All projects

HealthTech Startup — AWS Security Audit

live

AWS Security Auditor — Freelance

Client work

Complete security audit of an AWS infrastructure hosting health data (GDPR Article 9). The infrastructure had major vulnerabilities: database in public subnet, no CloudTrail, plaintext secrets in CloudFormation, staging and production in the same AWS account, zero MFA. I delivered a detailed 36-finding report, a technical remediation plan with multi-account architecture, and a costed estimation (15-31K EUR) with two options. Security score mapped from 2/10 to a plan toward 8/10.

Key Results

1

36 vulnerabilities found, 9 critical

2

AWS Well-Architected security score: 2/10

3

ISO 27001 readiness: 18/100 — 30 major non-conformities

4

Database exposed to public internet

5

Stripe and API secrets in plaintext in CloudFormation

6

Multi-account AWS remediation plan delivered

7

Detailed technical estimation: 15-31K EUR depending on option

8

Non-technical CEO briefing delivered

Tech Stack

AWSCloudTrailGuardDutyVPCIAMCloudFormationTerraformWAF
AWS AuditSecurityGDPRHealthTech

Have a similar project in mind?

Let's discuss your needs.

Get in touch