Security executive · builder · operator

Iftach Ian Amit
CEO. CSO. Operator.

CEO & Co-Founder of Gomboc AI. Former CSO at Rapid7 and Cimpress; security leader at Amazon and ZeroFOX. Twenty-five years building security programs at global scale — grounded in a practitioner's view of how systems actually break.

Read latest dispatch Talk to me
Currently
roleCEO, Gomboc AI
basedNYC / TLV
writingApr 2026
speakingJun 2026, DC
years in field25
[ ESC_TO_EXIT ]
01 · About

About.

Building companies, breaking systems, leading teams.

I split my time between building companies and breaking systems. Currently, I am leading Gomboc AI, where we are solving cloud infrastructure security using deterministic AI — giving engineering teams actual fixes, not just alerts.

With over 25 years in the industry, I've led security programs at global scale: from Cimpress, Amazon (AWS) and Rapid7 to founding my own ventures. My approach bridges deep technical offense with executive-level strategy — I've been both the hacker and the CISO, and I build products that reflect both perspectives.

Beyond the corporate world, I am deeply involved in the community — serving on the board of BSides Las Vegas, founding the Tel Aviv DefCon chapter (DC9723), acting as faculty for IANS, and writing about what actually matters in security at the Intelligence Log.

02 · Career

Career trajectory.

From breaking systems as a researcher to defending them at global scale — a 25-year arc from red team to the boardroom, and back to building.

2022 — NOW
CEO & Co-Founder at Gomboc AI

Solving the last mile of cloud security: not more alerts, but actual fixes. Built Gomboc AI from zero to a funded, deployed product that gives engineering teams deterministic AI-generated remediations for infrastructure misconfigurations.

Founder AI/ML Cloud
early-stage
2019 — 2022
Chief Security Officer at Rapid7

Led enterprise security, physical security, and global IT for a publicly traded cybersecurity company. Scaled the security program through rapid international expansion, M&A integration, and IPO-era scrutiny — while staying practitioner-close to the product teams.

CISO Public Co. IPO
global, public
2017 — 2019
Chief Security Officer at Cimpress

Built and led security strategy across a global portfolio of mass-customization businesses spanning 20+ brands and 40+ countries. Established a federated security model that scaled across a decentralized enterprise without sacrificing control.

CISO Public Co. Federated M&A
global enterprise
2015 — 2017
VP Security at ZeroFOX

Early executive at a digital risk monitoring startup. Helped shape the product vision and go-to-market for social media threat intelligence — before that category even had a name.

VP Sec Threat Intel
growth-stage

Why Gomboc AI

Twenty-five years of watching the same movie: security teams find problems, hand them to engineering as tickets, and watch them sit in backlogs indefinitely. I've been on both sides of that friction — as the attacker, the defender, and the executive funding both. Gomboc AI exists to close that loop. Not more dashboards. Actual fixes, automatically generated, that engineers actually merge.

View full experience on LinkedIn
03 · Dispatches

Latest insights.

Thinking out loud on security, AI, risk, and what actually works in practice.

2026‑04‑13
CyberQRM: Making Cyber Risk Quantification Actually Accessible
I built an open-source FAIR implementation because the existing options are either six-figure enterprise tools or Excel spreadsheets that make your eyes bleed. Here's what I made and why it matters.
RiskAIOpen Source
Read entry 7 min
2020‑06‑23
Elastic Permissions
A mental model I've been applying — and evangelizing — for years: permissions that expand and contract based on context, minimizing attack surface without breaking how people actually work.
CloudRisk
Read entry 6 min
2020‑03‑14
Incentives and Metrics
Security programs fail not because of bad tools but because of bad incentive structures. What you measure shapes what people do — and most security metrics incentivize the wrong things entirely.
LeadershipRisk
Read entry 5 min
2020‑02‑11
The Product vs. Skill Pendulum in Security
Security swings between buying products and developing skills — and misses the point both ways. Originally published on Forbes Tech Council.
LeadershipOffense
Read entry 5 min
View all dispatches →
04 · Speaking

Speaking & media.

Keynotes, research talks, press, and community leadership across the security industry.

Keynote & Technical

BlackHat, DefCon, RSA, BlueHat

View Talks
  • DefCon 18: Cyber[Crime|War] Charting Dangerous Waters
  • DefCon 17: Down the Rabbit Hole: Uncovering a Criminal Server
  • BlackHat USA: Cyber Crime - Connecting the Dots
  • BlueHat: Security Economics

Press & Writing

Forbes, DevOps.com, DarkReading

View Articles

Community Leadership

BSidesLV, DC9723, The CISO Track

View Roles
  • BSides Las Vegas: Board Member
  • DC9723: Founder (Tel Aviv DefCon Group)
  • The CISO Track: Creator & Co-CEO
  • IANS: Faculty Member

Upcoming

Jun 12–14, 2026 Washington, DC
Rebellion East 2026

Speaker — cybersecurity conference for hackers, AI builders & operators.

Topics I Speak On

AI in Security
Cyber Risk Quantification
Cloud Security at Scale
Building Security Teams
Offensive Security & Red Teaming
Security Strategy & Leadership

Interested in having me speak at your conference, podcast, or event?

Get in Touch