Home

Welcome to my two bits of electronic reality.

You can find here all sorts of stuff that I have collected along the years, from photos, to information about me and my (wrong) doings. Mostly I maintain my blog updated with random musings and security stuff

About Me

I live happily in the middle of Tel-Aviv (actually New York City, now) where the rascals have a place of their own, and I can host my online and offline fetishes.

I used to try to keep pretty active - motorcycles, skying, running, gym, rollerblading, scuba-diving, and probably some other stuff I forgot while writing this.
Now it's whatever keeps me "aligned" and relatively in good enough shape.

Adrenaline
I do need a fix just like the guy next door, only difference is that I prefer to get my chemicals in a more natural process.
I have had my share of two wheelers, am currently in recess from my trustworthy RR, but a comeback is fast approaching...

Work

Apparently I have a Wikipedia page now. Weird.

I am a Senior Manager of Security Engineering with Amazon's Information Security group. I deal with everything that's not AWS (easier to define...).

ZeroFOX is a social media cyber security startup. I served there as a Vice President there, leading research, marketing initiatives, product strategy, and a services arm.

I am also serving on the board of directors of BSides Las Vegas as a general director, and on the Advisory Board of Axon Cyber.

My last high-end consulting role was with IOActive, where I was the Director of Services, leading the business in EMEA, and later on in the east coast

Security & Innovation is a consulting firm that I manage, which provides strategic security consulting services to companies in the security market. Anything from re-strategzing a product line, to marketing and driving innovation - technical and otherwise...

Previously I served as the Director of Security Research for Aladdin, which means having responsibility for everything security related in the content security business unit, future product development, marketing related security activities, as well as Competitive Intelligence.

I used to be the Director of Security Research at Finjan, heading the MCRC (Malicious Code Research Center), as well as other business activities in the company.

Previously I served as the VP Research & Development in GooMe interactive, which on top of the R&D tasks, also included product management tasks.

I was one of the founders of a security startup, and also used to provide information security and technology consulting.

Before that, I worked for a company called Datavantage and held a director level position in R&D as well as the role of CSO.

I used to work for Praxell for a while, before Datavantage took over the North American business, and made me a contract line ;-).

Before that, I was hacking for money for Comsec where I have learned that as long as you can out-think your clients you are king (in terms of thinking differently of course - I have had great clients...) and that real in-depth technical knowledge is not common (people - just sit down for a few days and STUDY...).
And it got me through the University nicely, especially when you graduate with your peers and they have to get the jobs you never wanted, while you are a few rungs up the ladder already.

I have had the pleasure to talk at the most sought-after conferences in my field such as BlackHat, DefCon, BlueHat, InfoSecurity, and more...
I was also frequently interviewed by leading pring and web magazines and news outlets, speaking about web security, eCrime, and technology (see this page for a chronological sampler).

You can find a somewhat recent resume here, and my LinkedIn profile here.

Education

My formal education is in Computer Science (BA from the Interdisciplinary Center) where I have been more than formally educated and have had a chance to meet a lot of new friends (teachers included...).

The surroundings also enabled me to conduct in some research (see academic projects) and keep on working in the same time.

Besides the formal education, I am a firm believer in self teaching - as in "huh, that looks interesting, lets see how it works..." (That's how you end up being a "good" hacker working for an information security consulting company and heading their Unix & Internet department...).
This is the real deal. I would not say that the University did not give me a lot (believe me it did!), but I do believe that a lot of people can go to the University, and end up with a degree that's not worth the paper it's printed on (unfortunately I meet people like that from time to time - and it does not matter how high or low their University is ranked...).

Projects

I have managed to get two major research projects underway, one of them has even developed into a senior year elective course and a book written by my two professors.
And in the spirit of open source, my work is available on-line so you can enjoy (???) it yourself.

The Hack Project

Or formerly known as "The I Computer" (because of some fixation with the J from Java), was one of the most interesting projects I have worked on. Initially we have developed a platform that is essentially a computer simulator, where everything is open (think of those car show half transparent vehicles where you see the engine and underlying mechanics, only here we are talking bits and bytes). Then everything that goes on top of a computer - machine language, high level language, compiler, interpreter, operating system and a couple of demo applications.

This has evolved into something more rigorous, as I was fortunate enough to have a small team of developers do the coding for the second round (once you get it working, scrape it and do it again - a privilege you have only in the academy), to lead into the development of version 2 of the project. The final product is being used now in a mandatory course taught at the IDC (and an elective at MIT. (Links are changing every academic year but a quick search at the university website should get you there).
The paper is available here.

DDOS Analysis

In this paper we have analyzed the mechanics of Distributed Denial of Service (or more commonly knows as DDOS), and have came up with the basis for a theoretical solution to handling such attacks. This project, although smaller in scale and social implications (I did not want any more students chasing after me asking questions about the course from the previous projects), had some more real-life implications, as the paper was used by a small startup company whom the professor I was working with was involved in.
The research paper is available here.

Contact Information

Feel free to drop me a line at iamit at iamit dot org.
My PGP Key here (F41F EF5C 43AF 9EAA BE5B CE28 D5C0 1ED9 9C9F 6E55).
Other means of getting in touch: my View Iftach (Ian) Amit's profile on LinkedIn.
Some occasional twitter chat.
And my resume is up for grabs as well.
Last but not least, a few media clippings from interviews I gave during my career.