Elli Shlomo

CTO

Tel Aviv, Israel25 yrs 1 mo experience
AI EnabledAI ML Practitioner

Key Highlights

  • Expert in offensive security and AI-driven protection.
  • Proven track record in cloud forensics and incident response.
  • Recognized Microsoft Security MVP with 26 years of experience.
Stackforce AI infers this person is a Cybersecurity expert specializing in cloud security and offensive research.

Contact

LinkedIn

Skills

Core Skills

Offensive SecurityCloud SecurityAi-driven ProtectionIdentity ManagementIncident ResponseInfrastructure Management

Other Skills

Identity-centric threatsExploit developmentRed team operationsCloud ForensicsAI agentsThreat huntingSecurity operationsEntra IDToken theft mitigationForensic analysisAdversarial AI researchMicrosoft 365AzureAWSAI-SOC architectures

About

I break down how modern breaches actually work. The identity hijacking, the AI exploitation, and the forensic truth hidden in the logs. As a Cloud Security Researcher and Microsoft Security MVP, I have spent over 26 years deconstructing the evolution of the technology stack. I have seen firsthand how "unbreakable" architectures crumble when faced with real world adversary logic. Today, I translate that experience into offensive research and proactive defense, focusing on the critical intersection of Identity and Adversarial AI. Identity Hijacking is about bypassing the modern perimeter by manipulating trust relationships, OAuth flows, and token chains. AI Exploitation is about weaponizing LLMs and subverting autonomous agents before defenders even understand the attack surface. Cloud Forensics is about deconstructing artifacts to master the attacker's tradecraft and read what the logs actually say, not what defenders assume they say. AI-Native Research is about using Claude and cloud code as daily instruments to accelerate offensive research, automate forensic analysis, and build detection logic at a speed that matches the adversary. I actively exploit architectures and platforms to prove where standard controls fail. By turning breach artifacts into detection models, I help architect the next generation of AI-driven SOC capabilities, using Claude and cloud code daily to eliminate the gap between compromise and mitigation. My career spans 26 years across industrial automation, cloud architecture, and offensive security. This gives me a perspective most researchers lack. I have built these systems from the ground up, so I know exactly how to tear them down. Currently leading offensive research at Guardz for the MSP ecosystem and recognized as a Microsoft Security MVP. ------------------------------- 🔗 cyberdom.blog 💻 github.com/eshlomo1

Experience

25 yrs 1 mo
Total Experience
2 yrs 2 mos
Average Tenure
1 yr 2 mos
Current Experience

Guardz

Head of Security Research

Mar 2025 – Present · 1 yr 2 mos · Tel Aviv District, Israel · Hybrid

  • Leading a high-impact Security Research team focused on the intersection of offensive security, identity-centric threats, and AI-driven protection. My work involves transforming exploit development and red team operations into hardened product features, specifically targeting the vulnerabilities within M365, Entra ID, and cross-cloud ecosystems.
  • AI-SOC Security Research: Architecting the transition from static monitoring to autonomous security operations. This includes researching Sentinel MCP implementations and leveraging AI agents to automate complex threat hunting and response at scale.
  • Identity & Cloud Research: Conducting deep-dive analysis into Entra ID identity flows, focusing on token theft mitigation, session hijacking, and the forensic storytelling of raw JSON logs.
  • Product-Driven Offensive Security: Translating sophisticated breach scenarios into actionable security modules. I bridge the gap between a "Hacker’s Wit" and "Blue Team Realism" to ensure product protection remains ahead of emerging threats.
  • Modern Threat Landscape: Investigating emerging attack vectors in LLM-integrated environments and Agentic AI to proactively secure the next generation of enterprise collaboration tools.
Offensive SecurityIdentity-centric threatsAI-driven protectionExploit developmentRed team operationsCloud Forensics+1

