← Back to main site

About Hien Nguyen

Hien Nguyen is a security engineer and consultant with hands-on experience in offensive security, cloud security (AWS/GCP), SIEM and detection engineering, and security audits and compliance. She works with SaaS startups and fintech companies to strengthen their security posture through penetration testing, cloud audits, and governance, risk, and compliance (GRC) support.

Skills

Core competencies and depth of experience.

Cloud Security
Application Security
Offensive Security
Detection Engineering
DevSecOps
Security Architecture
GRC

How I Work

A clear, repeatable process for every engagement.

1

Discovery

Initial call to understand your environment, compliance needs, and risk profile. We align on objectives and constraints.

2

Scope definition

Formal scope and rules of engagement. You provide read-only or test access; I confirm in-scope assets and out-of-scope items.

3

Security testing

Testing or audit per agreed methodology (OWASP, CIS, etc.). Findings are documented with evidence and severity.

4

Reporting

Executive summary and technical report with risk ratings, proof-of-concept where relevant, and clear remediation steps.

5

Remediation support

Optional re-test after fixes, or ongoing support for implementing recommendations and compliance follow-up.

Security Philosophy

How I approach every engagement.

Practical security

Focus on risks that matter to your business. Prioritize findings by impact and likelihood, not by checklist volume.

Developer-friendly remediation

Clear, actionable guidance that your team can implement. No jargon-heavy reports—concrete steps and code-level advice where useful.

Risk-based prioritization

Not every finding is equal. I help you decide what to fix first and what to accept or defer, aligned with your risk appetite.

Automation-first mindset

Recommendations that scale: secure defaults, CI/CD checks, and repeatable processes so security improves with every release.

Tools & Technologies

Industry-standard tools organized by capability—from cloud posture to offensive testing and automation.

Cloud Security & Posture

AWS/GCP security posture, CSPM, Kubernetes and container security, compliance scanning.

AWSGCPKubernetesProwlerScoutSuiteOrca

DevSecOps & Supply Chain

CI/CD security, SAST/DAST/SCA, and image signing.

GitLab CIJenkinsGitHub ActionsSASTDASTSCAImage signing

Vulnerability Management

Vuln scanning, prioritization, and CVSS workflows.

Rapid7QualysCVSSVulnerability workflows

Offensive / Testing

Web and API testing, recon, and exploitation tooling.

Burp SuiteOWASP ZAPNmapAmass

Detection Engineering & Monitoring

SIEM, ATT&CK mapping, and threat intel enrichment.

SplunkATT&CKThreat intel enrichment

Automation

Scripting and tooling for security automation.

PythonBashPowerShellGo

Work together

For application security consulting, cloud security audit, or DevSecOps review—get in touch for a no-obligation consultation.

Book consultation

Support my work

If my articles, case studies, or security resources helped you, you can support my work. Your support helps me maintain free content and keep publishing practical security guides.

Revolut

Quick support in seconds.

Buy me a spritz

Bank transfer (EUR)

If you prefer a traditional bank transfer, request IBAN and bank details via the contact form

Request bank details

Support is optional. For consulting or security work, please use the Services or Contact pages.