SC-Cleared Linux & Cloud Security Contract Consultant
AWS Security Groups vs NACLs (2025): how traffic actually flows Last updated: 20 Aug 2025 Short version: Use Security Groups (SGs) for almost everything. They’re stateful, attach to ENIs/instances, and scale cleanly. Keep NACLs simple or neutral; use them for coarse subnet-level controls or as a quick kill-switch. What each thing does Property Security Groups … Read more
Last updated: 20 Aug 2025 Short version: set log retention explicitly, wire 3 alarms that actually matter, and keep severity mapping simple. Don’t create 40 “informational” alerts and call it monitoring. 1) Set log retention on day one Pick a default (e.g., 30 or 90 days) for all CloudWatch log groups. “Never expire” is not … Read more
Despite billions invested in security tools, the leading cause of cloud breaches is still misconfiguration. It’s rarely a zero-day exploit – it’s someone leaving an S3 bucket open, mis-scoping IAM permissions, or forgetting to disable test environments. The Most Common Mistakes Publicly accessible storage buckets. “Allow all” firewall and security group rules. Over-privileged IAM … Read more