2nd Sight Lab provides cloud security assessments from AWS, Azure, and Google Cloud Platform. We use automated tools, manual verification, and expert analysis to determine gaps that exist in your cloud security configuration. We can also assess web applications running in the cloud that may have vulnerabilities that could lead to infiltration and pivoting within your cloud environment. If desired, we can evaluate your development and deployment processes, CICD pipeline, and overall architecture of your cloud and hybrid cloud infrastructure.

Qualifications and Certifications

Teri Radichel, your principal consultant, has numerous certifications including GCIH, GPEN, GXPN, and a GSE, one of the most challenging cybersecurity certifications in the industry. She also holds a certification in reverse engineering and has authored a class on cloud security: Cloud Security Architecture and Engineering. She also has a master of software engineering, master of information security engineering, and over 25 years of programming and security experience. Teri is an AWS Hero and runs the Seattle AWS Architects & Engineers Meetup which has close to 3,000 members. S he is a member of Infragard and formerly worked for companies like F5, Nordstrom, and Capital One, either as an employee or as a consultant. She was on the initial team that helped Capital One move production workloads to the cloud. She is also an IANS Faculty Member and SANS Institute awarded her the SANS Difference Makers Award for her innovative work in cloud security. Other highly qualified consultants may assist with assessments as needed.

Scope

We perform the following activities during an assessment of your AWS, Azure, or GCP account:

• Run automated scanning tools to assess the account
• Manually validate assessment findings in AWS, Azure, or GCP
• Assessments may include some reverse engineering and limited code review
• Cloud architecture reviews are also available upon request
• Staff interviews and documentation review, if available

Engagement

• We perform testing at a mutually agreeable time with the client
• The testing period is a defined period with a start and end date
• We perform tests from an AWS region; customers must provide network access
• Rate limiting needs to be turned off to perform application vulnerability scans and testing.
• Contacts must be available who can help restore access as needed.
• We report in as desired by the client.
• We require C-Level executive approval for automated scanning.
• Customers need to provide appropriate credentials and respond in a timely manner.

Cloud Security Assessment Report

Our reports include high-level and detailed prioritized findings, steps to reproduce, recommended remediation, and additional resources related to each finding.


To request a cloud security assessment, connect with Teri on LinkedIn or Twitter, or call 206.909.8374 to schedule a meeting to discuss further.