Mackenzie Jackson Mackenzie Jackson is the Security Researcher & Advocate, Aikido
As a security researcher and advocate at Aikido, Mackenzie spends his days translating security jargon into human speak and convincing developers that they can care about security without sacrificing their will to live. He loves creating and advocating for security tools that easily integrate into the development process, focusing on reducing alert fatigue and improving the overall developer experience in security implementations.
Before joining Aikido, Mackenzie served as a developer advocate at GitGuardian for more than four years and co-founded and acted as chief technology officer (CTO) for Conpago, a technology company focused on combating social isolation among the elderly through innovative communication devices. Mackenzie is the host of The Security Repopodcast, where he explores emerging tech topics in cybersecurity and interviews other experts. In his personal time he brings cybersecurity stories to life in The Red Team Chronicles comic series. Mackenzie also regularly speaks at tech conferences like DevOxx, DefCon, NDC and BlackAlps.
Mackenzie Jackson
Open-Source Security Tools are Free… And Other Lies We Tell Ourselves
The most expensive security tool isn't the one you pay for - it's the one that fails when you need it most. Just ask those 110,000 websites that thought they were saving money ... Read More
Security Boulevard
The Secrets of the New York Times Source Code Breach
The New York Times had their entire codebase leaked. In this article we explore what was inside that code, how the leak happened and what the risk for the New York Times going forward is. (Spoiler we found thousands of secrets) ... Read More
CVE of the month, the supply chain attack hidden for 10 years CVE-2024-38368
For over a decade, a massive vulnerability that could have unleashed a huge supply chain attack lay dormant. Luckily the good guys found it first or so it seems. This month we are taking a look at CVE-2024-38368 ... Read More
CVE of the month, CheckPoint Security Gateway exploit CVE-2024-24919
This month we dive into CheckPoints CVE-2024-24919 to explain what this vulnerability does and why we have seen it being used in the wild already! ... Read More
Vulnerability of the Month – Controversy of the JetBrains TeamCity CVE-2024-27198 & CVE-2024-27199
This month we dive into CVE-2024-27198 for JetBrains TeamCity and the controversy surrounding the patching process that contributed to it being exploited in the wild ... Read More
I asked 40 security experts to share their best advice, it didn’t disappoint.
This post explores the best security advice we have received over the past almost 2 years from various different security professionals ... Read More
Nation-state hackers access Microsoft source code and steal secrets
Microsoft has been experienced a sustained attack by Russian-backed nation-state attacker Midnight Blizzard (also known as NOBELIUM). This blog examines all we know so far ... Read More
Sumo Logic Breach Shows Leaked Credentials Still a Persistent Threat
Sumo Logic reported a security breach on November 3, 2023, due to a compromised credential that allowed unauthorized AWS account access ... Read More
8.5% of Docker images expose API and Private Keys
A new comprehensive study by researchers at RWTH Aachen University in Germany did a study on over 300,000 docker images finding that 8.5% contained API keys and private keys that malicious actors could exploit in the wild ... Read More
Exploring the Controversy: The Pros and Cons of Environment Variables – PyCon Italia
Using environment variables to store secrets has long been considered a good practice. But in this article, we will explore different opinions as to why using env vars might be either good or bad for security ... Read More