Cloud Security
As the cloud security engineer at SWBTL LLC, I have been tasked with addressing the security concerns and lack of documentation left behind by a disgruntled employee.
Last updated: June 16, 2025
Quick Links
Project Overview
SWBTL LLC contracts with the government and processes card payments daily. So it must comply with certain regulations such as the Federal Information Security Modernization Act (FISMA) and the Payment Card Industry Data Security Standard (PCI DSS). With the upcoming NIST SP 800-53 assessment, it's critical to secure the organization's security posture. Upon assessing and verifying the current vulnerabilities, I will recommend and implement configuration changes that align with business requirements and comply with regulatory guidelines to ensure adherence. This paper will give the company an overview of its current cloud environment and recommendations and mitigations to improve the security posture of the organization.
Key Findings
- •Role-Based Access Control (RBAC) Misalignment
- •Azure Key Vault Security Gaps
- •Backup and Recovery Configuration Issues
- •Compliance and Regulatory Requirements
- •Shared Responsibility Model Risks
Tools & Technologies
Techniques & Methodologies
Want to dive deeper?
Check out the full technical documentation and detailed analysis.