Hi, I’m Douglas Luna, a Staff Security Engineer focused on Cloud security, DevSecOps, Kubernetes, and Platform Security.

I have worked on securing complex multi-account cloud environments, integrating DevSecOps practices into CI/CD pipelines, and hardening Kubernetes clusters at scale. My work has included architecting end-to-end security strategies designed to meet compliance requirements across Banking, Financial Services, Telecom, and Healthcare environments.

This blog is where I share practical notes on cloud security, platform security, automation, compliance, and the engineering decisions behind resilient systems.

You can find my technical certifications on Credly.

Specialized Skillset

• Cloud service providers: AWS, Google Cloud, and Microsoft Azure

• Security frameworks and standards: SOC 2, ISO 27001, NIST CSF, CIS Benchmarks, and MITRE ATT&CK

• Incident response: leading cyber incident response plans from detection through final reporting

• Security awareness: phishing simulations and security training

• Security platforms: Wiz, Palo Alto Prisma Cloud, AWS Security Hub, CNAPP, CSPM, CWPP, DSPM, and EDR

• Infrastructure as Code: Terraform, OpenTofu, and CloudFormation

• DevSecOps and shift-left security: GitHub Actions, GitLab CI/CD, Snyk, SAST, and SCA

• Kubernetes and container security: Trivy, kube-bench, EKS, GKE, AKS, and self-managed Kubernetes

• Runtime security: Falco and Kubescape

• Policy as Code: Kyverno, Open Policy Agent, and Checkov

• Security automation with Python, Go, and Bash