Iftach Ian Amit

Iftach Ian Amit
Born
Alma materInterdisciplinary Center Herzlya
Occupation(s)Entrepreneur
Hacker
Information security specialist
Known forComputer Security
Red Team[1]

Iftach Ian Amit (Hebrew: יפתח איאן עמית) is an Israeli Hacker[2]/computer security[3] researcher and practitioner. He is one of the co-founders of the Tel Aviv DEF CON Group DC9723, the Penetration Testing Execution Standard, and presented at hacker conventions such as DEF CON,[4][5][6] Black Hat,[7][8][9] BlueHat,[10] RSA Conference.[11] He has been named SC Magazine's top experts[12] and featured at Narratively's cover piece on Attack of the Superhackers[13] and is frequently quoted and interviewed[14][15][16][17][18]

Career

Amit started his professional career in 1998 at the Israeli information security consultancy Comsec as a Unix and Internet Application consultant. In 2001 he moved to the US to work as a software architect at Praxell (later to be acquired by Datavantage,[19] and then Micros). On 2004 Amit left the US to co-found Israeli startup BeeFence and served as its chief technology officer. Then in 2006 he took position as the director of security research at the security vendor Finjan, and a similar position in 2008 with Aladdin Knowledge Systems. He then set out to serve as the vice president of consulting with Security-Art, and in 2012 took a position as director of services with the security consulting firm IOActive. Starting in 2014 he served as vice president of the social media cyber security startup ZeroFOX, after which in 2016 he became a manager with Amazon.com information security. Since 2018 he is serving as the chief security officer of Cimpress. He serves as a general director of the board of BSides Las Vegas, a Senior Advisory Board member of Axon Cyber, and an Advisory Board member of ZeroFOX. Since 2022, he co-founded and serves as CEO of Gomboc.ai,[20] a deterministic AI cloud security startup and raised over $5 million in a venture capital round.[21]

Research

During his career, Amit focused his research on varying topics ranging from uncovering the business elements of cybercrime,[22][23] through connecting state sponsored activities with criminal ones.[24] He has contributed to one of the first research papers conducted on the Stuxnet worm,[25] and was featured on the cover of the inaugural Pentest Magazine about the Penetration Testing Execution Standard (PTES).[26] He also co-authored research with Aviv Raff on Windows Vista's inherently insecure Widgets,[27] which were later removed from the operating system. In 2011, Amit and Itzik Kotler presented at DEF CON, demonstrating how a bot master could communicate with botnets and with "zombie machines" using VoIP conference calls. Their open-source software, Moshi Moshi, illustrated how they could send instructions to and receive data from botnets and infiltrated networks using any phone line (including payphones).[28][29] This research was also based on his original research into advanced data exfiltration, in which he uncovered a method for side-channel data exfiltration[30] through various channels - including phone lines and fax machines, and released an open source tool for it[31]

Presentations

Publications and articles

Patents

U.S. Patent 10,810,106, Automated application security maturity modeling.

References

  1. ^ "Black Hat USA 2013". www.blackhat.com.
  2. ^ "קבוצת Defcon Israel בכנס Hackathon ראשון" (in Hebrew). Geektime. 28 June 2011. Retrieved 7 June 2016.
  3. ^ Leyden, John (3 Oct 2008). "Hackers exploit Neosploit to booby trap BBC, US postal service". The Register. Retrieved 7 June 2016.
  4. ^ Tangent, The Dark. "DEF CON® Hacking Conference - DEF CON 17 Archive". defcon.org. Retrieved 7 June 2016.
  5. ^ Tangent, The Dark. "DEF CON® Hacking Conference - DEF CON 18 Archive". www.defcon.org.
  6. ^ Greene, Tim (9 August 2011). "Defcon: VoIP makes a good platform for controlling botnets". Network World. Archived from the original on November 3, 2014. Retrieved 7 June 2016.
  7. ^ "Black Hat : Black Hat Speakers Page". www.blackhat.com. BlackHat. Retrieved 7 June 2016.
  8. ^ "Black Hat ® Technical Security Conference: Europe 2010 // Archives". www.blackhat.com. Retrieved 7 June 2016.
  9. ^ "Black Hat USA 2012". blackhat.com.
  10. ^ "BlueHat Security Briefings: Fall 2008 Sessions and Interviews". TechNet. Microsoft. Retrieved 7 June 2016.
  11. ^ "The Newest Element of Risk Metrics: Social Media | USA 2016 | RSA Conference". www.rsaconference.com. Retrieved 7 June 2016.
  12. ^ Epper Hoffman, Karen (8 December 2014). "An epic ride: A look back at the ever-changing information security industry". SC Magazine. Retrieved 7 June 2016.
  13. ^ Rosen, Kenneth (16 May 2014). "Attack of the Superhackers". Narratively. Narrative.ly. Retrieved 7 June 2016.
  14. ^ Francis, Melissa (21 March 2014). "Ian Amit on Fox Business' Money With Melissa Francis March 21 2014". Fox.
  15. ^ "US CENTCOM Twitter Hijack 'Purely' Vandalism". Dark Reading.
  16. ^ "Experts to talk Threat Intelligence at cybersecurity symposium – Seidenberg School News". seidenbergnews.blogs.pace.edu.
  17. ^ Ragan, Steve. "Hacked Opinions: The legalities of hacking – Ian Amit". CSO Online.
  18. ^ Santarcangelo, Michael. "Two perspectives on social media for security leaders". CSO Online.
  19. ^ Mears, Jennifer. "Server clusters offer speed, savings". Network World. Archived from the original on April 11, 2018.
  20. ^ "Gomboc.ai - Company". Gomboc.ai. Retrieved 2024-10-31.
  21. ^ "Gomboc.ai Emerges from Stealth and Raises Over $5M in Seed Funding to Deliver Cloud Infrastructure Remediation With Its Deterministic AI Engine". BusinessWire. 2023-08-07. Retrieved 2024-10-31.
  22. ^ "Security researcher discovers massive criminal database". ComputerWeekly.
  23. ^ Tangent, The Dark. "DEF CON® Hacking Conference - DEF CON 17 Archive". defcon.org.
  24. ^ Tangent, The Dark. "DEF CON® Hacking Conference - DEF CON 18 Archive". www.defcon.org.
  25. ^ "CSFI - Cyber Security Forum Initiative". www.csfi.us.
  26. ^ Duc, Hiep Nguyen. "2011 PENTEST REGULAR ISSUES - Pentestmag". Pentestmag.
  27. ^ "Report: Widgets Will Be Your Next Woe". www.eweek.com. 17 September 2007.
  28. ^ Greene, Tim. "Defcon: VoIP makes a good platform for controlling botnets". Network World. Archived from the original on November 3, 2014. Retrieved 8 June 2016.
  29. ^ Greene, Tim. "10 scariest hacks from Black Hat and Defcon". Network World. Archived from the original on February 18, 2015.
  30. ^ "NCSC". www.ncsc.nl.
  31. ^ "iiamit/data-sound-poc". GitHub.
  32. ^ "Closing Keynote - Ian Amit". YouTube. 28 June 2017.
  33. ^ "Opening Keynote - Ian Amit". YouTube. 25 June 2016.
  34. ^ Simonite, Tom. "Hey, Hackers: Defense Is Sexy, Too". MIT Technology Review.
  35. ^ "NATO in the Cyber Commons" (PDF). NATO CCD-COE Publications. 19 October 2010. Retrieved 7 June 2016.