Amir Shaked
CTO @ Stealth
Tel Aviv, Israel
Actions
Amir is currently building something new. Previously he served as the Vice President of Research and Development at Oasis Security, a startup dedicated to managing and securing the lifecycle of non-human identities. In this role, he lead the development of innovative security solutions that address the complex challenges associated with machine and workload-related identities. Prior to joining Oasis Security, Amir served as the Senior VP of R&D at HUMAN Security, where he was responsible for building a multi-zone distributed system that detects and mitigates automated attacks on websites in real-time. Before that, he led several software engineering groups at the Israeli Ministry of Prime Minister, focusing on cybersecurity products. Amir has many years of experience as a software engineer and security researcher, leading software teams across multiple disciplines including web apps, IoT, telecom, and machine learning. He holds an MBA and a BSc in Physics and Economics from Tel-Aviv University.
Links
Area of Expertise
Topics
You build it, you own it
Shift left quality assurance has perks and risks. This is our story of how we built the engineering group with no QA team from day one and its impact on engineering practices, quality procedures, speed of deployment, and maintenance of features.
GraphQL - Security Implications and Best Practices
GraphQL Is one of the fastest-growing approaches in API specifications. But it comes with security risks that can and should be addressed as you design your AAA - authentication, authorization and auditing.
Taking control over cloud costs
The modern SaaS approach requires engineering to address a lot more of the financial element, a critical part of delivery and efficiency which was less common for engineering leadership pre-cloud and the PaaS era.
In high scale growth companies, the need to manage cloud costs properly is even greater, since an oversight can create an exponential decline in COGS and run-rate.
In the talk, we will cover how to optimize the FinOps approach over time, focusing on culture, process, and technology.
We will describe the processes and framework that can be applied to every major cloud vendor, and give specific examples and tools we’ve built on GCP to address the needs we had at PerimeterX
CSP is broken, let’s fix it
The CSP standard was supposed to improve the security of websites. But like any standard, it needs to evolve to stay relevant, in the assumptions on how sites are working and in the implementation.
In this talk, we will discuss those gaps, show how the standard can be abused (and is abused), implementation gaps causing it to misbehave in browsers, and bad implementations by website owners who place poor configuration.
Create a learning culture
Building and maintaining a five 9s system isn’t just about the tools and technologies. Development culture has a big part in how you keep a system available while scaling it up and supporting more features, users, and locations.
A healthy learning culture, supporting the development, not repairing mistakes, and identifying weak points is another tool in the engineering toolbox.
In this talk, we will discuss how to create a learning culture using debriefs, what to avoid, and how to instill change in an engineering organization.
Bots and Carts
Building a good purchase flow for your users is a hard job. You run A/B tests to improve usability, use best practices to assure the quality and advanced UX to minimize user friction. Alas, all these methods mean it’s easier for an adversary to build malicious automation around your website.
The growth around automated attacks targeting the cart and the purchase
Flow is causing severe financial damage, loss of revenue, increased infrastructure
costs, and even skew your BI analytics.
This talk will cover examples of such attacks we uncovered, from scraping and hoarding to scalping, and explain what you can do to detect them and protect yourself.
Managing Growth Pains
As your team scale and grows, so do your practices of managing it. Every aspect of the team will be affected. Some can be fixed along the way - such as the processes of work. Others need to be planned from the first day to support scale - mainly culture. And of course, you, from time management to expectations and management style, must also evolve.
This talk will cover all of the above, with examples and stories, reviewing how a (fast) growing team affects culture, processes, technology, and yourself, hoping you will have a better experience managing the growth pains.
This talk is intended for any manager who finds themselves starting a new role or facing growth and pains, seeking best practices and directions on how to tackle them.
2022 All Day DevOps Sessionize Event
TestCon Europe 2022
I don't need no tests
API World 2022 Sessionize Event
Conf42: Incident Management 2022
Creating a learning culture
DevOps Pro Europe 2022
Taking Control Over Cloud Costs
DeveloperWeek Management 2022 Sessionize Event
DeveloperWeek Global (Management, Cloud, Enterprise) 2021 Sessionize Event
Automation + DevOps Summit Sessionize Event
Appsec Village DC29 Sessionize Event
BSides TLV
CSP is broken, Let's fix it
Agile, DevOps & Testing: New directions in Methods and Tools
Creating a learning culture
DevOps Pro Conference 2021
Create a Learning Culture
Are Developers the New Front Line of Security? | Panel Discussion
DeveloperWeek Global: Management
Creating a Learning Culture
Conf42: Chaos Engineering 2021
Creating a learning culture
DeveloperWeek 2021 Sessionize Event
Chaos Carnival
Create a learning culture
AppSec Israel 2020
CSP is broken, Let's fix it
EuropeClouds Summit Sessionize Event
BSidesLV 2018
Fighting Fraud in the Trenches
O'Reilly Security
Web security analysis toolbox
AppSec Israel 2017
Bots and Carts
CyberWeek - FraudCon
Automated Fraud
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top