Senior Cloud Security Engineer specializing in Zero Trust Architecture, Cloud-Native Application Protection (CNAPP), and identity-first security for enterprise multi-cloud environments. Expert in designing and implementing comprehensive cloud security solutions across AWS (Amazon Web Services), Microsoft Azure, Google Cloud Platform (GCP), Huawei Cloud, and Yandex Cloud.

10+ years of experience in cloud security architecture, cybersecurity, IAM (Identity and Access Management), SIEM (Security Information and Event Management), and incident response for enterprise organizations.

My approach integrates defense-in-depth security across all layers—identity security, network security, workload protection, and threat detection—ensuring robust prevention, detection, response, and governance aligned with enterprise risk management and compliance frameworks (ISO 27001, SOC 2, NIST, CIS).

• CNAPP (Cloud-Native Application Protection Platform) - Wiz, Prisma Cloud, Aqua Security
• IAM (Identity and Access Management) - AWS IAM, Azure AD, Google Cloud IAM, Okta
• ZTNA (Zero Trust Network Access) - Zscaler, Cloudflare Access, Palo Alto Prisma Access
• PAM (Privileged Access Management) - CyberArk, BeyondTrust, HashiCorp Vault
• CIEM (Cloud Infrastructure Entitlement Management) - Ermetic, Sonrai, CloudKnox

• SIEM implementation and optimization - Splunk, Elastic Security, Microsoft Sentinel, Chronicle
• Log correlation and analysis - CloudWatch, Azure Monitor, Google Cloud Logging
• Threat hunting and intelligence - MITRE ATT&CK, threat modeling, IOC analysis
• Incident response and forensics - IR playbooks, digital forensics, root cause analysis
• Security automation and orchestration - SOAR, Lambda, Azure Functions, Cloud Functions

• Cross-cloud security posture management - CSPM, cloud security benchmarks
• Network security and microsegmentation - VPC, NSG, firewall rules, service mesh
• Data protection and encryption - KMS, encryption at rest/in transit, DLP
• Workload security and runtime protection - container security, Kubernetes security, serverless security
• Compliance and governance frameworks - ISO 27001, SOC 2, NIST CSF, CIS Benchmarks, GDPR, PCI DSS

Co-Founder, Viet AWS | AWS Community Leader | Cloud Security Advocate

Dedicated to advancing cloud computing and cybersecurity expertise in Vietnam through:

• Technical training and workshops - AWS, Azure, GCP security best practices
• Mentorship programs for emerging cloud security professionals and engineers
• Community-driven knowledge sharing - meetups, webinars, technical talks
• Advocacy for security best practices - DevSecOps, shift-left security, cloud security posture

Speaking & Training Topics:

• Zero Trust Architecture Implementation
• Cloud Security Posture Management (CSPM)
• Multi-Cloud IAM Strategy
• SIEM and Threat Detection in Cloud
• Container and Kubernetes Security
• Cloud Compliance and Governance

┌─────────────────────────────────────────────────────────┐
│  Prevention  →  Detection  →  Response  →  Governance   │
│                                                          │
│  Identity Layer    ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━  │
│  Network Layer     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━  │
│  Workload Layer    ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━  │
│  Detection Layer   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━  │
└─────────────────────────────────────────────────────────┘

I'm always interested in discussing:

• Cloud security architecture and design patterns
• Zero Trust implementation strategies
• Multi-cloud security challenges and solutions
• DevSecOps and security automation
• Community initiatives and knowledge sharing
• Speaking opportunities at conferences and meetups
• Technical consulting and advisory

Open to:

• Technical collaboration on cloud security projects
• Speaking engagements (conferences, webinars, podcasts)
• Mentorship and career guidance
• Open source security tool contributions