Mackenzie Jackson

Mackenzie Jackson

Mackenzie is the developer advocate at GitGuardian, he is passionate about technology and building a community of engaged developers to shape future tools and systems.

55 posts
Website Twitter
Lessons from Lapsus - CISO on Building a comprehensive secrets management program

Lessons from Lapsus - CISO on Building a comprehensive secrets management program

Following a breach by the Lapsus$ cyber gang, Jason Haddix, then CISO of UbiSoft called over 40 other CISOs to discuss strategies on how to be more resilient to attacks. Those conversations led him to create a 4 step guide to building a comprehensive secrets management program.

Best Practices for Managing and Storing Secrets Including API Keys and Other Credentials [cheat sheet included]

Best Practices for Managing and Storing Secrets Including API Keys and Other Credentials [cheat sheet included]

We have compiled a list of some of the best practices to prevent API key leakage and keep secrets and credentials safe. Secrets management doesn’t have a one-size-fits-all approach, so this list considers multiple perspectives so you can be informed in deciding to or not to implement strategies.

Creating a Honeytoken - Complete Tutorial

Creating a Honeytoken - Complete Tutorial

Honeytokens or Canary Tokens are credentials designed to alert you when an attacker is in your infrastructure. This is a complete tutorial how to create them using only open-source projects.

The State of Security in Australia: HackSydney and BSides give insight into security post-Medibank and Optus

The State of Security in Australia: HackSydney and BSides give insight into security post-Medibank and Optus

Cybersecurity in Australia has moved well and truly into the focus of the mainstream media and the everyday public. This year we saw two catastrophic security breaches with Optus, an Australian telecom provider, and Medibank, one of the largest health insurance providers in Australia.

Crappy code, crappy Copilot. GitHub Copilot is writing vulnerable code and it could be your fault

Crappy code, crappy Copilot. GitHub Copilot is writing vulnerable code and it could be your fault

The promise of AI code assistance like Copilot was an exciting promise when released. But they might not be the answer to all your problems. A research study has now found that while Copilot frequently introduces vulnerabilities, it may in fact be influenced by the input. Poor code, poor outcome.

Samsung and Nvidia are the latest companies to involuntarily go open-source leaking company secrets

Samsung and Nvidia are the latest companies to involuntarily go open-source leaking company secrets

Nearly 200GB of source code from Samsung and the source code from Nvidia's latest DLSS technology has been published online by The Lapsus$ hacking group. Internal source code being leaked online by adversaries is happening with alarming regularity in recent years. Only a few

Mackenzie Jackson, GitGuardian: “code security needs to be a layered approach”

Mackenzie Jackson, GitGuardian: “code security needs to be a layered approach”

Security should be something that companies implement into the software development lifecycle as early as possible. It should be a consideration at every step of development, from design and through to deployment and every incremental change made thereafter.

Codecov supply chain breach - explained step by step

Codecov supply chain breach - explained step by step

Codecov recently had a significant breach as attackers were able to put a backdoor into Codecov to get access to customers' sensitive data. This article reviews exactly what happened, how attackers gained access, how they used sensitive information and of course, what to do if you were affected.

arrow-down