cloud-audit · Professional Support

The scanner is free. Knowing what to fix first is the hard part.

cloud-audit is open source and stays that way. If you need a human on the findings - interpreting scanner output, auditing an account end to end, or fixing what the scan uncovered - that is what I do. I built the tool; I can read your results faster than anyone.

Featured in Help Net Security 1,300+ monthly installs of cloud-audit 110 checks · 25 AWS services AWS SA, Azure Admin, Palo Alto PCNSA

What I can help with

Scanner output review (free)

Send your Prowler, cloud-audit, or Security Hub output. You get a short written review: the top exploitable paths in your results and what to fix first. No call required, no commitment.

Best if you already have findings and don't know where to start.

AWS security audit

Full audit of your AWS account(s) with read-only access: IAM privilege escalation paths, attack chains, data exposure, network reachability. Prioritized report with exact CLI commands and Terraform fixes.

Best if you want an engineer to look at the whole account, not just scanner output.

Remediation support

You have the findings, you need them fixed. I write and review the Terraform, tighten IAM policies, and verify each fix doesn't break workloads before it ships.

Best if your team is short on hands or AWS security depth.

Palo Alto VM-Series on AWS review

Architecture and security review for VM-Series deployments: GWLB/TGW integration, HA design, routing, cost stack, and the IAM/data exposure firewalls don't cover.

Best if you run (or plan) Palo Alto firewalls in AWS.

How the free scanner review works

01

Export your scan results

cloud-audit JSON/HTML, Prowler output, or Security Hub findings export. Redact or sanitize account IDs if you prefer - resource names and finding types are enough.

02

Email them to kontakt@haitmg.pl

Attach the file or share a link. One sentence of context helps: what the account runs and what worries you.

03

Get a written review

Within 2 business days: which findings actually matter in your environment, which chains they form, and the order I would fix them in. If everything is fine, I say so.

Have findings? Start with the free review.

If your results look fine, I will tell you straight. No invented findings, no upsell.

Questions

Is the scanner output review really free?
Yes. It is a short written review, not a sales call. If the findings suggest deeper problems, I will say what a full audit would cover and you decide. No follow-up sequence, no pressure.
Is it safe to share scanner output?
Sanitize what you want - account IDs, bucket names, and IPs can be redacted or replaced. Finding types, severities, and resource types are enough for a useful review. Files are deleted after the review unless you ask otherwise.
What access does a full audit need?
Read-only IAM access via a cross-account role you create yourself from a policy I provide. I never modify your infrastructure, and you can delete the role right after the audit.
What does paid work cost?
Consulting starts at EUR 50/h. After the free review or a 20-minute triage call I send a written scope with a fixed-hours estimate, so you know the number before you commit.
Can you sign an NDA?
Yes. A mutual NDA before any data is shared is standard practice for audits.
Who is behind this?
Mariusz Gebala - DevOps/Cloud engineer, author of cloud-audit, with 100+ AWS accounts managed including multi-year engagements with a Fortune 500 networking vendor. AWS Solutions Architect, Azure Administrator, and Palo Alto PCNSA certified.