Mackenzie Jackson

Mackenzie Jackson is the Security Researcher & Advocate, Aikido As a security researcher and advocate at Aikido, Mackenzie spends his days translating security jargon into human speak and convincing developers that they can care about security without sacrificing their will to live. He loves creating and advocating for security tools that easily integrate into the development process, focusing on reducing alert fatigue and improving the overall developer experience in security implementations. Before joining Aikido, Mackenzie served as a developer advocate at GitGuardian for more than four years and co-founded and acted as chief technology officer (CTO) for Conpago, a technology company focused on combating social isolation among the elderly through innovative communication devices. Mackenzie is the host of The Security Repopodcast, where he explores emerging tech topics in cybersecurity and interviews other experts. In his personal time he brings cybersecurity stories to life in The Red Team Chronicles comic series. Mackenzie also regularly speaks at tech conferences like DevOxx, DefCon, NDC and BlackAlps.

platforms, security, tool, tooling, AI coding, tools, tools cybersecurity multi-tool

Open-Source Security Tools are Free… And Other Lies We Tell Ourselves

Mackenzie Jackson | November 19, 2024 | Compliance, Cost-effectiveness, false positives, open source, security

The most expensive security tool isn't the one you pay for - it's the one that fails when you need it most. Just ask those 110,000 websites that thought they were saving money ... Read More

Security Boulevard

The Secrets of the New York Times Source Code Breach

Mackenzie Jackson | August 2, 2024 | Breach explained, Secrets detection

The New York Times had their entire codebase leaked. In this article we explore what was inside that code, how the leak happened and what the risk for the New York Times going forward is. (Spoiler we found thousands of secrets) ... Read More

GitGuardian Blog - Code Security for the DevOps generation

CVE of the month, the supply chain attack hidden for 10 years CVE-2024-38368

Mackenzie Jackson | July 3, 2024 | DevSecOps

For over a decade, a massive vulnerability that could have unleashed a huge supply chain attack lay dormant. Luckily the good guys found it first or so it seems. This month we are taking a look at CVE-2024-38368 ... Read More

GitGuardian Blog - Code Security for the DevOps generation

CVE of the month, CheckPoint Security Gateway exploit CVE-2024-24919

Mackenzie Jackson | June 14, 2024 | DevSecOps, Security Research

This month we dive into CheckPoints CVE-2024-24919 to explain what this vulnerability does and why we have seen it being used in the wild already! ... Read More

GitGuardian Blog - Code Security for the DevOps generation

Vulnerability of the Month – Controversy of the JetBrains TeamCity CVE-2024-27198 & CVE-2024-27199

Mackenzie Jackson | May 3, 2024 | supply chain security

This month we dive into CVE-2024-27198 for JetBrains TeamCity and the controversy surrounding the patching process that contributed to it being exploited in the wild ... Read More

GitGuardian Blog - Code Security for the DevOps generation

I asked 40 security experts to share their best advice, it didn’t disappoint.

Mackenzie Jackson | March 22, 2024

This post explores the best security advice we have received over the past almost 2 years from various different security professionals ... Read More

GitGuardian Blog - Automated Secrets Detection

Nation-state hackers access Microsoft source code and steal secrets

Mackenzie Jackson | March 11, 2024 | Breach explained

Microsoft has been experienced a sustained attack by Russian-backed nation-state attacker Midnight Blizzard (also known as NOBELIUM). This blog examines all we know so far ... Read More

GitGuardian Blog - Automated Secrets Detection

Sumo Logic Breach Shows Leaked Credentials Still a Persistent Threat

Mackenzie Jackson | November 9, 2023 | Breach explained

Sumo Logic reported a security breach on November 3, 2023, due to a compromised credential that allowed unauthorized AWS account access ... Read More

GitGuardian Blog - Automated Secrets Detection

8.5% of Docker images expose API and Private Keys

Mackenzie Jackson | September 14, 2023 | DevSecOps

A new comprehensive study by researchers at RWTH Aachen University in Germany did a study on over 300,000 docker images finding that 8.5% contained API keys and private keys that malicious actors could exploit in the wild ... Read More

GitGuardian Blog - Automated Secrets Detection

Exploring the Controversy: The Pros and Cons of Environment Variables – PyCon Italia

Mackenzie Jackson | June 30, 2023 | Conferences

Using environment variables to store secrets has long been considered a good practice. But in this article, we will explore different opinions as to why using env vars might be either good or bad for security ... Read More

GitGuardian Blog - Automated Secrets Detection