Iftach Ian Amit

Iftach Ian Amit (Hebrew: יפתח איאן עמית) is an Israeli Hacker /computer security researcher and practitioner. He is one of the co-founders of the Tel Aviv DEF CON Group DC9723, the Penetration Testing Execution Standard, and presented at hacker conventions such as DEF CON, Black Hat,   BlueHat, RSA Conference. He has been named SC Magazine's top experts and featured at Narratively's cover piece on Attack of the Superhackers and is frequently quoted and interviewed

Career
Amit started his professional career in 1998 at the Israeli information security consultancy Comsec as a Unix and Internet Application consultant. In 2001 he moved to the US to work as a software architect at Praxell (later to be acquired by Datavantage, and then Micros). On 2004 Amit left the US to co-found Israeli startup BeeFence and served as its Chief Technology Officer. Then in 2006 he took position as the director of security research at the security vendor Finjan, and a similar position in 2008 with Aladdin Knowledge Systems. He then set out to serve as the vice president of consulting with Security-Art, and in 2012 took a position as director of services with the security consulting firm IOActive. Starting in 2014 he served as vice president of the social media cyber security startup ZeroFOX, after which in 2016 he became a manager with Amazon.com information security. Since 2018 he is serving as the Chief Security Officer of Cimpress. He serves as a general director of the board of BSides Las Vegas, a Senior Advisory Board member of Axon Cyber, and an Advisory Board member of ZeroFOX.

Research
During his career, Amit focused his research on varying topics ranging from uncovering the business elements of cybercrime, through connecting state sponsored activities with criminal ones. He has contributed to one of the first research papers conducted on the Stuxnet worm, and was featured on the cover of the inaugural Pentest Magazine about the Penetration Testing Execution Standard (PTES). He also co-authored research with Aviv Raff on Windows Vista's inherently insecure Widgets, which were later removed from the operating system. In 2011, Amit and Itzik Kotler presented at DEF CON, demonstrating how a bot master could communicate with botnets and with "zombie machines" using VoIP conference calls. Their open-source software, Moshi Moshi, illustrated how they could send instructions to and receive data from botnets and infiltrated networks using any phone line (including payphones). This research was also based on his original research into advanced data exfiltration, in which he uncovered a method for side-channel data exfiltration through various channels - including phone lines and fax machines, and released an open source tool for it

Presentations

 * Keynote. BSidesTLV 2017
 * Keynote. BSidesCleveland 2016
 * Keynote. HackMiami 2016
 * Actionable Threat Intelligence. InfoSecWorld Orlando 2016
 * The Newest Elements of Risk Metrics. RSA Conference 2016
 * Actionable Threat Intelligence. BSidesLasVegas 2015
 * Sexydefense - Maximizing the Home-Field Advantage. BlackHatUSA 2012

Publications and articles

 * Contributed to NATO's Assured Access to the Global Commons - Cyberspace Workshop at the Cooperative Cyber Defence Centre of Excellence (CCD COE), October 2010.
 * Social Media Risk Metrics

Patents
U.S. Patent 10,810,106, Automated application security maturity modeling.