Cloud Security Engineer based in Ho Chi Minh City, working at the intersection of cloud infrastructure, security, and community enablement. I design and automate security on AWS — IAM, least privilege, Zero Trust — and turn that field experience into open workshops, reference architectures, and long-form write-ups that have reached 45,000+ learners across Vietnam and APAC.
- Building — Zero Trust reference architectures on Cloudflare One and AWS
- Writing — the Zero Trust on Cloudflare One series: Access, Gateway, CASB, DLP, RBI, DEX, and SIEM integration
- Leading — AWS First Cloud Journey, AWS User Group Vietnam, and MongoDB User Group Vietnam
- Exploring — AI-driven IAM policy generation, cross-cloud workload identity, and LLM-assisted security operations
For a cleaner navigation experience, start with the repositories below. The larger workshop collection is indexed separately in AWS First Cloud Journey.
| Project | Description |
|---|---|
| n8n-on-aws-eks | Reference deployment for n8n workflow automation on Amazon EKS |
| workload-identity-federation-guide | Keyless cross-cloud authentication: AWS to Google Cloud Workload Identity Federation |
| cloudsecop-platform-mvp | Cloud security operations learning platform on AWS Amplify |
| aws-certification-prep-app | Interactive practice tests and progress tracking for AWS certification exams |
| Project | Description |
|---|---|
| aws-first-cloud-journey | Complete beginner-to-professional AWS learning path with hands-on labs |
| aws-free-tier-optimization-guide | Practical cost-optimization playbook for the AWS Free Tier |
| aws-community-event-handbook | Best practices for organizing large-scale community tech events (1,500+ attendees) |
| Area | Start Here |
|---|---|
| Cloud security engineering | aws-iam-access-key-auto-rotation, aws-security-patterns, awesome-aws-security |
| Kubernetes and automation | n8n-on-aws-eks, workload-identity-federation-guide |
| Learning platforms | cloudsecop-platform-mvp, aws-certification-prep-app |
| AWS workshops | AWS First Cloud Journey workshop index |
| Cost optimization | aws-free-tier-optimization-guide, sample-costminimizer |
Recent deep-dives from the Zero Trust on Cloudflare One series at cloudsecop.net:
| Topic | Summary |
|---|---|
| DLP | From 55% false positives to a 3% steady state: regex, Luhn, context, and EDM |
| Email Security | Blocking phishing and BEC; the DMARC forwarder problem most docs do not explain |
| CASB | Posture management for Google Workspace, Microsoft 365, and Salesforce |
| Device Posture | Continuous verification — from login-time checks to every-request enforcement |
| Logs Pipeline | End-to-end: Logpush, R2, SIEM, and cross-layer correlation |
- AWS Community Builder — Security category
- Leader, AWS User Group Vietnam — founder of AWS First Cloud Journey
- Leader, MongoDB User Group Vietnam
- Organizer & speaker, AWS Community Day Vietnam
Open to collaboration on cloud security engineering, Zero Trust rollouts, technical education, and speaking engagements.