Designing Secure AWS Architectures
Zero Trust | DevSecOps Automation | Terraform Governance | Cloud-Native Threat Detection
I architect and automate secure AWS environments with a focus on Zero Trust principles, infrastructure-as-code governance, and real-time threat detection. Specializing in DevSecOps automation, IAM guardrails, SOAR workflows, and compliance-driven cloud security.
About
Senior Cloud Security Architect with 8+ years of expertise in designing and automating secure AWS environments. Specialized in implementing Zero Trust architectures, DevSecOps automation, and cloud-native threat detection systems.
My focus is on building security-first infrastructure through Terraform governance, IAM guardrails, SOAR automation, and comprehensive compliance frameworks. I've designed and deployed security solutions for healthcare, financial services, and enterprise organizations.
Cloud security demands a proactive approach — from securing the software supply chain and hardening CI/CD pipelines to enforcing least-privilege access at scale. I architect layered defenses that combine preventive controls, detective capabilities, and automated response workflows to reduce risk across the entire AWS environment.
I specialize in threat modeling for cloud-native workloads, designing AWS Security Hub and GuardDuty integrations that turn raw findings into actionable alerts. By correlating signals across CloudTrail, VPC Flow Logs, and application telemetry, I build detection pipelines that catch lateral movement, credential abuse, and data exfiltration in real time.
Passionate about cloud security automation, infrastructure-as-code, and translating complex security requirements into scalable, maintainable systems that stand up to modern adversaries.
Core Expertise
Cloud Security
AWS security architecture, network isolation, encryption, and defense-in-depth strategies
IAM Governance
Identity & access management, policy automation, least privilege enforcement, and access reviews
DevSecOps
Security-first CI/CD pipelines, container security, SAST/DAST integration, and automated remediation
Terraform & IaC
Infrastructure-as-code governance, policy enforcement with OPA/Sentinel, and secure automation
Threat Detection
Cloud-native detection engineering, GuardDuty integration, SecurityHub automation, and threat response
SOAR Automation
Security orchestration, automated incident response, threat enrichment, and response workflows
Compliance & GRC
Healthcare (HIPAA), payment processing (PCI-DSS), audit automation, and compliance frameworks
Application Security
OWASP principles, secure coding practices, vulnerability management, and security testing
Tools & Tech Stack
The technologies and platforms I work with daily
AWS Security Services
IaC & Automation
DevSecOps & Pipeline Security
CSPM, SIEM & Detection
Compliance Frameworks
Containers & Platforms
Featured Projects
AWS Security Architecture Portfolio
FeaturedComprehensive AWS security architecture implementation covering multi-account setup, network isolation, encryption, and centralized logging with GuardDuty and SecurityHub integration.
Cloud SOAR Pipeline
AutomationAutomated threat detection and response pipeline using GuardDuty findings, Lambda orchestration, and automated remediation workflows with 90% auto-remediation rate.
Terraform + OPA Policy Gates
IaC GovernanceInfrastructure-as-code governance with OPA/Conftest policy enforcement, automated security validation, and compliance-driven Terraform automation.
ITDR Detection Engineering
DetectionIdentity and infrastructure threat detection rules, anomaly detection, and real-time monitoring for AWS environments with automated alert orchestration.
Multi-Account Zero Trust Architecture
ArchitectureZero Trust architecture implementation across multiple AWS accounts with centralized policy enforcement, comprehensive logging, and automated compliance validation.
Terraform + Ansible Automation
DevOpsEnd-to-end infrastructure automation combining Terraform for infrastructure provisioning and Ansible for security hardening and compliance enforcement.
Impact & Metrics
Years Cloud Security Experience
Critical Vulnerabilities Remediated
MTTD Reduction Achieved
Automated Remediation Rate
AWS Security Projects
Workloads Secured
Articles & Blog
Find me writing on
Designing a Zero Trust AWS Governance Architecture using AWS Organisations, SCPs and CloudTrail
A practical walkthrough of designing a Zero Trust governance model across AWS Organizations — leveraging Service Control Policies, CloudTrail audit trails, and layered IAM controls to enforce least-privilege at scale.
Read ArticleEvent-Driven EC2 Isolation in AWS: Building a Minimal Cloud SOAR Without Buying One
How to build a lightweight, event-driven EC2 isolation workflow on AWS — achieving automated threat containment using native services without the cost of a commercial SOAR platform.
Read ArticleBuilding a Multi-Account Zero Trust Governance Architecture in AWS using Terraform, SCPs and CloudTrail
A comprehensive guide to designing and deploying Zero Trust governance across AWS Organizations — combining Terraform automation, Service Control Policies, and CloudTrail for end-to-end visibility and enforcement.
Read ArticleMost People Study Cloud Wrong: Lessons from a Google Architect
A perspective-shifting take on how most engineers approach cloud certifications and learning — and the mindset shifts that separate architects who truly understand the cloud from those who just pass exams.
Read ArticleCloud-Native Threat Detection: Building Detection Rules for AWS
A framework for writing high-fidelity detection rules using CloudTrail, VPC Flow Logs, and CloudWatch — reducing false positives below 3% in production environments.
Read ArticleHIPAA-Compliant AWS Architecture: What You Actually Need
Cutting through the compliance noise — a practical checklist of AWS controls needed for HIPAA, backed by real architecture patterns from healthcare deployments.
Read ArticleSpeaking & Community
Sharing knowledge through talks, webinars, and community contributions
Zero Trust at Scale: AWS Multi-Account Governance
Cloud Security Summit
Deep-dive into designing and enforcing Zero Trust governance across large AWS Organization structures using SCPs, Terraform, and CloudTrail.
Building a SOAR Without Buying One: Event-Driven Security on AWS
DevSecOps Community Webinar
Live walkthrough of building automated EC2 isolation and incident response workflows using native AWS services — no commercial SOAR required.
Policy-as-Code: Enforcing Security Gates in CI/CD with OPA
AWS User Group Meetup
Practical session on using Open Policy Agent and Conftest to block insecure Terraform plans before they reach production environments.
Open Source & GitHub
Public tools, templates, and contributions to the security community
aws-zero-trust-terraform
Terraform modules for deploying a Zero Trust governance architecture across AWS Organizations — including SCPs, IAM guardrails, and CloudTrail configuration.
View Repository →aws-soar-ec2-isolation
Serverless event-driven pipeline for automatic EC2 isolation on suspicious activity — Lambda, EventBridge, and Security Hub integration with full audit trail.
View Repository →More on GitHub
Browse all public repositories, security tools, and Terraform modules.
View GitHub ProfileWhat People Say
Feedback from colleagues, managers, and collaborators
Surya brings a rare combination of deep technical knowledge and practical implementation skills. His Zero Trust architecture work fundamentally improved our cloud security posture.
Working with Surya on our DevSecOps pipeline was transformative. He automated threat detection workflows that reduced our manual triage effort by over 70%.
Surya's Terraform governance framework saved us months of compliance work. His attention to detail and ability to translate security requirements into code is exceptional.
Get In Touch
Open to conversations about AWS security, cloud architecture, DevSecOps, and new opportunities