The Stack Overflow Podcast

Multi-stage attacks are the Final Fantasy bosses of security

12 snips
Mar 24, 2026
Guest
Gee Rittenhouse
Gee Rittenhouse, VP of Security Services at AWS with deep cloud security and threat detection experience, walks through multi-stage cyber attacks and how they unfold. He discusses overlooked signals in noisy developer environments. He explores AI’s role in speeding reconnaissance and creating agent-like insider risks. He covers detection tradeoffs, rapid response, and testing defenses.
Ask episode
AI Snips
Chapters
Transcript
Episode notes
INSIGHT

Send Alerts To The Right Person Fast

  • Detection should route the right context to the right responder to avoid noisy alerts.
  • Rittenhouse says AWS filters and routes alarms to developers, cloud admins, or SREs instead of broadcasting to everyone.
ADVICE

Act Immediately On Clear High-Risk Signals

  • Prioritize immediate, high-confidence signals like publicly exposed S3 buckets for instant action.
  • For nuanced behaviors (e.g., searching for credentials) allow time to establish intent before escalating.
INSIGHT

Compromised Credentials Are The Main Entry

  • Compromised credentials are the predominant entry vector into cloud accounts.
  • Gee Rittenhouse notes attackers often gain upstream access (phishing, etc.), then use those legitimate credentials to operate inside AWS.
Get the Snipd Podcast app to discover more snips from this episode
Get the app