⟩ Specialized Expertise
6+ YRS · AWS / AZURE / GCP
Cloud Security
6+ years designing secure cloud architectures and performing penetration tests on cloud workloads.
What I deliver
- IAM least-privilege reviews
- CSPM & misconfig hunting
- Container & Kubernetes hardening
- Cloud-native attack simulation
⟩ real-world projects
Selected engagements
Sanitized highlights from real client work — approach, the bug we found, and the fix shipped. Names redacted under NDA.
01
AWS multi-account audit for fintech — privilege escalation via iam:PassRole, full SCP redesign
02
Azure tenant assessment — Consent phishing path + over-permissive app registrations cleaned up
03
EKS hardening for SaaS scale-up — kube-bench + Falco rules, removed 9 cluster-admin bindings
04
GCP IaC review with Checkov in CI — 300+ Terraform misconfigs gated pre-merge
⟩ common vulnerabilities & how I find them
Top bugs I hunt — and the steps
The recurring weaknesses I see in this domain, with the repeatable workflow I run from discovery to fix.
01
CriticalIAM Privilege Escalation
- STEP 1Enumerate identities, roles, policies with Pacu / Prowler
- STEP 2Hunt iam:PassRole, sts:AssumeRole, lambda:* escalation paths
- STEP 3Chain via service trust relationships to admin
- STEP 4Fix: SCPs, permission boundaries, remove wildcard actions, enable Access Analyzer
02
HighPublicly Exposed Storage
- STEP 1Scan S3 / Blob / GCS for public ACLs + bucket policies
- STEP 2Validate sensitive data exposure with read tests
- STEP 3Check for Object Ownership + Block Public Access flags
- STEP 4Fix: enable Block Public Access org-wide, encrypt + log all reads
03
HighKubernetes Cluster Misconfig
- STEP 1Run kube-bench (CIS) + kubescape for RBAC, network, pod-security
- STEP 2Hunt cluster-admin bindings, hostPath mounts, privileged pods
- STEP 3Test pod-to-metadata escape (IMDSv1)
- STEP 4Fix: Pod Security Admission restricted, OPA Gatekeeper, IMDSv2 only
⟩ arsenal
Tools & frameworks
Prowler
Cloud Audit
ScoutSuite
Cloud Audit
Pacu
AWS Exploitation
Kubescape
K8s Security
Trivy
Container Scanner
CloudSploit
Cloud Posture
CloudGoat
AWS CTF Lab
Steampipe
Cloud SQL Query
Checkov
IaC Scanner
Falco
Runtime Security
Terraform
IaC Provisioning
kube-bench
K8s CIS Audit
Docker Bench
Docker Audit
Polaris
K8s Best Practices
⟩ engage
Need cloud security expertise?
⟩ related
More in Specialized Expertise
VAPT & WAPT
6+ years leading 100+ real-world projects, identifying critical vulnerabilities in complex enterprise networks and web applications.
SOC Operations
6+ years managing L1/L2/L3 SOC operations for numerous clients, detecting and responding to advanced threats in real-time.
AI & GenAI Security
6+ years pioneering AI/GenAI security assessments, uncovering novel vulnerabilities in LLMs and securing AI-driven architectures.