2025-09-16 –, Main Room
Some research is a slow burn; but mine is often a frantic scramble to keep up with threat actors or CloudSec Twitter. This talk uses the tj-actions/changed-files incident to expose the raw reality of rapid response research in cloud security. Using the incident as our backdrop, I'll walk you through the nitty-gritty of how a leading cloud security research team investigates urgent supply chain attacks. You'll get actionable takeaways on leveraging external data (okay … Twitter and Hacker News), the critical role of community, and the behind the scenes collaboration involved in publishing authoritative analysis. Expect a few frantic Slack screenshots and a stark look at how the research sausage is made.
Rami is an opinionated security wonk. He has helped build and scale security programs at companies like Figma and Cedar. Now, he strives to work on Security, for the Internet, at Wiz. His personal thoughts about security are over at ramimac.me.