I'm Rami (he/him). I'm a former security consultant, turned Product Security Engineer. Always happy to talk shop - you can find me on Twitter.
Blogging
- Did your research: Prior Art for β15 ideas for cloud security researchβ
- Steampipe + Access Advisor
- Quick Tip: Minimizing Terraformed SCPs
- A History of Human Interaction Proofs
- Risk in AWS SSM Port Forwarding
- Shipping RDS IAM Authentication (with a bastion host & SSM)
- rami.wiki
- A Guide to S3 Logging
- Reducing Attack Surface with AWS Allowlisting
- Return on Security Signal v. Noise in the RSA Innovation Sandbox
- AWS Phishing: Four Ways, AWS Could Do More About SSO Device Auth Phishing , and AWS SES Verification Phishing
- Datadog Security Labs A retrospective on public cloud breaches of 2022, with Rami McCarthy and Houston Hopkins
- tl;dr sec
- Removing sensitive data from a Github repository
- An AWS IAM Security Tooling Reference
- Cedar Defining Cedar's Security Values
- NCC Group
- One Thousand Misspelled Security Headers
- A guide to hardening enterprise Chromebooks (in three parts)
- The Extended AWS Security Ramp-up Guide
- An offensive guide to the Authorization Code grant
Tooling
- Contributor to ScoutSuite as well as the proprietary branch
- Developer of sadcloud
Speaking
- SEC-T 0x0F - Beyond the Baseline: Horizons for Cloud Security Programs
- fwd:cloudsec 2023 - Beyond the AWS Security Maturity Roadmap
- BSidesSF May 2023 - Level Up Your Career: A Panel on Staff+ Engineering
- BSidesSF June 2022 - Buying Security: A Client's Guide
- OWASP DevSlop May 2022 - Learning from AWS (Customer) Security Incidents [2022]
- DEF CON Cloud Village 2021 - Cloud Security Orienteering
- BSidesCT 2020 - Learning from AWS (Customer) Security Incidents
- BSidesBOS 2020 - AWS Security: Easy Wins and Enterprise Scale
- BSidesCT 2019 - Building Castles in the Cloud: AWS Security and Self-Assessment
- OWASP BASC 2019 - AWS Cloud Security Fundamentals (4 hour workshop)