Home

Welcome to my two bits of electronic reality.

You can find here all sorts of stuff that I have collected along the years, from photos, to information about me and my (wrong) doings. Mostly I maintain my blog updated with random musings and security stuff

About Me

I live happily in the middle of Tel-Aviv (actually New York City, now) where the rascals have a place of their own, and I can host my online and offline fetishes.

I used to try to keep pretty active - motorcycles, skying, running, gym, rollerblading, scuba-diving, and probably some other stuff I forgot while writing this.
Now it's whatever keeps me "aligned" and relatively in good enough shape.

Adrenaline
I do need a fix just like the guy next door, only difference is that I prefer to get my chemicals in a more natural process.
I have had my share of two wheelers, am currently in recess from my trustworthy RR, but a comeback is fast approaching...

Work

Apparently I have a Wikipedia page now. Weird. But it makes it easier I guess to maintain this...

I'm the Chief Security Officer at Cimpress.

I used to be a Senior Manager of Security Engineering at Amazon AWS, and prior to that held leadership positions with ZeroFOX , IOActive, Aladdin, Finjan and Comsec.
I am currently on the Advisory Board for ZeroFOX, Axon Cyber, Panorays and Marshall University.
I am also serving on the board of directors of BSides Las Vegas as a general director and President.

I have had the pleasure to talk at the most sought-after conferences in my field such as BlackHat, DefCon, BlueHat, InfoSecurity, and more...
I was also frequently interviewed by leading pring and web magazines and news outlets, speaking about web security, eCrime, and technology (see this page for a chronological sampler).

You can find a somewhat recent resume here, and my LinkedIn profile here.

Education

My formal education is in Computer Science (BA from the Interdisciplinary Center) where I have been more than formally educated and have had a chance to meet a lot of new friends (teachers included...).

The surroundings also enabled me to conduct in some research (see academic projects) and keep on working in the same time.

Besides the formal education, I am a firm believer in self teaching - as in "huh, that looks interesting, lets see how it works..." (That's how you end up being a "good" hacker working for an information security consulting company and heading their Unix & Internet department...).
This is the real deal. I would not say that the University did not give me a lot (believe me it did!), but I do believe that a lot of people can go to the University, and end up with a degree that's not worth the paper it's printed on (unfortunately I meet people like that from time to time - and it does not matter how high or low their University is ranked...).

Projects

I have managed to get two major research projects underway, one of them has even developed into a senior year elective course and a book written by my two professors.
And in the spirit of open source, my work is available on-line so you can enjoy (???) it yourself.

The Hack Project

Or formerly known as "The I Computer" (because of some fixation with the J from Java), was one of the most interesting projects I have worked on. Initially we have developed a platform that is essentially a computer simulator, where everything is open (think of those car show half transparent vehicles where you see the engine and underlying mechanics, only here we are talking bits and bytes). Then everything that goes on top of a computer - machine language, high level language, compiler, interpreter, operating system and a couple of demo applications.

This has evolved into something more rigorous, as I was fortunate enough to have a small team of developers do the coding for the second round (once you get it working, scrape it and do it again - a privilege you have only in the academy), to lead into the development of version 2 of the project. The final product is being used now in a mandatory course taught at the IDC (and an elective at MIT. (Links are changing every academic year but a quick search at the university website should get you there).
The paper is available here.

DDOS Analysis

In this paper we have analyzed the mechanics of Distributed Denial of Service (or more commonly knows as DDOS), and have came up with the basis for a theoretical solution to handling such attacks. This project, although smaller in scale and social implications (I did not want any more students chasing after me asking questions about the course from the previous projects), had some more real-life implications, as the paper was used by a small startup company whom the professor I was working with was involved in.
The research paper is available here.

Contact Information

Feel free to drop me a line at iamit at iamit dot org.
My PGP Key here (F41F EF5C 43AF 9EAA BE5B CE28 D5C0 1ED9 9C9F 6E55).
Other means of getting in touch: my View Iftach (Ian) Amit's profile on LinkedIn.
Some occasional twitter chat.
And my resume is up for grabs as well.
Last but not least, a few media clippings from interviews I gave during my career.