Skip to main content
Elkana Lang’at

About

·567 words·3 mins
Elkana Lang'at
Author
Elkana Lang’at
Specializing in cloud infrastructure security, compliance frameworks, and secure DevOps practices. Passionate about building resilient systems and automating security at scale.
Table of Contents

About Me
#

I’m a Cloud Security & IT Professional with extensive experience in designing and implementing secure cloud infrastructures, managing identity and access controls, and automating compliance frameworks.

My work focuses on building practical security solutions that enable organizations to move fast without compromising their security posture. I believe the best security is invisible to end users while being impenetrable to attackers.

Core Expertise
#

Cloud Security Architecture
#

  • Designing Zero Trust network architectures for cloud environments
  • Implementing defense-in-depth strategies across AWS and Azure
  • Building secure multi-account/multi-subscription landing zones
  • Security architecture reviews and threat modeling

Identity & Access Management (IAM)
#

  • Automated IAM policy lifecycle management at scale
  • Least-privilege access control implementation
  • Just-in-time (JIT) privileged access systems
  • Migration from service accounts to managed identities
  • Federation and Single Sign-On (SSO) implementation

DevSecOps & Automation
#

  • Security-as-code and policy-as-code frameworks
  • CI/CD pipeline security (SAST, DAST, container scanning)
  • Infrastructure-as-Code security scanning (Terraform, Bicep)
  • Automated compliance evidence collection
  • Security orchestration and remediation

Compliance & Governance
#

  • SOC 2 Type II and ISO 27001 continuous compliance
  • PCI-DSS, HIPAA, GDPR control implementation
  • Security audit preparation and evidence automation
  • Risk assessment and security control frameworks

Focus Areas
#

Current work centers on:

  • Automated security controls that scale with cloud adoption
  • Reducing mean-time-to-remediate (MTTR) for security findings
  • Building developer-friendly security tools and workflows
  • Eliminating toil through security automation

Research interests:

  • Cloud-native threat detection and response
  • Machine learning applications in security operations
  • Supply chain security for containerized applications
  • Attribute-based access control (ABAC) patterns

Tools & Technologies
#

Cloud Platforms
#

  • AWS: IAM, Organizations, Config, CloudTrail, Security Hub, Lambda, Sentinel, GuardDuty
  • Azure: Azure AD, Defender for Cloud, Sentinel, Policy, Private Link, Firewall, Key Vault
  • Multi-Cloud: Terraform, Terragrunt for unified IaC

Security Tools
#

  • SAST/DAST: SonarQube, Semgrep, OWASP ZAP, Burp Suite
  • Container Security: Trivy, Falco, Aqua, Sysdig
  • IaC Security: Checkov, tfsec, Terraform Sentinel, cfn-nag
  • Secrets Management: HashiCorp Vault, AWS Secrets Manager, Azure Key Vault
  • SIEM/SOAR: Azure Sentinel, Splunk, Elasticsearch

Development & Automation
#

  • Languages: Python (boto3, Azure SDK), Bash, PowerShell, Go (learning)
  • IaC: Terraform, Bicep, CloudFormation
  • CI/CD: GitLab CI, GitHub Actions, Azure DevOps, Jenkins
  • Containers: Docker, Kubernetes, EKS, AKS

Professional Background
#

Over the past few years, I’ve helped organizations:

  • Implement Zero Trust architectures reducing lateral movement risk
  • Automate IAM policy management across 50+ AWS accounts
  • Achieve SOC 2 Type II certification with zero manual audit evidence collection
  • Design compliance-driven DevSecOps pipelines accelerating deployments by 60%
  • Migrate from standing admin access to 100% just-in-time privileged access

I’m passionate about sharing knowledge through technical writing, mentoring junior security engineers, and contributing to open-source security tools.

What I’m Looking For
#

Roles I’m Targeting
#

  • Cloud Security Engineer (AWS/Azure focus)
  • DevSecOps Engineer (automation and CI/CD security)
  • Security Architect (cloud infrastructure and IAM)
  • Compliance Automation Engineer (SOC 2, ISO 27001 focus)

Ideal Environment
#

I thrive in organizations that:

  • Embrace DevSecOps culture and security-as-code
  • Value automation over manual processes
  • Support continuous learning and experimentation
  • Operate in regulated industries (fintech, healthcare, SaaS)
  • Use modern cloud-native architectures

What I Bring
#

  • Hands-on implementation experience (not just theoretical knowledge)
  • Track record of measurable security improvements
  • Ability to communicate security to non-security stakeholders
  • Balance between pragmatic risk management and perfect security
  • Passion for building tools that make security easier

Let’s Connect
#

I’m always interested in discussing cloud security architecture, IAM automation, or DevSecOps best practices. Feel free to reach out!