Ermetic to Present Three Sessions on Cloud Security at Black Hat 2022 and DEF CON 30

Speakers will Focus on Identity, Configuration and Access Blind Spots that Attackers can Exploit in Leading Cloud Platforms

Ermetic Team By Ermetic Team
Ermetic to Present Three Sessions on Cloud Security at Black Hat 2022 and DEF CON 30

BOSTON and TEL AVIV, July 28, 2022 -- Ermetic, the cloud infrastructure security company, today announced that it will present three cloud security sessions at Black Hat 2022 and DEF CON 30 that explore blind spots and infrastructure risks in leading cloud platforms.


Igal Gofman, Head of Research for Ermetic. Igal previously served as Senior Security Researcher at Microsoft, where he focused on threat intelligence and active directory security. As Head of Security Research at XM Cyber, he led a team of security experts embracing an attacker's mindset. Earlier, as Threat Response Team Lead at Check Point Software Technologies Igal helped develop the company's intrusion detection system.

Noam Dahan, Senior Security Researcher at Ermetic is an expert in embedded security. He is a graduate of the Talpiot program at the Israel Defense Forces and spent several years in the 8200 Intelligence Corps.


At Black Hat Igal and Noam will present IAM The One Who Knocks, which will discuss the hidden risks of managing identities and access in a multi-cloud environment, including access flaws and misconfigurations in cloud provider's Identity and Access Management (IAM) layers. The session will explore open-source tools that can significantly reduce the attack surface in an enterprise cloud environment.

At DEF CON 30, Noam will present Flying Under Cloud Cover: Built-in Blindspots in Cloud Security, which explores security pitfalls in leading cloud platforms. These include security areas that are hard to get right or confusingly misrepresented, cloud platform design flaws and backdoors that limit security, and legacy support, dirty fixes that make great hiding places for attackers. The session will also present techniques to penetrate cloud environments, escalate privilege and achieve stealth.

Noam will also present Trouble Shooting AWS IAM Access Undenied Error at Cloud Village at DEF CON 30. Access Undenied on AWS analyzes AWS CloudTrail AccessDenied events, scans the environment to identify and explain the reasons for the events, and offers actionable least-privilege remediation suggestions. This session will address how to manage the peskiest Access Undenied challenges including AccessDenied messages that do not provide details, how to track down the specific policy and statement that generated an explicit deny, and creating least-privilege policy without granting excessive permissions in response to a missing allow statement.


Black Hat 2002, Mandalay Bay, Las Vegas
Cloud Village at DEF CON 30, Flamingo, Las Vegas


IAM The One Who Knocks, Wednesday, August 10 from 11:20am - 12:00pm (Black Hat)

Flying Under Cloud Cover: Built-in Blindspots in Cloud Security, August 12 from 11:30am - 12:10pm (Cloud Village at DEF CON 30)

Trouble Shooting AWS IAM Access Undenied Error, August 13 from 2:20pm - 2:50pm (Cloud Village at DEF CON 30)


To schedule a conversation with Igal or Noam, contact Marc Gendron at

About Ermetic
Ermetic helps prevent breaches by reducing the attack surface of cloud infrastructure and enforcing least privilege at scale in the most complex environments. The Ermetic SaaS platform provides comprehensive cloud security for AWS, Azure and GCP that spans both cloud infrastructure entitlements management (CIEM) and cloud security posture management (CSPM). The company is led by proven technology entrepreneurs whose previous companies have been acquired by Microsoft, Palo Alto Networks and others. Ermetic has received funding from Accel, Forgepoint, Glilot Capital Partners, Norwest Venture Partners, Qumra and Target Global. Visit us at and follow us on LinkedIn, Twitter and Facebook.

Media Contact:
Marc Gendron
Marc Gendron PR for Ermetic