SC-Cleared Linux & Cloud Security Contract Consultant
Streamline operations with Ansible workflows, logging pipelines, and proactive monitoring.
Baseline assumption: You already have CloudTrail, basic CloudWatch alarms, and Config turned on. These add-ons layer threat detection and hygiene checks without turning your inbox into a landfill. Enable first (org-wide) GuardDuty — managed threat detection from CloudTrail, DNS, and VPC telemetry. Turn on in all regions; centralise findings. Inspector — automated EC2 and ECR … Read more
Last updated: 20 Aug 2025 Short version: set log retention explicitly, wire 3 alarms that actually matter, and keep severity mapping simple. Don’t create 40 “informational” alerts and call it monitoring. 1) Set log retention on day one Pick a default (e.g., 30 or 90 days) for all CloudWatch log groups. “Never expire” is not … Read more
Short version: CloudTrail is your audit log of API activity, CloudWatch is telemetry + alerting (metrics/logs/events), and Config is resource inventory + compliance. You probably need all three, wired together sensibly. Who does what Goal CloudTrail CloudWatch Config Audit every API call (who/what/when/where) ✔️ — — Real-time alerts (errors, patterns, thresholds) via Logs → Metric … Read more
TL;DR: Run the server on one end (iperf3 -s), the client on the other (iperf3 -c host). Test both directions, try single stream then a few parallel streams, and use UDP to quantify loss/jitter. When to use iperf3 Throughput is low and you don’t know if it’s the app, the host, or the network. You … Read more
Why Vulnerability Management is Core Security Unpatched vulnerabilities are still the #1 root cause of breaches. OpenVAS provides an open-source equivalent to Nessus/Qualys for vulnerability scanning. Deployment Checklist Install Greenbone Community Edition. Run authenticated scans (SSH/WinRM creds). Integrate with patch management (Ansible playbooks). Schedule monthly full scans; weekly delta scans. Track remediation progress with reporting. … Read more
The Problem A Linux server generates thousands of log lines per hour. Without structure, critical alerts drown in noise. Attackers rely on this. Core Logs to Monitor /var/log/auth.log – SSH, sudo, login attempts. /var/log/syslog / messages – system and kernel alerts. journald – structured logging with filters. Application logs – Apache, Nginx, PostgreSQL, etc. Practical … Read more
Why SIEM is Non-Negotiable Most organisations already collect logs. Few actually use them. A SIEM turns noise into alerts. Wazuh (fork of OSSEC) offers enterprise-grade SIEM, free and open source. Deployment Checklist Install Wazuh Manager on a central server. Deploy Wazuh Agents to endpoints (Linux, Windows, cloud). Integrate Logs: journald, syslog, Apache, MySQL, cloud services. … Read more
Why Patching Matters Most breaches exploit known vulnerabilities, often months or years old. WannaCry (2017) succeeded because thousands of systems weren’t patched despite updates being available. Even today, unpatched Apache, Exim, or kernel flaws are exploited within days of disclosure. Manual patching doesn’t scale. Clients need automation. Ansible Patch Management Checklist Inventory Hosts Define Linux … Read more
Why Audit Trails Matter In security incidents, the first question is always: “What happened, when, and who was responsible?” Without reliable logs, the answer is guesswork. Audit trails underpin compliance (GDPR, ISO 27001, CIS Controls) and are often the single factor that separates swift incident response from reputational disaster. On modern Linux systems, systemd-journald is … Read more