Cloudedge

Head of xTriage Team

Dec 2022 – Mar 2025 · 2 yrs 3 mos · Israel · Hybrid

  • Led the xTriage Team, a specialized division focused on offensive security, adversarial AI research, and advanced incident response across Microsoft 365, Azure, AWS, and hybrid infrastructures. My role combined red team operations, Cloud and AI research, and deep cloud forensics to simulate real world adversaries and enhance organizational detection and resilience.
  • Collaborating with data science and engineering teams, I helped shape the foundation of AI-SOC architectures, fusing human expertise with machine intelligence to automate investigation workflows, strengthen threat correlation, and uncover attacker patterns invisible to traditional systems.
  • Directed and executed AI augmented attack simulations targeting identity systems, tokens, and LLM integrated services to expose emerging vulnerabilities. Designed and implemented SIEM detection logic, playbooks, and behavioral analytics to transform offensive findings into defensive capabilities.
  • Through continuous AI adversarial testing, red team insights, and cross-team collaboration, xTriage evolved into a hybrid human AI security powerhouse, merging proactive offense with adaptive defense to redefine how modern SOCs anticipate, detect, and counter advanced threats.
Offensive SecurityAdversarial AI researchIncident responseCloud forensicsMicrosoft 365Azure+2

Gopuff

Director, Cybersecurity Architect & IR

Jun 2021 – Sep 2022 · 1 yr 3 mos · United States

  • Directed cybersecurity architecture and global incident response operations during a high growth phase, integrating threat intelligence, red team simulation, and automated defense into a unified security strategy. My work combined offensive research, cloud-native architecture design, and AI-driven incident response pipelines, enabling rapid detection, containment, and recovery across large-scale enterprise environments.
  • Built and implemented an incident response and recovery framework, powered by cloud forensics, behavioral analytics, and threat intelligence fusion to counter modern intrusion patterns. Conducted investigations and applied adversarial insights to enhance detection accuracy and defensive readiness continuously.
  • Worked closely with engineering, compliance, and executive leadership to create a unified security architecture that blended operational agility with AI innovation. This transformation transformed incident response from a reactive function into an intelligence, offensive security capability capable of predicting and neutralizing complex threats in real-time.
Cybersecurity architectureIncident responseThreat intelligenceRed team simulationCloud-native architectureAI-driven incident response+2

Bdo israel

Microsoft Cybersecurity Leader & IR Analyst

Dec 2020 – Jun 2021 · 6 mos · Israel

  • Led cloud security architecture, incident response, and offensive testing across Microsoft 365 and Azure environments. Designed and implemented cloud security programs using CSPM, CWPP, and CNAPP technologies to improve visibility, reduce exposure, and strengthen zero trust adoption.
  • Built a Microsoft Sentinel based SOC and engineered detections across the full kill chain using KQL analytics, custom playbooks, and automated response frameworks. Conducted offensive simulations and attack emulations targeting identity, data, and compliance layers to test resilience and raise detection maturity.
  • Developed cloud incident response automation aligned with MITRE ATT&CK and Cyber Kill Chain methodologies to accelerate investigation and containment. Performed deep penetration testing and adversarial exercises against cloud and hybrid environments to uncover vulnerabilities and improve readiness.
  • Collaborated with Microsoft engineering teams, compliance officers, and customers to architect secure cloud solutions, deliver workshops, and improve operational maturity. This role strengthened the foundation of modern cloud security operations by combining red team insights with proactive detection engineering to stay ahead of evolving threats.
Cloud security architectureIncident responseOffensive testingCSPMCWPPCNAPP+2

Netafim

Infosec

Apr 2019 – Dec 2020 · 1 yr 8 mos · Israel

  • Led global cloud security initiatives across Azure and AWS environments, improving security posture and ensuring compliance with corporate and regulatory standards. Designed and implemented scalable security architectures for multi-cloud workloads with a focus on identity, access control, and continuous monitoring.
  • Deployed Microsoft 365 Security and Azure native technologies to enhance threat detection and automate response processes. Conducted offensive assessments and simulated attack scenarios on cloud and hybrid environments to identify weaknesses and strengthen defensive controls.
  • Developed and enforced security policies and governance models to protect data and critical workloads. Integrated threat intelligence feeds with SIEM and SOAR solutions to provide real-time enrichment and accelerate investigation workflows.
  • Performed threat hunting and vulnerability assessments targeting identity, network, and application layers. Analyzed attacker tactics and techniques to inform defensive strategy and improve resilience against advanced threats.
  • This role established a new methodology for adopting and operationalizing cloud security across the organization, transforming Netafim’s defensive posture into a proactive, intelligence-informed security program.
Cloud security initiativesIdentity access controlContinuous monitoringMicrosoft 365 SecurityAzure technologiesCloud Security+1

