I'm Rami (he/him). I'm a former security consultant, turned Product Security Engineer. Always happy to talk shop - you can find me on Twitter.
Blogging
I frequently write on security (industry, programs, technology) over at ramimac.me. I've previously contributed to or written for tl;dr sec, Venture in Security, Return on Security, Datadog, and past employers (Cedar, NCC Group). All past writing is syndicated to my personal site.
Highlights
- rami.wiki - a collection of knowledge hubs
- tl;dr sec Don’t Security Engineer Asymmetric Workloads
- 10 Things Your First Security Hire Shouldn’t Do
- Venture in Security Customer love: a recipe for building winning cybersecurity startups
- A Guide to S3 Logging
- tl;dr sec How to securely build product features using AI APIs
- tl;dr sec Cloud Security Orienteering
Cloud Vulnerability Research
- RDS Snapshot Public Sharing bug
- Publicly Exposed AWS Document DB Snapshots
- Risk in AWS SSM Port Forwarding
Speaking
- fwd:cloudsec 2024 - The Path to Zero Touch Production
- SEC-T 0x0F - Beyond the Baseline: Horizons for Cloud Security Programs
- fwd:cloudsec 2023 - Beyond the AWS Security Maturity Roadmap
- BSidesSF May 2023 - Level Up Your Career: A Panel on Staff+ Engineering
- BSidesSF June 2022 - Buying Security: A Client's Guide
- OWASP DevSlop May 2022 - Learning from AWS (Customer) Security Incidents [2022]
- DEF CON Cloud Village 2021 - Cloud Security Orienteering
- BSidesCT 2020 - Learning from AWS (Customer) Security Incidents
- BSidesBOS 2020 - AWS Security: Easy Wins and Enterprise Scale
- BSidesCT 2019 - Building Castles in the Cloud: AWS Security and Self-Assessment
- OWASP BASC 2019 - AWS Cloud Security Fundamentals (4 hour workshop)