And I Would've Gotten Away With It, Too, If It Wasn't For You Meddling Researchers
Rami McCarthy
fwd:cloudsec Europe 2025 · Day 2 · Main Room
Rami McCarthy, who leads the cloud risk research team at Wiz, pulled back the curtain on the process of **rapid response research** — how a security research organization investigates, coordinates around, and publicly discloses emerging threats in real time. Using the **TJ Actions supply chain attack** as his primary case study, McCarthy shared a series of vignettes from the incident response journey, each carrying a transferable lesson for anyone doing security research, consuming threat intelligence, or running incident response internally. The talk is less about the technical details of any single attack and more about the tradecraft of being an effective researcher: where to find signal, how to archive ephemeral data, when to stop investigating, and why collaboration is a force multiplier.
AI review
A valuable behind-the-scenes look at the operational tradecraft of rapid response research, using the TJ Actions supply chain attack as a compelling case study. The lessons on archiving, OSINT sources, and community collaboration are genuinely useful, though the talk deliberately avoids deep technical analysis of the attack itself.