Eureka solutions

CTO

Jan 2018 – Apr 2019 · 1 yr 3 mos · Israel

  • Led the company’s technology and cybersecurity strategy with a focus on cloud security, incident response, and advanced threat defense. Designed and executed enterprise scale Microsoft and Azure security projects that improved the organization’s resilience, detection accuracy, and operational maturity.
  • Conducted in-depth cloud security assessments to identify vulnerabilities and design targeted mitigation strategies. Simulated real attack scenarios against Azure and Microsoft 365 environments to validate defenses and strengthen response mechanisms.
  • Developed and deployed a cloud incident response framework aligned with MITRE ATT&CK and Cyber Kill Chain methodologies. Automated response workflows to improve consistency, reduce investigation time, and ensure rapid containment of security incidents.
  • Architected secure cloud infrastructure and deployment models for complex workloads across Azure and hybrid environments. Delivered strategic guidance to executive stakeholders, ensuring technology alignment with business and security priorities.
Cloud security strategyIncident responseAdvanced threat defenseMicrosoft security projectsCloud SecurityIncident Response

U-btech solutions ltd

Cybersecurity Leader

May 2016 – Dec 2017 · 1 yr 7 mos · Israel

  • Led cybersecurity initiatives focused on strengthening enterprise cloud and identity security across Microsoft 365 and Azure environments. Directed vulnerability assessments, penetration testing, and offensive simulations targeting email, identity, and collaboration systems to expose weaknesses and improve defensive maturity.
  • Developed and implemented tailored security architectures for enterprise customers, aligning with compliance and operational requirements. Conducted in-depth assessments and hardening of Active Directory, Office 365, and hybrid identity infrastructures to reduce exposure and enforce least privilege principles.
  • Designed and deployed Microsoft and Azure security technologies, including Defender for Cloud, Defender for Endpoint, and Advanced Threat Protection, to improve visibility and automate detection workflows. Delivered customized detection and response logic to enhance SOC capabilities and accelerate incident investigation.
  • Provided security guidance, technical mentorship, and hands-on leadership for customer engagements, ensuring best practices in cloud security, data protection, and identity governance. This role built the foundation for a unified, proactive defense strategy across cloud and hybrid environments through a balance of offensive insight and operational precision.
Cybersecurity initiativesVulnerability assessmentsPenetration testingSecurity architecturesCloud SecurityIncident Response

Microsoft

Premier Office 365

Mar 2014 – Apr 2016 · 2 yrs 1 mo · Israel

  • Designed and implemented robust Microsoft Hybrid Identity solutions, ensuring seamless integration and secure access across on-premises and cloud environments.
  • Architected and deployed comprehensive identity solutions tailored to meet organizational security and compliance requirements.
  • Established security baselines for multi-cloud and hybrid identity environments, aligning with industry best practices and regulatory standards.
  • Delivered impactful knowledge transfer sessions, including chalk talks, seminars, workshops, and training courses, to enhance team capabilities and understanding.
  • Developed custom PowerShell-based solutions to address unique customer needs, automating workflows and improving efficiency.
  • Diagnosed and resolved complex performance, connectivity, and operational issues within Office 365 environments, ensuring optimal system performance.
Microsoft Hybrid Identity solutionsSecurity baselinesKnowledge transferPowerShell solutionsIdentity ManagementCloud Security

U-btech solutions ltd

Senior Consultant

Apr 2012 – Feb 2014 · 1 yr 10 mos · Herzliya, Israel

  • Designed and implemented Exchange, Office365, Lync, and PKI platforms.
  • Customer advisory and integrity person for Enterprise and mid-level customers
  • Experience with hands-on activities from troubleshooting to Microsoft projects deployment
  • Wrote design and plan documents, including low-level project documents
  • Transferred knowledge, including a workshop for Office 365 on a weekly basis
  • Did many hardening for Active Directory and windows client
  • Performed many operations of analyzing infrastructure problems in on-premises and cloud environments
Exchange platformsActive DirectoryTroubleshootingMicrosoft projects deploymentInfrastructure ManagementCloud Security

Partner communications company ltd.

