🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

In April, Sam Curry and I discovered a way to bypass airport security via SQL injection in a database of crewmembers. Unfortunately, DHS ghosted us after we disclosed the issue, and the TSA attempted to cover up what we found. Here is our writeup: ian.sh/tsa

Don't miss our PulumiUP expert panel: "Secrets and Policies - Automating Cybersecurity" featuring Maya Kaczorowski, Jason Meller from 1Password, and Ofir Cohen from Wiz & Pulumi's own Arun Loganathan. Learn how automation is reshaping security. hubs.ly/Q02N-ccg0

his spam: pegasus is recording you watch porn my spam: join this board, your costco membership blah, tractorsupply.com we are not the same

at what point is my side hustle just privacy class action lawsuits

... so your SO doesn't make you fill out a postmortem after vacation?

I was on a panel for Pulumi Up today. Check it out for a discussion on software supply chain security, secret management, and other trends in automating infra security: conference.pulumi.com/talks/panel-pl…

realizing the support chatbot will let me talk to a real human if I speak Spanish... bueno! (I do not speak Spanish)

Rather than a security tool alerting the security team (in Slack), who then needs to find the right person to ping (also in Slack) — what if the tool just short circuited that and went right to the source (in Slack, of course)? mayakaczorowski.com/blogs/slacksec…

What. The.

i sent 30+ emails today 😱

"Instead of creating ‘AI agent’ permissions, fix your existing ones. [...] You need separate read and write permissions for each action, and you need to clearly document what each permission allows." mayakaczorowski.com/blogs/ai-agent… (h/t Maya Kaczorowski)

👤→🤖 Auth has evolved from passwords to passkeys... now AI agents want in. At #BSidesSLC, Maya Kaczorowski explores: -How auth broke -What users expect now -What comes next with AI identity 🔐 Don't miss this one → bsidesslc.org April 11th @ 11:30am

I'll be talking at BSidesSLC later this week on the evolution of authentication... come check it out!

I'll be speaking on Friday at Bsidesseattle about authentication failures — see you there! 🏙️🏔️☕

I asked Maya Kaczorowski (former Senior Director GitHub) about her thoughts about GitHub's identity system. Personally I think managing identity in GitHub is clear as mud.

What I've been up to the last few months: working on the untrendy but important problem of authorization in corporate environments. Check it out!