Welcome to my two bits of electronic reality.

You can find here all sorts of stuff that I have collected along the years, from photos, to information about me and my (wrong) doings. Mostly I maintain my blog updated with random musings and security stuff

About Me

I split my time between New York and Tel Aviv.

I used to try to keep pretty active - motorcycles, skying, running, gym, rollerblading, scuba-diving, and probably some other stuff I forgot while writing this.
Now it's whatever keeps me "aligned" and relatively in good enough shape.

I do need a fix just like the guy next door, only difference is that I prefer to get my chemicals in a more natural process.
I have had my share of two wheelers, am currently in recess from my trustworthy RR, but a comeback is fast approaching. In the meantime I've picked up flying (faster, more dimensions of freedom).


Apparently I have a Wikipedia page now. Weird. But it makes it easier I guess to maintain this...

I'm the Advisory Chief Security Officer at Rapid7. Prior to that I've spent 4 years as the Chief Security Officer at Cimpress.

I used to be a Senior Manager of Security Engineering at Amazon AWS, and held leadership positions with ZeroFOX , IOActive, Aladdin, Finjan and Comsec.
I am actively serving on the advisory board of several startups.
I am also serving on the board of directors of BSides Las Vegas as a general director.

I have had the pleasure to talk at the most sought-after conferences in my field such as BlackHat, DefCon, BlueHat, InfoSecurity, and more...
I was also frequently interviewed by leading pring and web magazines and news outlets, speaking about web security, eCrime, and technology (see this page for a chronological sampler).

You can find a somewhat recent resume here, and my LinkedIn profile here.


My formal education is in Computer Science (BA from the Interdisciplinary Center) where I have been more than formally educated and have had a chance to meet a lot of new friends (teachers included...).

The amazing environment at the IDC also enabled me to perform research (see academic projects) and keep on working in the same time.

Besides the formal education, I am a firm believer in self teaching - as in "huh, that looks interesting, lets see how it works..." (That's how you end up being a "good" hacker working for an information security consulting company and heading their Unix & Internet department...).
This is the real deal. I would not say that the University did not give me a lot (believe me it did!), but I do believe that a lot of people can go to the University, and end up with a degree that's not worth the paper it's printed on (unfortunately I meet people like that from time to time - and it does not matter how high or low their University is ranked...).


I have managed to get two major research projects underway, one of them has even developed into a senior year elective course and a book written by my two professors.
And in the spirit of open source, my work is available on-line so you can enjoy (???) it yourself.

The Hack Project

Or formerly known as "The I Computer" (because of some fixation with the J from Java), was one of the most interesting projects I have worked on. Initially we have developed a platform that is essentially a computer simulator, where everything is open (think of those car show half transparent vehicles where you see the engine and underlying mechanics, only here we are talking bits and bytes). Then everything that goes on top of a computer - machine language, high level language, compiler, interpreter, operating system and a couple of demo applications.

This has evolved into something more rigorous, as I was fortunate enough to have a small team of developers do the coding for the second round (once you get it working, scrape it and do it again - a privilege you have only in the academy), to lead into the development of version 2 of the project. The final product is being used now in a course taught at the IDC (and an elective at MIT. The paper is available here.

DDOS Analysis

In this paper we have analyzed the mechanics of Distributed Denial of Service (or more commonly knows as DDOS), and have came up with the basis for a theoretical solution to handling such attacks. This project, although smaller in scale and social implications (I did not want any more students chasing after me asking questions about the course from the previous projects), had some more real-life implications, as the paper was used by a small startup company whom the professor I was working with was involved in.
The research paper is available here.

Contact Information

Feel free to drop me a line at iamit at iamit dot org.
My PGP Key here (F41F EF5C 43AF 9EAA BE5B CE28 D5C0 1ED9 9C9F 6E55).
Other means of getting in touch: my View Iftach (Ian) Amit's profile on LinkedIn.
Some occasional twitter chat.
And my resume is up for grabs as well.
Last but not least, a few media clippings from interviews I gave during my career.