CV
Kat Traxler
Security Research | Leadership | Education
As a Principal Security Researcher at Vectra AI, I conduct foundational research into cloud threat landscapes, including managed identities, AI-assisted bug-hunting, and cloud-native ransomware. I am a frequent speaker at cybersecurity conferences including RSA, BlackHat EU, DefCon, and fwd:cloudsec. I authored SANS SEC549: Cloud Security Architecture. Published author and regularly quoted in the media on cybersecurity.
Work Experience
Principal Security Researcher โ Vectra AI
July 2021 โ Present ยท San Jose, CA
As a technical subject-matter expert at Vectra AI, a leader in Network/Cloud Detection and Response (NDR/CDR), I guide strategic product direction based on critical threat landscape analysis. I previously architected the core detection logic for the AWS CDR product (2021โ2023), successfully defending customers against cloud-native and nation-state-backed attacks. My foundational research on managed identities, AI-assisted bug-hunting, and S3 Ransomware has been foundational groundwork for key product capabilities.
Principal Security Researcher, GCP โ TrustOnCloud
January 2024 โ June 2024 ยท Singapore
Performed in-depth threat modeling on GCP services for major financial institutions and governmental organizations, identifying critical threats and architecting mitigating controls, allowing customers to deploy and use cloud services with more confidence.
Lead Author, SEC549 โ SANS Institute
September 2021 โ December 2023 ยท Baltimore, MD
I authored and created SANS SEC549: Cloud Security Architecture course, a critical new offering for the globally recognized SANS Institute, envisioning the entire 5-day program. This course delivers foundational training for cutting-edge defensive patterns in cloud security design to a worldwide audience of engineers, analysts, and architects.
Security Engineer & Architect โ Best Buy
September 2016 โ July 2021 ยท Richfield, MN
At Best Buy, a Fortune 100 retailer, I leveraged diverse experience across web application penetration testing, security architecture, and cloud security engineering. During the critical, rapid enterprise adoption of the cloud, I functioned as the primary Cloud Security SME, directly enabling a smooth, secure migration. I architected end-to-end cloud incident response capabilities, coordinated cross-functional teams, and designed containment strategies.
Education & Certifications
Education
Full Stack Software Development
Prime Digital Academy โ Graduated April 2016
GIAC Certifications
- Public Cloud Security (GPCS) GIAC ยท 2021
- Cloud Security Automation (GCSA) GIAC ยท 2020
- Defending Advanced Threats (GDAT) GIAC ยท 2017
- Certified Windows Security Administrator (GCWN) GIAC ยท 2016
- Security Essentials (GSEC) GIAC ยท 2016
Publications, Blogs & Research
- ๐ฌ You Are The Blackboard โ AI Assisted Bug Hunting (2025)
- ๐ฌ Beyond Configuration Perfection: Redefining 'Cloud Security' (2025)
- ๐ Comparing CSP-Managed Machine Identities โ Whitepaper (2025)
- ๐ฌ GCP IAM 201 โ OAuth Scopes (2025)
- ๐ฌ From Remediation to Mitigation: Addressing Insecure-by-Design Flaws (2024)
- ๐ฌ Transitive Access Abuse โ Data Exfiltration via Document AI (2024)
- ๐ฌ The Unauditable, Unmanageable HMAC Keys in Google Cloud (2024)
- ๐ฌ Cloud Threat Detection Capabilities with The DeRF (2023)
- ๐ฌ Rethinking Your Threat Models for the Cloud (2023)
- ๐ฌ LastPass Breach: The Pyramid of Pain Perspective (2023)
- ๐ฌ Abusing the Replicator: Silently Exfiltrating Data with AWS S3 Replication (2022)
- ๐ Cloud-Native Ransomware โ Whitepaper (2022)
Speaking Engagements & Podcasts
2025
- RSA (San Francisco) โ "GCP Org Policies to Live By โ And Their Implementation Pitfalls"
- fwd:cloudsec EU (Berlin) โ "Confidence Predicts Accuracy and Other Lies About Cloud Security"
- BSides Las Vegas โ "The Not So Boring Threat Model of CSP-Managed NHI's"
- SecTor Cloud Security Summit (Toronto) โ "Confidence Predicts Accuracy and Other Lies About Cloud Security"
- SecretCon (Minneapolis) โ "GCP Org Policies to Live By โ And Their Implementation Pitfalls"
2024
- fwd:cloudsec EU (Brussels) โ "Service Agents and the Search for Transitive Access in GCP"
- SecretCon (Minneapolis) โ "All Quiet on the Western Front โ Exposing Logging Gaps in the Cloud"
- The Cloud Security Podcast by Google โ "Kat Traxler and IAM Mysteries"
2023
- BlackHat EU (London) โ "Democratizing Attack Techniques in the Cloud with The DeRF"
- DefCon Cloud Village (Las Vegas) โ "Attacks as a Service with The DeRF"
- SecretCon (Minneapolis) โ "Whether you like it or not, you're on a Cloud Security team"
2022
- fwd:cloudsec US (Boston) โ "Abusing the Replicator: Silently Exfiltrating Data with AWS S3 Replication"
- Cyphercon (Milwaukee) โ "How Ransomware Can Follow You to the Cloud"
2020
- fwd:cloudsec (Virtual) โ "GCP Primitive Roles, An Indictment"
- SANS Cloud & DevOps Security Summit โ "A Bug Hunter's Guide To GCP"
Featured In
- TL;DR Sec by Clint Gibler โ Episodes 272, 260, 237, 194, 143 (2022โ2025)
An industry trade publication with over 90k subscribers. Never pay-to-play and among the most trusted by industry professionals. - The Register (2024) โ Coverage of GCP service agent research on overly permissive agents allowing unauthorized data exfiltration
- VentureBeat (2021) โ Quoted as a thought leader on cloud security automation strategy across major cloud platforms