Mariusz Gebala

Today I focus on AWS security reviews and Terraform automation through HAIT. I audit AWS accounts for security misconfigurations - IAM policies, VPC exposure, encryption gaps, and cost waste. Most accounts I review have 15-20 findings that the team didn't know about.

Before consulting, I spent years deploying Palo Alto VM-Series firewalls in AWS production environments - Transit Gateway architectures, GWLB integrations, and Panorama management at scale. That networking background shapes how I approach cloud security: I think in traffic flows and attack paths, not just compliance checkboxes.

I built cloud-audit, an open-source AWS security scanner that detects attack chains across services - something most tools miss. It was featured in Help Net Security and has 12 published Terraform modules on the registry.

I work with teams that use AWS but don't have a dedicated security engineer. The typical engagement is a focused review - I scan, analyze, and deliver a prioritized report with Terraform and CLI fixes, so the team can remediate without hiring a full-time specialist.