Recognized subject matter expertise through international certifications like CSSLP, ISSMP, ISSAP, CISSP, CISM, CISA, NSA-IAM, and NSA-IEM.
1. Identity and access Management - cloud identity, saml20, iam, gcds, iam roles, resource hierarchy, org polices, service accounts, temporary access).
2. Host and Network Security - gke, compute, firewall rules, ddos, network segmentation, vpc service controls, ips/ids/ngfw, Identity Aware proxy, BeyondCorp, Istio, SIEM, Antivirus, Malware analysis
3. Secrets management - Hashicorp Vault or general secrets management strategy
4. Logging & alerting - siems, splunk, vpc flow, firewalls, admin, data access, atx logs
5. DevSecOps - boot verification, binary authorization, container security scanner, cve vulnerability management, file integrity management, ci/cd
6. Encryption Key Management Service - cloud kms, cloud hsm, envelope encryption, csek, cmek.
7. Incident response / forensics (on cloud service providers).
8. Security Tools - CSCC Forseti, Security Monkey, Dome9, CyberArk, Sumologic, redlock,
9. Compliance (PCI DSS, FedRamp, HIPPA, etc) and Security Frameworks (NIST, etc)
10. Best practices and design considerations with the topics above