Cloud Security Assessments ~ AWS, Azure, GCP
2nd Sight Lab provides cloud security assessments from AWS, Azure, and Google Cloud Platform.
We use automated tools, manual verification, and expert analysis to determine gaps that
exist in your cloud security configuration. We can also assess web applications running in the cloud
that may have vulnerabilities that could lead to infiltration and pivoting within your
cloud environment. If desired, we can evaluate your development and deployment processes, CICD pipeline, and overall architecture of your cloud and hybrid cloud infrastructure.
Qualifications and Certifications
Teri Radichel, your principal consultant, has numerous certifications including
GCIH, GPEN, GXPN, and a
GSE, one of the most challenging cybersecurity certifications in the industry. She also holds a certification
in reverse engineering and has authored a class on cloud security:
Cloud Security Architecture and Engineering. She also has a master of software engineering,
master of information security engineering, and over 25 years of programming and
security experience. Teri is an AWS Hero
and runs the
Seattle AWS Architects & Engineers Meetup which has close to 3,000 members.
S he is a member of
Infragard and formerly worked for companies like F5, Nordstrom, and
Capital One, either as an employee or as a consultant. She was on the initial team
that helped Capital One move production workloads to the cloud. She is also an
IANS Faculty
Member and SANS Institute awarded her the SANS Difference Makers Award for her
innovative work in cloud security. Other highly qualified consultants may assist with assessments as needed.
Scope
We perform the following activities during an assessment of your AWS, Azure, or GCP account:
- Run automated scanning tools to assess the account
- Manually validate assessment findings in AWS, Azure, or GCP
- Assessments may include some reverse engineering and limited code review
- Cloud architecture reviews are also available upon request
- Staff interviews and documentation review, if available
Engagement
- We perform testing at a mutually agreeable time with the client
- The testing period is a defined period with a start and end date
- We perform tests from an AWS region; customers must provide network access
- Rate limiting needs to be turned off to perform application vulnerability scans and testing.
- Contacts must be available who can help restore access as needed.
- We report in as desired by the client.
- We require C-Level executive approval for automated scanning.
- Customers need to provide appropriate credentials and respond in a timely manner.
Cloud Security Assessment Report
Our reports include high-level and detailed prioritized findings, steps to reproduce,
recommended remediation, and additional resources related to each finding.
Request a Cloud Security Assessment
To request a cloud security assessment, connect with Teri on
LinkedIn or
Twitter, or call 206.909.8374 to schedule a meeting to discuss further.