I'm Rami (he/him). I'm a former security consultant, turned Product Security Engineer, turned Researcher. Always happy to talk shop - you can find me on Twitter.
Blogging
I frequently write on security (industry, programs, technology) over at ramimac.me. I've previously contributed to or written for tl;dr sec, Venture in Security, Return on Security, Datadog, and past employers (Cedar, NCC Group). All past writing is syndicated to my personal site.
Highlights
- rami.wiki - a collection of knowledge hubs
- How to Say No Well
- tl;dr sec Don’t Security Engineer Asymmetric Workloads
- 10 Things Your First Security Hire Shouldn’t Do
- A Guide to S3 Logging
- tl;dr sec How to securely build product features using AI APIs
Cloud Vulnerability Research
- RDS Snapshot Public Sharing bug
- Publicly Exposed AWS Document DB Snapshots
- Risk in AWS SSM Port Forwarding
- CVE-2025-30154 - reviewdog/action-setup@v1 compromise
Speaking
Slides available for all talks at https://speakerdeck.com/ramimac
- fwd:cloudsec Europe 2024 - How to 10X Your Cloud Security (Without the Series D)
- fwd:cloudsec 2024 - The Path to Zero Touch Production
- SEC-T 0x0F - Beyond the Baseline: Horizons for Cloud Security Programs
- fwd:cloudsec 2023 - Beyond the AWS Security Maturity Roadmap
- BSidesSF May 2023 - Level Up Your Career: A Panel on Staff+ Engineering
- BSidesSF June 2022 - Buying Security: A Client's Guide
- OWASP DevSlop May 2022 - Learning from AWS (Customer) Security Incidents [2022]
- DEF CON Cloud Village 2021 - Cloud Security Orienteering