Alon Schindel is the Director of Data and Threat Research at Wiz. He’s an experienced cybersecurity professional who has filled various lead roles in both development and research of cybersecurity products and specializes in threats and how to detect them. In the past year, Alon leads the CloudCVE effort. He is also enthusiastic about data research and AI and holds an MSc in Computational Neuroscience from the Hebrew University.
- We built a community cloud vulnerability database, now what?
Amitai is a Threat Researcher at Wiz, where he investigates cloud threats and works to advance research and detection methodology. Amitai is an experienced cyber threat intelligence analyst and writer who enjoys contemplating philosophy of science, marveling at new technology and gadgets, and appreciating video games.
- We built a community cloud vulnerability database, now what?
I've been a SecDevOps Engineer for about a year and am enjoying it immensely. My specialities are documentation, data/reporting, security ops and am currently working on my security+ certification and learning more about pen testing.
- Security tools don’t fix security issues; people do: How to make compliance data relatable and actionable
Caleb is security principal at Sequoia Capital, overseeing global application and infrastructure security engineering efforts for the investing partnership. Prior to that he was a security engineering manager at Reverb (now Etsy), managing infrastructure and application security efforts for the e-commerce website. Caleb has been using AWS since 2009 and was an early practitioner of cloud security efforts for a multitude of startups.
- Achieving AWS IAM zen in a Google Cloud world
Chris Doman is a co-founder of Cado Security. He joined the industry after winning a cyber-security competition run by the US DoD. Chris is known for building the popular threat intelligence portal ThreatCrowd, which subsequently merged into the AlienVault Open Threat Exchange. Whilst working at PwC and ATT AlienVault in research and development, Chris published a number of widely read articles and papers on targeted cyber attacks. His research on topics such as the North Korean government's crypto-currency theft schemes, and China's attacks against dissident websites, have been widely discussed in the media. He has given interviews to print, radio, and TV such as CNN and BBC News. Chris has previously spoken at conferences including Blackhat and various Bsides.
- Real-World Detection Evasion Techniques in the Cloud
Daniel is a recent convert to the blue team after spending the majority of his career breaking systems at Praetorian and the US Air Force. At Snowflake, he spends his time improving the threat detection program. When he’s not working, you can find him spending time with his wife and cats, enjoying a nice cup of coffee, or in the gym practicing Muay Thai and Brazilian Jiu Jitsu.
- Everything you never wanted to know about flow logs
Product Detection Engineer @ Datadog. Formerly medical device security and cloud security consulting for a couple of Fortune 500s. I enjoy reading, working out, spending time with family and attending security conferences.
- Leveraging Azure Resource Graph for Good and for Evil
Dhruv is a former SRE and presently the Chief Engineer at Chaser Systems. He's mostly Wiresharking, tinkering with PKI or tuning stacks as he had to once in the low latency world of financial data, only this time for firewalls.
He is also a Rust programmer, cares deeply about developer experience, dabbles in cryptography and holds a Master's degree in Advanced Software Engineering from King's College London. The most novel ideas occur to him when faced with a formidable opponent on the piste 🤺, led by such electrical signals to defeat that he suspects to be not tamper-resistant.
- Evading AWS GuardDuty and Network Firewall using Privacy Enhancing tech
Gabe is a seasoned security and automation practitioner with decades of experience. By day, he is a solutions engineer at Wiz, Inc., securing the cloud. Prior to that he worked at Palo Alto Networks, PuppetLabs, and Sony Playstation. (He's in the credits of over twenty video games!) Off the clock, he tinkers with wireless, picks locks (poorly), and promotes the use of technology for positive social change.
- "Shifting right" with policy as code
DevOps Engineer @ Island, I solve problems for breakfast
- The True Power of AWS Tags
Jasmine is Field Security Director at JupiterOne, lead author of The 2022 State of Cyber Assets Report, and executive editor of "Reinventing Cybersecurity." She is an accidental career specialist in applied graph theory for cloud-native startup security. Jasmine has a MS in Informatics & Analytics from Lipscomb University in Nashville, TN. She is on the board of directors for The Diana Initiative. Jasmine has worked with Esper.io, IBM Security, HPE, the ADP Research Institute, Philips, the Tennessee Valley Authority (TVA), and other organizations in her career.
- A Tacky Graph and Listless Defenders: Looking Beneath the Attack Surface
Jay heads the Multicloud SecDevOps team at SAP and comes with a background in analytics before finding his way into full time security roles. Jay brings his experience in consulting, analytics, and security to multicloud security operations in order to drive security compliance efforts across a large and complex organization.
- Security tools don’t fix security issues; people do: How to make compliance data relatable and actionable
Jeremy is a serial startup person with global experience. Jeremy has worked in cloud security since 2016 and is now the founder of a stealth mode cyber startup. His career has been 5 startups (3 co-founded) and Amazon Web Services. Jeremy has a BA in Linguistics from UNC Chapel Hill and an MBA from George Mason. Jeremy has lived in 4 countries, speaks several languages, once went 3 days without seeing another human and another time got kicked off a train in central Sweden.
- The evolution of cloud security in a consolidating market - expanding quadrants
Kadia is currently an Engineering Manager at Airbnb. She started her career in Europe but now calls California home. Kadia has an electrical engineering background and over 10 years of Information Security experience. She has worked with multiple Silicon Valley startups and Fortune 100 companies on reducing security risk. Kadia is now leading an engineering team focusing on vulnerability management, offensive security, and infrastructure hardening.
