A hands-on portfolio demonstrating cloud security engineering capabilities across AWS and Azure, with emphasis on Identity & Access Management, security monitoring, Infrastructure as Code, and purple team methodologies.
This repository documents my transition from SOC operations to Cloud Security Engineering, showcasing practical implementations of security controls, threat detection, and compliance frameworks in cloud environments.
Author: Greg Lewis
Current Role: SOC Analyst
Target Role: Cloud Security Engineer
Education: M.S. Cybersecurity Technology - UMGC
Certifications: Security+ CE
Website: gregqlewis.com
- Demonstrate multi-cloud security expertise (AWS, Azure)
- Build security controls using Infrastructure as Code (Terraform)
- Apply purple team methodology to cloud attack/defense scenarios
- Document security implementations aligned with compliance frameworks (ISO27001, NIST)
- Create reusable security patterns for enterprise environments
| Lab | Focus Area | Status | Key Technologies |
|---|---|---|---|
| 00 - Account Baseline | Initial security configuration | ✅ Complete | CloudTrail, IAM, Billing |
| 01 - IAM Security | Identity and access management | ✅ Complete | IAM, Access Analyzer, Terraform |
| 02 - Security Monitoring | SIEM and detection | 📋 Planned | GuardDuty, EventBridge, CloudWatch |
| 03 - Network Security | VPC security architecture | 📋 Planned | VPC, Security Groups, Flow Logs |
| 04 - Purple Team Scenarios | Cloud attack/defense | 📋 Planned | MITRE ATT&CK, Detection Rules |
| Lab | Focus Area | Status | Key Technologies |
|---|---|---|---|
| 00 - Account Baseline | Initial security configuration | ✅ Complete | Activity Logs, Service Principal, Budgets |
| 01 - IAM Security | Azure AD and RBAC | ✅ Complete | Azure AD, RBAC, Terraform |
| 02 - Sentinel SIEM | Security monitoring | 📋 Planned | Microsoft Sentinel, KQL, Workbooks |
| 03 - Network Security | VNet security architecture | 📋 Planned | VNet, NSGs, Azure Firewall |
| 04 - Purple Team Scenarios | Cloud attack/defense | 📋 Planned | MITRE ATT&CK, Detection Rules |
| Document | Status | Description |
|---|---|---|
| AWS vs Azure IAM Comparison | ✅ Complete | Architecture, terminology, and implementation patterns |
January 18, 2026:
- ✅ Established secure account baselines in both AWS and Azure
- ✅ Deployed custom least-privilege IAM policies using Terraform
- ✅ Created Security Auditor role with MFA enforcement (AWS)
- ✅ Built custom RBAC Security Auditor role (Azure)
- ✅ Enabled IAM Access Analyzer for privilege detection
- ✅ Tested role assumption and verified permission controls
- ✅ Documented comprehensive AWS vs Azure IAM comparison
- ✅ Implemented Infrastructure as Code for all resources
Key Achievements:
- First production Terraform deployments in both cloud platforms
- Working IAM implementations with least privilege design
- Professional documentation with compliance mappings (ISO27001, NIST)
- Portfolio demonstrates multi-cloud security engineering capability
Next Steps:
- Enable GuardDuty and Microsoft Sentinel for security monitoring
- Build privilege escalation detection scenarios
- Create additional custom roles (EC2 Operator, Lambda Developer)
- Publish first blog post on gregqlewis.com
Cloud Platforms:
- AWS (Primary focus for federal market alignment)
- Microsoft Azure
Infrastructure as Code:
- Terraform
- Version control via Git/GitHub
Security Tools:
- AWS: CloudTrail, GuardDuty, IAM Access Analyzer, Config
- Azure: Sentinel, Defender for Cloud, Azure AD
- Detection: Custom rules, MITRE ATT&CK mappings
Purple Team Integration:
- Attack simulations from home lab environment
- Kali Linux on Raspberry Pi 4
- Detection rule development and testing
- Integration with existing Wazuh SIEM
Each lab includes:
- README.md - Objectives, architecture, and findings
- Terraform configurations - Infrastructure as Code implementations
- Documentation - Setup guides, attack scenarios, detection strategies
- Architecture diagrams - Visual representation of implementations
- Lessons learned - Key takeaways and real-world applications
- Cost analysis - Budget optimization strategies
- Compliance mappings - NIST, ISO27001 framework alignment
All labs designed for minimal cost using:
- AWS Free Tier (12 months)
- Azure for Students ($100 credit)
- Automated resource shutdown
- Budget alerts and monitoring
- Cost optimization documentation
Target monthly spend: $0-10
This portfolio bridges my experience as a SOC Analyst with hands-on cloud security engineering skills:
Current Expertise:
- 4+ years cybersecurity experience supporting federal contracts
- Threat hunting and incident response in AWS environments
- Enterprise security tools: Splunk, CrowdStrike, Tenable, Zscaler
- ISO27001:2022 compliance leadership
Building Towards:
- Cloud Security Engineer roles in DMV federal market
- Multi-cloud IAM and security architecture
- Infrastructure as Code with security controls
- Purple team cloud methodologies
cloud-security-labs/
├── README.md # Portfolio overview (this file)
├── docs/ # Cross-cutting documentation
│ └── aws-vs-azure-iam-comparison.md # ✅ Multi-cloud IAM analysis
├── aws/ # AWS security labs
│ ├── README.md # ✅ AWS-specific overview
│ ├── 00-account-baseline/ # ✅ Initial security setup
│ │ └── README.md
│ ├── 01-iam-security/ # ✅ IAM deep dive
│ │ ├── README.md
│ │ ├── terraform/ # ✅ Working Terraform code
│ │ ├── policies/
│ │ ├── docs/
│ │ └── screenshots/ # ✅ Documentation screenshots
│ ├── 02-security-monitoring/ # 📋 Planned
│ ├── 03-network-security/ # 📋 Planned
│ └── 04-purple-team/ # 📋 Planned
└── azure/ # Azure security labs
├── README.md # ✅ Azure-specific overview
├── 00-account-baseline/ # ✅ Initial security setup
│ └── README.md
├── 01-iam-security/ # ✅ Azure AD & RBAC
│ ├── README.md
│ ├── terraform/ # ✅ Working Terraform code
│ ├── roles/
│ ├── docs/
│ └── screenshots/ # ✅ Documentation screenshots
├── 02-sentinel-monitoring/ # 📋 Planned
├── 03-network-security/ # 📋 Planned
└── 04-purple-team/ # 📋 Planned
Each lab directory contains detailed setup instructions. General prerequisites:
# AWS CLI
aws --version
aws configure --profile cloudsec-lab
# Azure CLI
az --version
az login
# Terraform
terraform --version
# Clone repository
git clone https://github.com/YOUR-USERNAME/cloud-security-labs.git
cd cloud-security-labsThese cloud labs complement my existing purple team home lab infrastructure:
- Attack Platform: Kali Linux on Raspberry Pi 4
- Vulnerable Targets: Metasploitable 2
- Detection Stack: Wazuh SIEM, Graylog, OpenSearch
- Infrastructure: Unraid server with Docker containers
Cloud labs extend purple team methodology to AWS/Azure environments, documenting detection strategies applicable to enterprise SOC operations.
Detailed writeups and lessons learned published at gregqlewis.com, integrating technical expertise with Christian values and professional development journey.
Greg Lewis
- Website: gregqlewis.com
- LinkedIn: @gregqlewis
- GitHub: @gregqlewis
- Location: DMV area
Building in public - documenting my transition from SOC operations to Cloud Security Engineering
Last Updated: January 2026