Cartoon profile of William Brady

William Brady

Principal Cloud Security Architect

I design secure, scalable systems in the cloud. From architecture to automation, I've built cloud security programs, CI/CD pipelines, IAM models, and compliance guardrails that work in the real world. I am currently learning react and next.js to build a personal website and portfolio. Please escuse this work in progress.

View My Resume

Recent Projects

Continuous Monitoring through Security Hub Automation Framework

Designed a triage and remediation pipeline integrating AWS Security Hub, EventBridge, Lambda, Jira, and Slack — enabling real-time incident workflows. This Python-based framework was built to be reusable across multiple clients to quickly get all findings ticketed and assigned to team leads for resolution. This solution was also complimented by a lightweight reporting process that tracks new findings, remediation progress, and SLA adherence. Report artifacts are delivered via e-mail and slack channel updates.

Cloud Security Assessments

After completing multiple client assessments, I compiled my notes into psudo-code to create a repeatable process for future assessments that recovers time and effort. Extending reconnassaince into a full python project reduced initial assessment time from a day to about 15 minutes for AWS Organizations up to 25 accounts. Reporting is provided in a checklist style to allow quick review.

Infrastructure-as-Code (IaC) Framework

Built scalable IaC libraries and hand-off frameworks to support secure, automated deployments including alarms, dashboards, and event pipelines.

CI/CD Pipeline Modernization

Migrated legacy Jenkins pipelines to GitHub Actions, incorporating automated testing, code linting, and security scans using Veracode, Snyk, and Prisma Cloud.

Cognito Scanning and Reporting

Authored a Python script to scan an AWS account or Organization for all Cognito user pools. If available, it checks the billing information for account/region of cognito use and scans those regions, or if no billing information is available, it scans all accounts/regions. The script then generates a report of all Cognito user pools and their security-related configuration, including MFA settings, password policies, and user attributes. The intent of the report was to enumerate all users that do not comply with a coporate policy to allow assessment and remediation.

S3 Ransomware Protection

Authored another little Python piece to see if any S3 buckets were configured to use KMS keys outside their respective accounts. The scanner accepts a standalone account or can enummerate an AWS Oranization and scan all member accounts. While this script was originally intended to quickly identify any S3 buckets misusing KMS, it was evolved to include many of the S3 best practices included in Security Hub compliance packs to perform an S3 Health Check on clients that do not have Security Hub deployed.

crofton.cloud website IaC

Developed crofton.cloud using IaC and GitHub Actions. The website is hosted on AWS S3 and CloudFront, with a CI/CD pipeline that automatically deploys changes to the site. The IaC framework is built using CloudFormation and assisted by Python.