What I use

AWS

Primary cloud platform. IAM, GuardDuty, Security Hub, CloudTrail, Organizations, SCPs, Lambda, EventBridge.

AWS GovCloud

FedRAMP-aligned workloads and compliance environments.

Terraform

Infrastructure as code for everything that should be repeatable.

Kubernetes / EKS

Container orchestration and security in AWS environments.

GuardDuty

Threat detection across AWS accounts.

Security Hub

Centralized security findings and compliance checks.

EDR

Endpoint detection and response for containment and investigation.

Okta

Identity provider, SSO, SAML, SCIM provisioning.

Vanta

Compliance automation for SOC 2 and FedRAMP evidence collection.

EventBridge + SNS + Lambda

Event-driven detection and alerting pipelines.

CloudTrail

API audit logging. The foundation of cloud forensics.

PagerDuty

On-call alerting and incident management.

Slack

Security alert routing and incident coordination.

Python

Security automation, scripting, detection logic, Lambda functions.

Go

Security tooling and CLI tools.

Bash

Glue for everything. Automation, CI scripts, quick investigations.

JavaScript / Node.js

APIs, integrations, and this site.

Ruby on Rails

Previous engineering work. Still useful for reading legacy code.

VS Code

Primary editor.

iTerm2

Terminal.

GitHub

Source control, CI/CD, code review.

Claude Code

AI-assisted development and security research.

Confluence

Runbooks, postmortems, security documentation.

Jira

Project tracking and vulnerability management workflows.

Notion

Personal knowledge base and notes.