Hey there wanderer! I’m Hassan, a Security Engineer with super-paranoid instincts; software engineer by education, a Cloud-Security enthusiast, a lover of turn-based & real-time strategy games, a chai addict, and a history buff. In my professional career, I’ve worn several hats over the years including security analyst, security engineer, incident responder, devsecops engineer and have worked with several regulatory and security compliance frameworks. But ever since I worked on my first incident in a client’s AWS infrastructure, I’ve been fascinated by Cloud tech in general and AWS in specific.

I love:

  • automating everything possible
  • all things logging
  • hacking my way around AWS services
  • network traffic analysis
  • and… putting order to chaos

The Odyssey

After I had completed my Bachelors in Software Engineering, my security journey started in Pakistan 🇵🇰 (my home country), as a Security Analyst and later as a Sr. Security Engineer in one of the top MSSPs(Managed Security Services Provider) in the region called Ebryx, situated in the city of Lahore, a tech-hub in the country.

I quickly rose the career ladder there and wore various hats in a short span of almost three and a half years. My security journey has had three major phases.

Chaotic Start

The start of my career in Ebryx was as a Level 1 SOC Analyst, however, I used to work on various fronts. Soon I wore the hat of L2 SOC Analyst while still working on security assessments & hardening projects alongside. I was also a part of numerous security incidents’ investigation & response.

Here are some of the things I worked on during this time:

  • Setting up logging/traffic collection for security monitoring
  • Continuously Monitoring and intrusion analysis in 24/7 SOC
  • Identifying new detection use cases and ingesting new log sources
  • Parsing & making sense of numerous log types
  • Developing detection rules for various security log types & correlation rules on top of them for various SIEM solutions
  • Developing response playbooks for numerous attacks
  • Continuous capacity building

Progressive Era

By this time, I was working as a senior member of the team at Ebryx where I mentored & helped build a dozen-strong team of defenders. And my focus shifted more into the cloud security arena. All along this chaotic yet exciting time, I was a part of various security incident response activities and also led some of those. This was also the beginning of my love for cloud technologies generally. I was also a freelancer during this time, practically working 16 hrs a day, which also broadened my horizons.

I worked on various fronts in this phase and hence acquired experience in a no. of domains. Following are the highlights:

  • Helping establishing a SOC team and mentoring fellow blue-teamers
  • Security by Design initiative for a cloud-based client
  • Automating basic response activities in the cloud
  • Developing configuration monitoring in the cloud
  • Setting up security monitoring in AWS using ELK stack and writing detection use-cases tailored for attacks against cloud infrastructure & IAM
  • Setting up honeynets and honeytokens to improve detection
  • Developing attack detection playbooks and rules for an in-house Cloud Infrastructure Security Platform.
  • Preparing for and defending the business in ISO27001 audits

I took the next career step to start working at AboutYou Cloud Team in Hamburg, Germany as a DevSecOps Engineer at the beginning of 2019. Where my focus was:

  • Writing AWS CloudFormation & terraform templates for security-hardened infrastructure.
  • Writing Ansible playbooks for configuration management
  • Source code review of infrastructure code (IaC)
  • Setting up & maintaining Infrastructure Deployment Pipelines using Jenkins, CodePipeline etc.
  • Setting up health & security monitoring as code mostly in terraform.

I was working at Hellofresh as a Senior Security Engineer, mostly as a Cloud Security SME as well as a part of the Incident Response team. Some of the things I used to do at work:

  • Improving IAM in the cloud
  • Writing python code to automate stuff
  • Incident response rants
  • Writing infrastructure code
  • Continuous assessment and hardening of cloud infrastructure
  • Vulnerabiltiy management
  • Solving security challenges in cloud-native environments
  • Preparing for and defending the business in PCI-DSS audits

Challenging Now

I’ve been building the Security Org at Moonfare brick-by-brick; managing the Security Engineering, Detection & Response Ops, Offensive Ops, as well as GRC functions.

Are you still reading? ‘Tis not an essay!