Infrastructure Consultant

May 2008 – Mar 2012 · 3 yrs 10 mos

  • Managed and led professional service s team - technically and administrative
  • Developed support procedures, framework, and technical chain
  • Supported Microsoft technologies, including Office 365
  • Created a Blackberry support site for Partner customers.
  • Made Mobile device hardening as part of Blackberry support
  • Trained many teams inside Partner and customers.
Professional servicesMicrosoft technologiesSupport proceduresMobile device hardeningInfrastructure ManagementCloud Security

Datasafe

Microsoft Consultant

Jan 2004 – Mar 2008 · 4 yrs 2 mos

  • Migrated Microsoft Exchange to the latest version at the enterprise customer
  • Experience with virtualization projects with Hyper-V for a mid-level customer
  • Did many Active Directory migration projects
  • Trained customers, IT teams, and technical customers
  • Did many hardening for Active Directory and windows client
  • Performed many operations of analyzing infrastructure problems in on-premises and cloud environments
Microsoft Exchange migrationVirtualization projectsActive Directory migrationInfrastructure analysisInfrastructure ManagementCloud Security

Msn israel

IT Manager

Jun 2000 – Dec 2003 · 3 yrs 6 mos

  • Managed Exchange Server and Active Directory environment
  • Part of the Hotmail Israel team and did many Exchange activities.
  • Experience with an upgrade of IIS servers for MSN sites
  • Migrated from NT 4.0 to Windows Server 2003 environment with Active Directory servers
  • Migrated of email server environment from Exchange 5.5 to Exchange 2003
  • Did many hardening for Active Directory, Microsoft PKI, and windows client
  • Performed many operations of analyzing infrastructure problems in on-premises and cloud environments
Exchange Server managementActive DirectoryIIS servers upgradeInfrastructure ManagementCloud Security

Stackforce found 100+ more professionals with Offensive Security & Cloud Security

Explore similar profiles based on matching skills and experience

MK

Madhu Chandan K

Cybersecurity analyst

at Accenture in India

Hyderabad, India3 yrs 7 mos exp
Endpoint SecurityCybersecurity
Cody K.

Cody K.

Senior Consultant | Cybersecurity & Technology

at Meliora

Hong Kong, Hong Kong2 yrs 7 mos exp
Technical RecruitingCybersecurity
Yas Bourne

Yas Bourne

Recruitment Consultant - Security

at Just Digital People

Brisbane City, Australia3 yrs 4 mos exp
RecruitingCybersecurity
Jason Ampoloquio, OSCE³

Jason Ampoloquio, OSCE³

Professional Instructor

at De La Salle University

Manila, Philippines12 yrs 8 mos exp
Active Directory
Bruno Naves

Bruno Naves

Red Team Operator

at banco BV

Brasília, Brazil5 yrs 5 mos exp
Red TeamingAdversary EmulationPenetration TestingSecurity AssessmentsDetection Validation
Mike Dame

Mike Dame

Hacker of Time & Space

at The Multiverse

North Palm Beach, United States8 yrs 4 mos exp
Client RelationsMulti-Cloud Penetration TestingOffensive Security ServicesPenetration TestingRed Teaming
Noah H.

Noah H.

Cloud and Cybersecurity Intern

at Formerra

United States0 mo exp
Tristan Kalos

Tristan Kalos

Co-Founder & CEO

at Escape

New York, United States6 yrs 10 mos exp
Product ManagementEnterprise Software SalesMachine Learning