Andrzej Skrodzki

Security Engineer · Cloud · Kubernetes · Identity

I break and harden cloud infrastructure — finding the gaps in AWS, Kubernetes, and IAM before attackers do, then closing them. I write about what actually breaks in production.

Selected work

kubescout Detects runtime RBAC drift in Kubernetes clusters. iam-lint Scans AWS IAM policies for over-permissive grants.

Writing

How SCPs really evaluate cross-account conditions 12 May 2026 A Kubernetes RBAC pattern that silently grants cluster-admin 03 Mar 2026

Ideas · notes

GuardDuty has a blind spot on VPC endpoint traffic 30 May 2026