Back to CV

AWS Security Writing

AWS security, threat detection, and cloud defence.

• AWS Config rules, conformance packs, and the operational details that matter June 13, 2026

  A practitioner look at AWS Config rule types, evaluation mechanics, conformance pack deployment, and the cost and correctness traps teams run into.

• Network-based malware detection: what you can see from flow data alone June 4, 2026

  Flow logs and NetFlow give you a record of every network conversation on your infrastructure, without storing the contents. Here is what malware actually looks like in that data, and where the blind spots are.

• Amazon Inspector: coverage, finding lifecycle, and severity scoring May 29, 2026

  How Inspector decides what to scan, when findings open and close, and why its severity scores differ from raw CVSS.

• Leveraging Amazon EventBridge to invoke Security Automation May 22, 2026

  How to use Amazon EventBridge rules to capture GuardDuty, Macie, and Security Hub events and automatically invoke Lambda, Step Functions, or SSM remediation workflows.

• AWS Security Hub: ASFF, Severity Normalisation and Cross-Account Aggregation May 16, 2026

  How AWS Security Hub normalises findings from GuardDuty, Macie, and 30+ integrations into ASFF — and what the severity normalisation scores actually mean for triage.

• GuardDuty Suppression Rules: Reduce Alert Noise on AWS May 10, 2026

  How to cut GuardDuty alert noise using suppression rules, trusted IP lists, and threat intel lists — with real-world finding type examples for AWS security teams.

• Leveraging Macie suppression rules to eliminate noise May 10, 2026

  How to reduce Amazon Macie alert noise using suppression rules, allow lists, and finding filters — practical examples for AWS security engineers managing S3 data findings.