Case Studies
Deep dives into security engineering, platform architecture, and production infrastructure decisions.
Vulnerability Management: AWS Inspector, Snyk, and Dependency Scanning in CI/CD
How I built a continuous vulnerability management pipeline using AWS Inspector for EC2 scanning, Snyk for dependency scanning, and OWASP checks integrated directly into the CI/CD pipeline.
2024-04-01 · 8 min read
Network Security: AWS WAF, CloudFront Logging, and NACL Isolation
How I configured AWS WAF for rate limiting and threat protection on CloudFront, enabled CloudFront access logging, and used NACLs for additional network layer isolation.
2024-03-20 · 7 min read
Building a SOC 2 Logging Architecture with CloudTrail, CloudWatch, and Security Hub
How I designed and implemented a centralized logging and monitoring architecture — enabling CloudTrail in all regions, capturing EC2 and application logs in CloudWatch, and centralizing compliance with Security Hub and GuardDuty.
2024-03-10 · 9 min read
Implementing IMDSv2 and EC2 Hardening in AWS
How I enforced IMDSv2 across all EC2 instances, eliminated metadata exposure risk, and contributed this to Enquire AI's SOC 2 security controls.
2024-03-01 · 6 min read
S3 Security Hardening: Encryption, Versioning, Access Control, and Audit Logging
How I hardened all S3 buckets with AES-256/SSE-KMS encryption, blocked public access, enabled versioning and lifecycle policies, and turned on access logging for SOC 2 data security controls.
2024-02-20 · 8 min read
Enforcing IAM Least Privilege and Role-Based Access Across AWS
How I replaced overly permissive IAM policies with least privilege roles for EC2, Lambda, and applications — and enforced a strong password policy as part of SOC 2 IAM controls.
2024-02-15 · 7 min read