the Matrix.
When I started learning to read and write in Farsi, I felt the exact same way.

I followed the white rabbit. 🐰

---

Cybersecurity is a Language and a Culture

In cybersecurity, you don’t just learn tools — you learn tools have tenses that render the past and the present, they both parse and normalize, and require interpretation to determine intent. You learn how painfully systems struggle to communicate and how mimicry can fool anyone into thinking maybe dexterity in a single tool is fluency.

It’s a language of patterns and antipatterns. In fact, you may be familiar with a favorite of mine, “Collection is not detection” by Mark Simos.

The best part is as you start to recognize the signals, and you think MAYBE you are fluent, there are levels upon levels of meaning depending on where you look and listen.

---

Farsi is a Language and a Culture

Farsi taught me to read between the lines, and to know that one word might carry five meanings. Its a language where understanding that how something is said often matters more than what’s said.

There’s poetry in it, as well as its patterns that come in the form of rhythm and subtlety.

The best part is as you start to recognize the signals, and you think MAYBE you are fluent, there are levels upon levels of meaning depending on where you look and listen.

See what I did there?

---

Guess what else is true between the two?

• You don’t have to be fluent to participate.
• Mistakes are inevitable — and necessary.
• The point isn’t perfection. It’s attempting to understand.
• Every system, whether human or digital, has its own logic — and its own vulnerabilities.

---

I purposefully seek out new things in both Farsi and cybersecurity every day.

Sometimes I learn a new proverb.
Sometimes I learn a new attack vector.
And sometimes I realize the same principles in one applies to the other.

• Build trust with shared vocabulary intentionally.
• Pay attention to signals.
• And never assume what’s on the surface is the whole story.

---

So what is Fluency?

I’m not fluent in either yet — not in the way I hope to be, but that isn’t the point.
I am invested. I am here to keep learning. I tell my kid frustration is the feeling of your brain growing and learning. It’s a crucial part of the experience!

Translating complexity is frustrating, in Farsi or cybersecurity. Explaining concepts to those whose native language just…doesn’t have the words adds even more layers. In Farsi, many in the older generations speak in proverbs rather than directly. I used to find it insanely frustrating because a literal translation only rippled the surface. Now, I appreciate the layers and the water that moves underneath the ripples.

I want to share with you a line from Ferdowsi’s Shahnameh. It just so happens to be a very meaningful text to most Persians as is the the story that saved the Persian language from extinction.

به عمل کار برآید، به سخندانی نیست

be amal kār bar-āyad, be sokhandāni nist

“Work gets done through action, not fancy words.”

It is used when someone overpromises, or in mentorship moments where effort is more respected than eloquence.

Effort is more respected than eloquence.

Wild how that directly translates into cybersecurity just the same…😳😅

Thank you to the MSFarsi team for helping me connect with both sides of my love of language and culture. I will be starting a mentoring community for female identifying Farsi language speakers who are and looking to get into cybersecurity. More to come in a future post.

---

Who me?

When I first heard about the Microsoft MVP program, I thought it was reserved for tech celebrities — the people with massive Twitter followings, YouTube channels, or entire careers built on evangelism. I never thought I’d be one of them. I was a product human who had been working with Sentinel and Microsoft ATP since about 2019.

But here I am. I’m a Microsoft Security MVP in both SIEM & XDR and Cloud Security, and I want to share how I got here — not because my journey was perfect, but because it was intentional.

If you’re contributing to the Microsoft ecosystem, leading with heart, or wondering whether any of it counts… it does. Participating is worth it.

---

🔹 1. I Picked a Lane — and Then Owned It

My background wasn’t “typical.” I didn’t come from engineering. I came from manufacturing, software project management, and eventually, product management. But the thing that changed everything?

➡️ I got crystal clear on my lane: Microsoft Security for real-world security operations.

Whether I was speaking at a conference or mentoring SOC leads, I focused on what I knew best — and said it in a voice that was mine.

---

🔹 2. Jump right in.

I started sharing tactical content:

• How to use Microsoft Sentinel, XDR, and Defender for Cloud as a unit
• What actually works when building detection-as-code
• Lessons from building co-managed SOCs on Microsoft tech

Was I 100% confident? No.
Was it valuable to someone? Yes.

That’s the MVP formula most people miss: Share what you know while you’re still learning it, and share it across mediums, like podcasts, blogs, and speaking engagements. Sharing as you’re learning is what the community needs most.

---

🔹 3. I Spoke, Posted, and Showed Up

My contributions included:

• Participating in the Microsoft Customer Connection Program, the first year it existed. I showed up. Big time. Like top 10 contributor level.
• Writing blog posts that made Microsoft Security feel less like a black box and more relevant to me by using analogies reachable by all audiences.
• Being a new voice in the community (especially for women and Farsi speakers)
• Participating in the LinkedIn Microsoft Community

If it helped someone else understand Microsoft Security better, I, pardon the pun, leaned in.

---

🔹 4. I Asked to be Nominated

This part is important: you don’t apply to become an MVP. Someone in the program (or at Microsoft) has to nominate you.

In my case, it was someone I deeply respected at Microsoft — and who had been watching my work, but rightfully told me that what I had done so far for the Microsoft Customer Connection Program may not be enough.

Lesson: people are watching, and they will take a chance on you if you give them a reason. Keep showing up authentically. Be helpful without keeping score. Not everyone will see what you see, and its OK. Someone out there will.

---

🎖️ 5. What Happened After I Got It

I didn’t suddenly become smarter. Ironically, my personal life was falling apart as I navigated life changes that forced me to seek clarity and focus.

I did get:

• Notified I was the first woman in North America with a dual designation in 2 security categories
• Access to Microsoft product teams and roadmap discussions
• A community of brilliant MVPs across the world who I respect and adore
• A chance to give feedback that actually shapes the platform
• More confidence that my voice mattered

The MVP award wasn’t a finish line — it was a door to my future.

---

💡 Final Thought

If you’re someone who’s building in public, mentoring others, or just trying to make Microsoft tech a little more human and usable — keep going.

You don’t need to be loud, but you must have a voice.
You don’t need to be perfect, but you need to be ready to take feedback.

Be consistent, real, and generous.

And if you ever want help navigating your MVP journey, I’m here.

---

Footnote

Want to learn more about becoming an MVP? Here’s the official Microsoft MVP program page. Or just shoot me a message — I’m always happy to share what I’ve learned.