About Me

I’m Rohan Bhagat, an IT Security Engineer based in Hamburg, Germany, with over 20 years of experience in cloud security, infrastructure engineering, and DevSecOps. I specialise in securing large-scale distributed systems on AWS, building automated Incident Response (IR) frameworks, and embedding security into CI/CD pipelines from the ground up.

My career spans startups, energy trading firms, ad-tech platforms, and global enterprises – giving me a practical, cross-domain perspective on what it takes to secure complex cloud environments at scale.

Currently, I work as a Cloud Security Engineer at a large European energy trading company (since January 2024), where I architect and operate cloud security controls for a global AWS estate, design automated IR playbooks, and drive compliance with GDPR/DSGVO and NIST CSF 2.0.

I trained on the AWS Certified Security – Specialty , am a Kubernetes Security Specialist (CKS) and Kubernetes Administrator (CKA) (both 2021), and have a long track record of certifications spanning AWS, Azure, Kubernetes, ITIL, Red Hat, and more.

When I’m not hardening cloud environments, I write about cloud security, agentic AI threats, supply chain security, and compliance on this blog.

What I Do (Skills & Focus Areas)

Cloud Security & Detection

  • Cloud Security Posture Management (CSPM) – AWS Security Hub, Orca Security
  • Threat detection and tuning – AWS GuardDuty, multi-account environments
  • Incident Response framework design and IR playbook development
  • Vulnerability Management – Orca Security, AWS Inspector
  • Zero-Trust Architecture, IAM hardening, Least Privilege Enforcement
  • AWS Organizations and Service Control Policies (SCPs)

DevSecOps & Automation

  • Shift-Left Security – integrating security scanning into CI/CD at provisioning
  • Infrastructure as Code (IaC) with Terraform (Security-as-Code)
  • Kubernetes security (EKS/AKS) – RBAC, Network Policies, container image scanning
  • CI/CD pipeline security – Azure DevOps, GitLab CI, Jenkins on Kubernetes
  • Ansible, Helm, GitOps workflows

Governance, Risk & Compliance

  • NIST CSF 2.0, CIS Benchmarks
  • GDPR / DSGVO compliance implementation
  • NIS2 / KRITIS (critical infrastructure, energy sector context)
  • Multi-account governance and security auditing
  • Risk Assessment and Security Architecture Reviews

Infrastructure & Platform Engineering

  • Linux administration and hardening (20+ years, Red Hat and Debian families)
  • AWS (primary cloud since 2021) and Azure
  • Kubernetes (EKS, AKS) – CKA and CKS certified
  • Observability: Grafana, Loki, Prometheus

Key Projects

  • Cloud IR Framework & Playbook Suite (2024-Present) – Built a zero-to-production Incident Response framework at a large energy trading company covering 4+ high-severity AWS threat vectors (credential compromise, S3 exfiltration, lateral movement, privilege escalation).
  • EKS Upgrade Automation (2022) – Automated EKS version upgrades via CI/CD; reduced upgrade windows by ~66% and eliminated manual error at a global ad-tech platform.
  • EKS/AKS IaC Pipelines (2020-2022) – Terraform pipelines for multi-cloud Kubernetes cluster provisioning with embedded CIS security guardrails.
  • Centralized Observability – Loki + Grafana (2020) – Unified log aggregation across all Kubernetes clusters, accelerating threat detection and debugging.
  • Helm Chart – Jenkins Operator (2023) – Standardized Jenkins deployments on Kubernetes via Helm; eliminated configuration drift across engineering teams.

Certifications

  • 2025 – AWS Certified Security – Specialty (AWS-SCS)
  • 2025 – AWS Summit Hamburg Attendee & Community Contributor
  • 2021 – Certified Kubernetes Security Specialist (CKS)
  • 2021 – Certified Kubernetes Administrator (CKA)
  • 2019 – Microsoft Azure Solutions Architect Professional
  • 2015 – AWS SysOps Administrator Associate
  • 2015 – AWS Solutions Architect Associate
  • 2015 – Mastering Terraform & Ansible; Puppet Fundamentals
  • 2014 – Chef Fundamentals; Hadoop Essentials (MapReduce, Hive, Spark)
  • 2013 – Certified SME – Red Hat Enterprise Security & Directory Services
  • 2011 – ITIL v3 Foundation

Languages

  • English – Native / Fluent
  • German – A2 (learning B1)

Compliance & Frameworks I Work With

GDPR / DSGVO – NIST CSF 2.0 – CIS Benchmarks – NIS2 / KRITIS – ITIL v3