Not today Justin Bieber #BostonStrong

Blog: Current State: 2019 Third Party Security Audit of Kubernetes - kubernetes.io/blog/2022/10/0… #Kubernetes

Still trying to process that I have a 17 year old son now. Time F L I E S.

I lead a team of 100 brilliant Security Engineers so I feel confident to speak with some leadership experience here: Being told you’re wrong by your team is a feature not a bug and should be rewarded with gratitude and praise and never penalized.

Aditi ran a *very* complex vulnerability management program across several major Google cloud products like GKE and Anthos. She is an excellent TPM and a rare find, if you’re looking to hire a program manager please get in touch with her.

A fun discussion about why cloud shared responsibility need to evolve towards SHARED FATE buff.ly/3nfIBaM

Hi friends! I had the privilege of enjoying a bit of funemployment. I'm starting to look for the next adventure and would be excited to have a chat about (EMEA-remote) leadership positions in the product/cloud security space. RTs would be greatly appreciated 🙏

Google Cloud is hiring security engineers in the Product Security Assurance team (not my team but we work with them closely). Find and fix vulns, help products build in security by default. Seattle and Bay Area. #infosecjobs careers.google.com/jobs/results/1…

Our Linux Kernel 0-day / 1-day "CI/CD" for kernelCTF on Github is up and running. See exploit builds and repros publicly there. ✅️ / ❌️ github.com/google/securit…

This Sneakers computer press kit floppy from Jonathan Schnittger is such a cool piece of memorabilia from one of my favorite movies. These came out great - thank you Jonny!

I've been reverse engineering the xz backdoor this weekend and have documented the payload format and written a proof-of-concept exploit for the RCE. The payloads are signed with an ED448 key, so I patched my own key into the backdoor for testing. :-) github.com/amlweems/xzbot

I’m very excited to be speaking at Google Cloud Next ‘24 about Google Kubernetes Engine Threat Detection with Daniel L'Hommedieu on April 9, 2024. Join the discussion with @GoogleCloud → g.co/cloudnext

"We'll just get it running for now, and see how it goes later" - famous last words 😂 First session of the day for me - watching Craig Ingram compromise k8s on GKE #googlecloudnext

Met a new doggo yesterday. Kids wanted to take it home but settled on trying to build their own some day.

Today our Cloud Vulnerability Research (CVR) team shared this research into LLM security, which is broadly applicable to AI domain security practitioners working in this rapidly evolving space. Learn more: bit.ly/3TWYrF3

Thank you for the care package jericho and congrats on 25 years! The top sticker is very fitting given my current relationship with the neighborhood squirrels and my bird feeder.

Check out my Space Selfie! space.crunchlabs.com/selfie/JEWNCL