Shadow IT: Mapping Switzerland’s External Attack Surface
Shadow IT doesn’t come from one bad decision. It builds up over time as infrastructure grows, people move between teams and companies, vendors deploy systems, cloud environments change, and documentation falls out of date. A single forgotten development instance or an untracked database server can become the path to a serious breach. I have spent years running Internet-wide scanning and building the tooling behind it at FullHunt. I have also run hundreds of security reviews focused on Shadow IT and the ways organizations gradually introduce risk into their external attack surface. In this talk, I’ll show how Shadow IT grows and scales across organizations and the recurring patterns I have seen in the wild. I will introduce the Attack Surface Reduction Maturity Framework, a practical model organizations can use to understand where they stand in their attack surface reduction journey and how they can move from outdated inventories to continuous visibility. Finally, I will present real findings discovered during this research and responsibly disclosed to Swiss organizations.
About the speaker
Mazin Ahmed
Mazin Ahmed is a product security and offensive security engineer with 12+ years of experience across product security engineering, vulnerability research, red-team operations, cloud security, AI/LLM security governance, bug bounty operations, and security-program building.
He joined Chime as one of the first security engineers and helped scale the security program through IPO. He is also the founder of FullHunt.io and the creator of widely used open-source security tools, including log4j-scan, which CISA recommended during the Log4Shell response.
Read more …