- Human vs. Robot: Why you should automate your vulnerability management program
Kat Traxler the Principal Security Researcher for Public Cloud at Vectra AI with a primary focus on AWS, GCP and Cloud-Native infrastructure, and calls the Twin Cities home. She has spent her career performing penetration testing, security architecture design, and research in the areas of web Security, IAM, payment technologies, and Cloud Native Technologies.
She has presented at various conferences including SANS Security Summit and and fwd:CloudSec on topics such as privilege escalation in GCP, and bug-hunting in the cloud. In addition to her work at Vectra AI, she is also the author of the SANS SEC549 - Enterprise Cloud Security Architecture and currently multiple GIAC certifications.
Kat Traxler is obsessed with the attack surface at the confluence of Identity and Cloud Platform APIs and thinks you should be too.
- Abusing the Replicator; Silently Exfiltrating Data with the AWS S3 Replication Service
Kaushik is an undergraduate student and sponsored researcher in the UCLA connection Lab, working on the intersection of formal methods and cloud security. In addition, he is an intern at a cloud-security startup (dassana.io), blending his academic background in security with practical approaches.
- Stop Guessing and Start Proving: Demystifying AWS Zelkova
Keziah Plattner is a Senior Software Engineer at Airbnb. After getting her undergraduate and graduate degrees at Stanford University, she joined Airbnb’s Information Security team. She started in Production Infrastructure Security, and after 3 years, moved to Vulnerability Management. She specializes in using a software engineering mindset to tackle security problems, and has worked on everything from cloud infrastructure security, patch management, and the vulnerability management lifecycle. She lives in San Francisco with her partner and two cats and enjoys cooking, video games, and becoming a tarot expert in her free time.
- Human vs. Robot: Why you should automate your vulnerability management program
Mikhail Kazdagli is the Head of AI at Symmetry Systems Inc. Mikhail is responsible for bringing cutting-edge AI/ML research into production to identify potential vulnerabilities, detect malicious actors before they can incur significant damage, and improve security posture. At Symmetry Systems Mikhail leads the development of a threat intelligence platform and it has already been deployed to multiple Symmetry Systems’ clients, including Fortune-500 companies. Mikhail has an extensive background in computer security and machine learning. He holds a Ph.D. degree in Computer Security/ML from the University of Texas at Austin, USA.
- Using AI to harden cloud security by mitigating IAM configuration errors
Mohit Gupta is a senior consultant at WithSecure, where he specialises in AWS and Kubernetes, and is the technical lead for all things containerisation and orchestration. He has previously spoken at Steelcon, Def Con Cloud Village and Texas Cyber Summit.
- Dismantling the Beast: Formally Proving Access at Scale in AWS
Nick Jones is a principal consultant at WithSecure, where he leads the cloud security consulting team. He focuses on AWS security and attack detection in large, complex estates and forward-thinking cloud-native organizations. He has previously spoken at fwd:cloudsec, RSA, Def Con Cloud Village, t2 and others, and is an AWS Community Builder.
- Dismantling the Beast: Formally Proving Access at Scale in AWS
Nir Ohfeld is a security researcher from Israel. Nir currently does cloud-related security research at Wiz. Nir specializes in the exploitation of web applications, application security and in finding vulnerabilities in complex high-level systems.
- Cloudy With a Chance of Vulnerabilities – Finding and exploiting vulnerabilities in the cloud
- Secret Agents: Demystifying (and Pwning) Cloud Middleware
Noam Dahan is a Senior Security Researcher at Ermetic with several years of experience in embedded security. He is a graduate of the Talpiot program at the Israel Defense Forces and spent several years in the 8200 Intelligence Corps. Noam was a competitive debater and is a former World Debating Champion.
- Auditing PassRole: Finding the Hidden Trails of a Problematic Privilege Escalation Permission
Rotem Lipowitch is a threat researcher at the Wiz Research team. She specializes in emerging cyber security threats and vulnerability analysis, researching and developing new ways to detect cyber security threats. Aside from infosec, Rotem loves interior design, painting, and CrossFit.
- Secret Agents: Demystifying (and Pwning) Cloud Middleware
Sagi Tzadik is a security researcher in the Wiz Research Team. Sagi specializes in research and exploitation of web applications vulnerabilities, as well as network security and protocols. He is also a Game-Hacking and Reverse-Engineering enthusiast.
- Cloudy With a Chance of Vulnerabilities – Finding and exploiting vulnerabilities in the cloud
Tzah Pahima is a cloud security researcher in Orca Security’s vulnerability research team. He focuses on researching different cloud providers and exploiting flaws in the cloud ecosystem. His main specialties are vulnerability research and web security. Before joining Orca, Tzah served for five years in an Israeli military intelligence unit.
- Defending against cloud cross-tenant vulnerabilities
Yanir is a cloud security researcher in Orca Security’s vulnerability research team. Having years of experience in security and software, he hunts for vulnerabilities in the biggest cloud environments. He loves to search for practical, logical vulnerabilities with big impact.
- Defending against cloud cross-tenant vulnerabilities
Just your typical dev-turned-devops engineer, trying to make cloud security make sense.
- The True Power of AWS Tags
Zach is a staff security engineer at GitHub, where he works on cloud security and container security internally, as well as open source security externally. He enjoys time away from the computer biking and homesteading.
- Unlocking Cloud Build Security with OIDC
Zack Allen helps lead the Security Detection & Research efforts at Datadog. Previously, he worked in threat research for the US Air Force, Fastly, and ZeroFox. Outside of his professional life, Zack is a full-time dad and husband, MBA candidate at NYU Stern, a part time red teamer for security competitions such as CCDC and ISTS, and a part time independent researcher. He is also one of the founders of SPARSA, a 501(c)(3) non-profit organization dedicated to security education.
- Cloudy with a chance of IoCs