They enable GuardDuty and call it security. They pass audits while attackers move through their infrastructure. The tools work. The gap is always human — not enough people, not enough time, not enough authority to fix what they can see.
These are the tools I wish I had when I was that person.
New: GHA Scanner — GitHub Actions Security Scanner
25 security checks across 8 categories: supply chain, injection, dangerous triggers, permissions, secrets exposure, runner security, CI/CD hygiene, best practices. Scan any public repo, get a detailed report with remediation steps. No sign-up, no data stored. Try it | Source
Assumed Role — A cloud security thriller in six chapters. A solo security engineer. A stolen credential. 72 hours of real AWS attack & defense techniques wrapped in fiction. Every CloudTrail event, SQL query & IAM policy is functional. Read the PDF
| Project | What It Does |
|---|---|
| gha-scanner | GitHub Actions security scanner. 25 checks, 8 categories, instant results. Live |
| attack-surface-management | Continuous external attack surface discovery & vulnerability scanning across AWS Organizations |
| fleet-access | Hub & Spoke IAM roles for multi-account security — self-mutating CDK pipeline, deploys to all org accounts |
| identity-center-automation | GitOps for AWS IAM Identity Center — Permission Sets & Assignments as Code, PR-reviewed |
| aws-cloudtrail-lake-detections | Detection engineering over CloudTrail Lake — reusable SQL-based detections |
| green-stone | Real-time Security Group change detection & one-click revert via Slack ChatOps |
| cdk-org-formation | Manage AWS Organizations as Code |
OSCP · AWS Security Specialty · AWS Advanced Networking · Toronto · defensive.works · LinkedIn