A client is hiring for a Security Engineer with cloud and product focus. The position is located in Oslo, Norway. They offer relocation, but EU/EAA working permit is required. jobs.remarkable.com/jobs/5163545-s…

So I tried to build a tech company from Norway and here’s what happened: 1. Two years of building without almost any money/funding, better part of a year without salary 2. Raise VC and become one of Norway’s first unicorns 3. Face unrealized gains wealth tax bill of many x my

I wrote some guidance on how to use AWS's new RCP feature: wiz.io/blog/how-to-us…

Spent some time on AWS research tonight. I’m looking forward to interact with the new vulnerability disclosure program 🫡

AWS just released RCP examples to prevent OIDC misconfigurations from many third-party vendors. 😍 github.com/aws-samples/re… This prevents the problem I wrote about here: wiz.io/blog/avoiding-…

🎙️ The podcast that CISOs share in their private channels is *back*! 🎊 Thank you to our guests for making the first 2 seasons incredible. This week: Amitai Cohen 🎗️🤟 & Eden Naftali chat with Karim El-Melhaoui on open-source dangers & stronger security standards. 🎧 Ready for S3?

This looks like another security incident that may have been caused by "request collapsing". If you use AWS CloudFront, I encourage you to read an older blog post I wrote on this "feature" as it does something many don't expect. swedenherald.com/article/nordne… wiz.io/blog/preventin…

📖 CloudSecList Issue 276 just got released, w/ content from Huntress Elastic Security Labs O3 CYBER @InvictusIRand more! cloudseclist.com/issues/issue-2…

🏃‍♂️Meet ImageRunner: A privilege escalation vulnerability I discovered in GCP Cloud Run. Thank you for the Google VRP (Google Bug Hunters) team for working closely with us on this one. *Stay tuned for more blogs to come! tenable.com/blog/imagerunn…

What happens if a lambda that puts an event to an S3 triggers on the same S3… I can’t afford to find out

Reminder that the fwd:cloudsec Europe 2025 Call for Papers is open! First time speakers who requested feedback by May 30th and meet the submission criteria will receive feedback on how to improve during the second round. For more: fwdcloudsec.org/conference/eur…

Front row seat on Paul Schwarzenberger session presenting OWASP Domain Protect at OWASP AppSec Europe 👏

I’m left wondering how many unpaid AWS bills are related to this.

Another year in the books as a Microsoft MVP🎉

Great work by the SpecterOps team adding Entra ID to GitHub attack paths! Will officially archive once I can validate it supports OIDC github.com/O3-Cyber/oidc-…

The schedule for fwd:cloudsec Europe is out, with a single track of high-quality talks over 2 days, along with “Birds of a Feather” interactive sessions! fwdcloudsec.org/conference/eur… Some sponsorship opportunities are still available