CISO at Athena Security Group, with 5+ years building hardened AWS / Azure / GCP infrastructure, leading SOC 2 programs, and shipping DevSecOps automation across Terraform, Kubernetes, and Python.
I’m a Chief Information Security Officer and AWS Certified DevSecOps Engineer with a degree in Software Engineering from Lancaster University, UK. I currently lead the security program at Athena Security Group, owning SOC 2 governance, risk management, audit evidence, and security oversight across AWS, GitHub, M365, and Defender/Intune.
Before stepping into the CISO seat, I spent 5+ years in the trenches as a DevSecOps Engineer — designing scalable cloud architectures on EKS, ECS, Lambda, and CloudFront, building auto-remediation systems with EventBridge + Lambda, and shipping CI/CD pipelines across Jenkins, GitHub Actions, CircleCI, and CodePipeline.
My happy place: Infrastructure as Code, security automation, and Python. When I’m not deploying, I’m traveling, hunting local food, or losing arguments with my cat.
Built the SOC 2 governance program from ground up. Security oversight across AWS infrastructure, GitHub, M365, and Defender/Intune. Risk management, control coordination, and audit evidence.
EventBridge + Lambda system that detects and auto-fixes security drift across AWS Org — re-enables S3 PAB, removes SSH-open SGs, blocks non-compliant creates via SCPs, and auto-tags missing resources.
Tracks IPs of all SSO logins, alerts on failed-login bursts & brute force attempts, supports Tailscale IP tracking. Integrates with MSTeams, Slack, Google Chat, PagerDuty, and Azure for analysis.
Daily / weekly / monthly cost reports for active AWS resources broken down per SSO user. Surfaces orphaned resources after user deletion. Reduced cloud spend through targeted optimization plays.
Migrated CI/CD from GitLab to GitHub Actions across all repos. Stood up Terragrunt-based infrastructure for multiple client environments and Cloud9 dev envs that boosted deployment velocity.
Built the AMI pipeline (Packer), multi-env CloudFormation, and CircleCI flow that ships microservices to ECS & EKS. APIs via Serverless Framework + Python Lambdas; internal ElasticSearch for dev logs.
CloudFormation-driven multi-env setup with ACM SSL, multibuild Docker images, and a CircleCI pipeline pushing to ECS. MSSQL RDS backing for stateful workloads.
Migrated a WordPress site from on-prem to AWS ECS Fargate. Multi-origin CloudFront (S3 + EFS), CloudFormation + Jenkins automation, and AWS SAM APIs over RDS MSSQL.
Serverless application on Aurora Serverless (Postgres) with Cognito-authenticated APIs. Frontend on private S3 behind CloudFront. Full PyTest coverage on Lambda business logic.
Stood up Landing Zone + Control Tower, migrated infra cross-account via CloudFormation, moved domain from GoDaddy → Route53. SES + Workmail wiring, DynamoDB for signup/contact, QuickSight dashboards.
Discovery and cost analysis of 800 on-prem servers, then full migration to AWS. Broke a monolith into microservices, wrote Dockerfiles from scratch, and shipped on EKS with Cognito-auth APIs.
Automated CodePipeline with multibranch strategy deploying cross-account via Lambdas. SAM + CDK stacks, org-wide alarm manager, and secure S3-from-QuickSight delivery.
Whether you need a SOC 2 readiness sprint, hardened AWS infra, DevSecOps automation, or a Kubernetes platform that doesn’t page you at 3am — let’s talk.
ushna.akram1@gmail.com