Security Stance
Security Is Not an Afterthought.
It's the Foundation.
Eight-plus years hands-on with AWS. Every application I build - regardless of compliance requirements - gets the same disciplined security treatment: encrypted, least-privilege, auditable, and passwordless by default.
AWS: My Security Platform of Choice
For serious compliance standards - SOC2, HIPAA - I work exclusively with AWS. After years of hands-on work across its security services, I know where the sharp edges are and how to avoid them. AWS has every tool needed to meet these standards, and I know how to wire them together correctly.
Encryption In Transit & At Rest
All data moving between services is encrypted in transit. Data at rest is encrypted wherever it's warranted - not just when regulations demand it. I use AWS KMS for key management with automatic rotation, so encryption keys are never long-lived and never managed manually.
Least Privilege by Default
Inside AWS IAM and across every service account, I follow the principle of least privilege without exception. Every user and service account holds a unique ID - no shared logins, ever. Administrative accounts get the strictest controls, with strict role-based access control applied as the default, not an afterthought.
Passwordless Authentication
My default for user authentication is passwordless - a one-time password or social login - because no password means no password to steal. For higher-security requirements, multi-factor authentication is mandatory. Fewer credentials in the system means a dramatically smaller attack surface.
SOC2 & HIPAA-Grade Auth
Even when compliance isn't formally required, I design admin areas to SOC2 and HIPAA authentication standards. Unique IDs for every user and service account, no shared credentials, enforced access boundaries - because building to the higher bar now costs far less than retrofitting it later.
Audit Log Trails
I add audit log trails for essential configuration changes and privilege escalations across all applications. For SOC2 or HIPAA requirements, I recommend Amazon S3 with Object Lock in Compliance Mode for long-term immutable log storage - not even the root account can alter or delete those records.
Immutable Compliance Storage
Long-term log retention for regulated workloads uses Amazon S3 Object Lock in Compliance Mode. Once written, logs cannot be modified or deleted for the defined retention period - providing the tamper-proof audit trail that SOC2 and HIPAA auditors require.
The Same Rigor, Every Project
I don't reserve security discipline for HIPAA-regulated healthcare apps. Every project gets encryption, least-privilege access, passwordless auth, and audit logging - because breaches don't check your compliance requirements before they happen.
What This Means for Your Project
No shared credentials, ever
Every person and every service has a unique identity. Access is scoped to exactly what's needed - nothing more. When someone leaves or a service is decommissioned, access is revoked cleanly.
Compliance-ready from day one
Building toward SOC2 or HIPAA certification later is painful when security wasn't designed in. I build to those standards from the start, so when the audit comes, the evidence is already there.
Keys that rotate automatically
AWS KMS handles encryption key lifecycle. No manual rotation tasks, no forgotten keys, no long-lived secrets sitting in config files. Rotation is automatic and transparent.
A trail for every privileged action
Configuration changes, permission escalations, and administrative actions are logged. For compliance workloads, those logs are immutable - locked in S3 Object Lock Compliance Mode so no one can alter the record after the fact.
Building something that needs to be secure?
Whether you're aiming for SOC2, HIPAA, or just want security done right from the start - let's talk about how to build it properly.
Let's connect on LinkedIn