Maya Kaczorowski
@MayaKaczorowski
Followers
10K
Following
28K
Media
883
Statuses
8K
I love puzzles almost as much as ice cream. she/her @[email protected]
San Francisco, CA
Joined March 2016
What I've been up to the last few months: working on the untrendy but important problem of authorization in corporate environments. Check it out!.
Identity management has quietly become the primary security perimeter. It's a mess. Identity requires constant manual work that security teams burn out from. At Oblique, we're helping organizations make their access controls actually maintainable:.
0
5
14
RT @InsecureNature: I asked @MayaKaczorowski (former Senior Director @github) about her thoughts about GitHub's identity system. Persona….
0
5
0
I'll be speaking on Friday at @bsidesseattle about authentication failures — see you there! 🏙️🏔️☕
0
0
9
I'll be talking at BSidesSLC later this week on the evolution of authentication. come check it out!.
👤→🤖 Auth has evolved from passwords to passkeys. now AI agents want in. At #BSidesSLC, @MayaKaczorowski explores:.-How auth broke.-What users expect now.-What comes next with AI identity. 🔐 Don't miss this one → .April 11th @ 11:30am
0
0
8
RT @BsidesSLC: 👤→🤖 Auth has evolved from passwords to passkeys. now AI agents want in. At #BSidesSLC, @MayaKaczorowski explores:.-How au….
0
1
0
RT @dinodaizovi: "Instead of creating ‘AI agent’ permissions, fix your existing ones. [. ] You need separate read and write permissions fo….
mayakaczorowski.com
0
13
0
Read the full analysis for detailed findings, including what security tools companies are building internally and why AI security wasn't a top concern:
mayakaczorowski.com
1
12
46
What makes it worse?.- Vendor overload ("I fucking hate vendors" - actual quote).- Mystery asset ownership ("who owns this?!").- Explaining security to the board, who are still reusing passwords.
3
0
27
Top 3 technical nightmares:.- Access management: Death by 700+ tickets/month.- Vulnerability management: "We're at 2010 EDR levels here".- SaaS logs: Still emailing vendors for logs during incidents 😅.
1
4
38
I interviewed 57 security leaders to answer one question: What sucks in security right now? The answers were fascinating, frustrating, and occasionally funny 🧵.
8
38
169
i sent 30+ emails today 😱.
the problem with replying to emails is that they email you back.
1
0
16
Rather than a security tool alerting the security team (in Slack), who then needs to find the right person to ping (also in Slack) — what if the tool just short circuited that and went right to the source (in Slack, of course)?.
mayakaczorowski.com
1
3
18
realizing the support chatbot will let me talk to a real human if I speak Spanish. bueno! (I do not speak Spanish).
0
0
9
RT @iangcarroll: In April, @samwcyo and I discovered a way to bypass airport security via SQL injection in a database of crewmembers. Unfor….
ian.sh
We discovered a serious vulnerability in the Known Crewmember (KCM) and Cockpit Access Security System (CASS) programs used by the Transportation Security Administration.
0
650
0
I was on a panel for @PulumiCorp Up today. Check it out for a discussion on software supply chain security, secret management, and other trends in automating infra security:.
0
1
6
. so your SO doesn't make you fill out a postmortem after vacation?.
4
0
11
at what point is my side hustle just privacy class action lawsuits.
1
0
4
his spam: pegasus is recording you watch porn.my spam: join this board, your costco membership blah, we are not the same.
2
0
4
RT @PulumiCorp: Don't miss our PulumiUP expert panel: "Secrets and Policies - Automating Cybersecurity" featuring @MayaKaczorowski, @jmelle….
0
3
0