Recent & Upcoming Talks

Conference Talk (fwd:CloudSec 2026): What Building an AI Worm Taught Us About Stopping One

AI agents and chatbots increasingly run Python code interpreters that can be abused by attackers. This talk shows how prompt-to-RCE, credentials abuse, and C2 payloads work in these sandboxes, including a real AWS AgentCore breakout, and how to harden against code interpreter exploits.

Conference Talk (BSides SF 2026): Pwning and Defending AI Agent Code Interpreters

AI agents and chatbots increasingly run Python code interpreters that can be abused by attackers. This talk shows how prompt-to-RCE, credentials abuse, and C2 payloads work in these sandboxes, including a real AWS AgentCore breakout, and how to harden against code interpreter exploits.

Cloud Security Podcast Interview: Building & Scaling AWS Security Guardrails

Guest appearance on a the Cloud Security Podcast, discussing AWS Security Guardrails, CI/CD, Observability, Serverless, and more.

OWASP Guest Speaker: Cloud Security Tooling for the Sole Practitioner

In this talk, I cover what sole security practitioners need to build out their own 'lean but mean' cloud security toolkit and provide demos of the suggested tools.

Conference Talk (fwd:CloudSec 2021): Security Guardrails at Scale in Azure

Azure Guardrails, published by Kinnaird in July 2021, helps you deploy hundreds of security guardrails in Azure within minutes. He discusses the tool in this talk and provides a demo.

Conference Talk (Salesforce SHIFT): Preventing Systemic Security Issues

SHIFTing Left by Creating Guardrails using AWS Service Control Policies and Making Least Privilege Easy for Developers

Conference Talk (fwd:CloudSec 2021): Limiting Blast Radius by Automating IAM Policies using Policy Sentry

Policy Sentry, published by Kinnaird in late 2019, helps you write least privilege AWS IAM Policies. He discusses the tool in this talk and provides a demo.

Podcast Interview (Stelligent): Open Sourcing AWS IAM Security tools

Guest appearance on a Podcast, discussing open source IAM security tooling

Webinar (Synopsys): Securing Enterprise-Level Cloud Deployments (2018)

When you’re operating in a cloud environment, access expands, responsibilities change, control shifts, and the speed of provisioning resources and applications increases—significantly affecting all aspects of IT security. Security must keep up with …