System Status: Online
Iftach Ian Amit
CEO & Co-Founder at Gomboc AI
Former CSO and Executive leader at Cimpress, Rapid7, Amazon and ZeroFOX.
System Status: Online
Former CSO and Executive leader at Cimpress, Rapid7, Amazon and ZeroFOX.
I split my time between building companies and breaking systems. Currently, I am leading Gomboc AI, where we are solving cloud infrastructure security using deterministic AI — giving engineering teams actual fixes, not just alerts.
With over 25 years in the industry, I've led security programs at global scale: from Amazon (AWS) and Rapid7 to founding my own ventures. My approach bridges deep technical offense with executive-level strategy — I've been both the hacker and the CISO, and I build products that reflect both perspectives.
Beyond the corporate world, I am deeply involved in the community—serving on the board of BSides Las Vegas, founding the Tel Aviv DefCon chapter (DC9723), acting as faculty for IANS, and writing about what actually matters in security at the Intelligence Log.
From breaking systems as a researcher to defending them at global scale — a 25-year arc from red team to the boardroom, and back to building.
Solving the last mile of cloud security: not more alerts, but actual fixes. Built Gomboc AI from zero to a funded, deployed product that gives engineering teams deterministic AI-generated remediations for infrastructure misconfigurations.
Led enterprise security, physical security, and global IT for a publicly traded cybersecurity company. Scaled the security program through rapid international expansion, M&A integration, and IPO-era scrutiny — while staying practitioner-close to the product teams.
Built and led security strategy across a global portfolio of mass-customization businesses spanning 20+ brands and 40+ countries. Established a federated security model that scaled across a decentralized enterprise without sacrificing control.
Twenty-five years of watching the same movie: security teams find problems, hand them to engineering as tickets, and watch them sit in backlogs indefinitely. I've been on both sides of that friction — as the attacker, the defender, and the executive funding both. Gomboc AI exists to close that loop. Not more dashboards. Actual fixes, automatically generated, that engineers actually merge.
Thinking out loud on security, AI, risk, and what actually works in practice.
I built an open-source FAIR implementation because the existing options are either six-figure enterprise tools or Excel spreadsheets that make your eyes bleed. Here's what I made and why it matters.
Read Entry ›A mental model I've been applying — and evangelizing — for years: permissions that expand and contract based on context, minimizing attack surface without breaking how people actually work.
Read Entry ›Security programs fail not because of bad tools but because of bad incentive structures. What you measure shapes what people do — and most security metrics incentivize the wrong things entirely.
Read Entry ›Security swings between buying products and developing skills — and misses the point both ways. Originally published on Forbes Tech Council.
Read Entry ›BlackHat, DefCon, RSA, BlueHat
View TalksForbes, DevOps.com, DarkReading
View ArticlesBSidesLV, DC9723, The CISO Track
View RolesSpeaker — cybersecurity conference for hackers, AI builders & operators.
Interested in having me speak at your conference, podcast, or event?
Get in Touch