SC-Cleared Linux & Cloud Security Contract Consultant
In many cloud security reviews, Identity and Access Management (IAM) often turns out to be the weakest area. AWS provides powerful tools to control access, but its defaults are permissive and administrators often grant overly broad rights. The result is predictable: accounts with far more privilege than needed, with API keys that never expire, and … Read more
Identity and Access Management (IAM) is at the centre of every security framework I have worked with. Whether on Linux systems or in cloud platforms, controlling who can do what is fundamental. In my experience, organisations often underestimate IAM. They focus on firewalls or malware protection, while leaving access control inconsistent or poorly documented. In … Read more
Secure Shell (SSH) is the standard tool for remote administration of Linux systems. In practice, it is also one of the most common weaknesses I encounter when reviewing environments. Misconfigurations are frequent, and attackers actively exploit them. Hardening SSH is one of the most effective early steps in strengthening infrastructure security. 1. Why SSH Security … Read more
Short version: Use Identity Center (SSO) for humans, IAM roles for workloads, and a handful of organization guardrails. Keep permission sets simple (ReadOnly, PowerUser-no-IAM, Admin), enforce MFA and sensible session lengths, and monitor root usage rather than trying to block it. 1) The shape that works Accounts: management, log-archive, security, and one per environment (dev/test/prod). … Read more