informations about me
I'm Daniel Grzelak
An AWS hacker and security aficionado based in Australia
I started hacking Amazon Web Services in 2015 while Atlassian was moving it's business to the cloud and I was leading the security function. In 2016 I presented an end-to-end methodology for hacking AWS and published the first comprehensive AWS hacking toolkit. I've been knee deep in securing AWS systems ever since.
I now share my experience through advisory engagements and immersive classroom training for corporate teams. Unfortunately I am unable to service most requests due to a long waitlist and other commitments but please feel free to contact me to see if we can make it work.
I am NOT affiliated with Amazon in any way. Official AWS security information lives here.
This training is not for the faint of heart. It is almost entirely deliberate practice and guided discovery. We’ll be hacking in teams from start to finish every day. If you want to cruise through some slides, this training will disappoint.
This is for folks who want to be able to take any AWS environment and practically tear it apart like an experienced security researcher would, even if they have never seen the exact setup before. It’s for anyone who wants to deeply understand the security decisions they are making in AWS and their real world implications, beyond what might be written on the sticker.
Advice and consulting
Are you building technology startup or cloud security product? I can work with your engineering teams to set you up for success.
Are you looking to uplift your AWS logging and detection? I help security operations teams improve detection and response.
Are you running offensive security engagements or red team exercises against AWS infrastructure? I provide guidance and help develop attack chains.
If you are looking for regular cloud security consulting services like architecture review, vulnerability assessment, compliance audits etc., I'd be happy to recommend reputable providers that I trust.
I am available for an introductory chat.
I've always been weary of training where you sit and listen to someone read slides. This was not that. We worked on exercises the entire time. It was gruelling but we actually learned practical AWS security skills.
We have many experts in cloud security on the team; That is the purpose of our product. Even so, Daniel's advice forced us think about security from an attacker's perspective and constantly challenged us technically, making us and our customers more secure.