Cloud Security Engineer based in Ho Chi Minh City, working at the intersection of cloud infrastructure, security, and community enablement. I design and automate security on AWS — IAM, least privilege, Zero Trust — and turn that field experience into open workshops, reference architectures, and long-form write-ups that have reached 45,000+ learners across Vietnam and APAC.
- Building — Zero Trust reference architectures on Cloudflare One and AWS
- Writing — the Zero Trust on Cloudflare One series: Access, Gateway, CASB, DLP, RBI, DEX, and SIEM integration
- Leading — AWS First Cloud Journey, AWS User Group Vietnam, and MongoDB User Group Vietnam
- Exploring — AI-driven IAM policy generation, cross-cloud workload identity, and LLM-assisted security operations
For a cleaner navigation experience, start with the repositories below. The larger workshop collection is indexed separately in AWS First Cloud Journey.
| Project | Description |
|---|---|
| aws-iam-access-key-auto-rotation | Automated IAM access key rotation with Lambda, SNS notifications, and compliance tracking |
| aws-iam-accessadvisor-permissionboundary | Least-privilege enforcement driven by AWS Step Functions and Access Advisor |
| aws-iam-access-analyzer-solution | Automated external-access detection and remediation |
| aws-security-patterns | Production-ready AWS security architectures in Terraform |
| awesome-aws-security | Curated collection of AWS security resources |
| Project | Description |
|---|---|
| n8n-on-aws-eks | Reference deployment for n8n workflow automation on Amazon EKS |
| workload-identity-federation-guide | Keyless cross-cloud authentication: AWS to Google Cloud Workload Identity Federation |
| cloudsecop-platform-mvp | Cloud security operations learning platform on AWS Amplify |
| aws-certification-prep-app | Interactive practice tests and progress tracking for AWS certification exams |
| Project | Description |
|---|---|
| aws-first-cloud-journey | Complete beginner-to-professional AWS learning path with hands-on labs |
| aws-free-tier-optimization-guide | Practical cost-optimization playbook for the AWS Free Tier |
| aws-community-event-handbook | Best practices for organizing large-scale community tech events (1,500+ attendees) |
| Area | Start Here |
|---|---|
| Cloud security engineering | aws-iam-access-key-auto-rotation, aws-security-patterns, awesome-aws-security |
| Kubernetes and automation | n8n-on-aws-eks, workload-identity-federation-guide |
| Learning platforms | cloudsecop-platform-mvp, aws-certification-prep-app |
| AWS workshops | AWS First Cloud Journey workshop index |
| Cost optimization | aws-free-tier-optimization-guide, sample-costminimizer |
Recent deep-dives from the Zero Trust on Cloudflare One series at cloudsecop.net:
| Topic | Summary |
|---|---|
| DLP | From 55% false positives to a 3% steady state: regex, Luhn, context, and EDM |
| Email Security | Blocking phishing and BEC; the DMARC forwarder problem most docs do not explain |
| CASB | Posture management for Google Workspace, Microsoft 365, and Salesforce |
| Device Posture | Continuous verification — from login-time checks to every-request enforcement |
| Logs Pipeline | End-to-end: Logpush, R2, SIEM, and cross-layer correlation |
- AWS Community Builder — Security category
- Leader, AWS User Group Vietnam — founder of AWS First Cloud Journey
- Leader, MongoDB User Group Vietnam
- Organizer & speaker, AWS Community Day Vietnam
| Channel | Link |
|---|---|
| Blog | cloudsecop.net — Things Worth Sharing |
| AWS Learning Hub | cloudjourney.awsstudygroup.com |
| linkedin.com/in/vanhoangkha | |
| X (Twitter) | @WorkKhavan |
| khavan.work@gmail.com |
Open to collaboration on cloud security engineering, Zero Trust rollouts, technical education, and speaking engagements.