Skip to content
View Luekrit's full-sized avatar

Block or report Luekrit

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
Luekrit/README.md

Luekrit Kongkamon

Cloud Security Engineer | IAM & Identity Specialist | Melbourne, Australia

I build AWS security automation and identity governance controls backed by real test evidence. Delivered a zero-incident Entra ID migration for a critical infrastructure organisation, more than 40 applications, 500+ users, and cut the phishing-prone rate from 13% to 4.8% in under three months. Currently sitting AWS SAA-C03 (Jun 2026) and SC-300 (Jul 2026).


Featured Project

Cloud Security Automation

Event-driven IAM security pipeline that detects unauthorised privilege escalation, runs governance-aware remediation logic, and sends structured alerts — end-to-end validated with real CloudWatch logs and SNS output.

Stack: CloudTrail · EventBridge · Lambda · SNS · DynamoDB · Terraform · Python/Boto3

  • Detects AttachUserPolicy abuse in near real-time via CloudTrail and EventBridge
  • DynamoDB exception registry with TTL — approved exceptions auto-expire, no manual cleanup
  • Human-in-the-loop dry-run mode before live enforcement eliminates accidental lockout risk
  • Lambda IAM role scoped to iam-test-user only — no over-permissioned execution role
  • Handles the IAM/us-east-1 global service logging problem with a dedicated Terraform provider alias
  • CloudTrail log file validation, SNS encryption, S3 SSE-KMS — hardened end to end
  • Modular Terraform, S3 remote state, DynamoDB locking, AssumeRole — no long-term credentials

Cloud Projects


Automated Cloud Security Monitoring & Remediation

S3 security controls, Python, Boto3, AWS automation

Enterprise IAM Governance Lab

Joiner-Mover-Leaver automation in Python/Boto3. CloudTrail log parser with CloudWatch alerting for high-value IAM role changes.

Terraform Secured S3, EC2 & IAM

Infrastructure-as-Code with lifecycle management, least-privilege IAM roles, and encryption automation.

Java Web App Deployment with AWS CI/CD

EC2, S3, CodePipeline, CodeDeploy, CodeArtifact

Security Projects


Azure Security Operations & Threat Detection

Deployed honeypot Azure VMs to capture real attacker traffic. Built KQL detection rules correlating Event ID 4625 with GeoIP data, generating Sentinel incidents with attacker context pre-attached.

Threat Hunting — Australian University Incidents

Analysed three real incidents — ANU ransomware, WSU 580TB SSO exfiltration, QUT PrintNightmare. Full MITRE ATT&CK mapping with Navigator layer JSON.

SolarWinds Cyber Risk Management

Applied ISO 27001 and NIST frameworks to the SolarWinds supply chain attack — risk evaluation, control prioritisation, executive reporting.

SOC Analyst Technical Assessment

End-to-end SOC investigation framework covering SIEM analysis, log correlation, MITRE ATT&CK mapping, IR workflow, evidence handling, and executive reporting.

Stack

Cloud       AWS (CloudTrail, EventBridge, Lambda, SNS, DynamoDB, IAM, S3, Security Hub)
            Azure (Sentinel, Defender for Cloud, Entra ID)
IaC         Terraform (modular), CloudFormation
Languages   Python, Boto3, KQL, PowerShell, Bash, YAML
Identity    Entra ID, Okta, SAML, OIDC, OAuth, MFA, Conditional Access, RBAC
Security    MITRE ATT&CK, Cisco XDR, Rapid7 InsightVM, KnowBe4
Frameworks  NIST CSF 2.0, ISO 27001, ASD Essential Eight, APRA CPS 234

Certifications

Credential Status
CompTIA Security+ Achieved 2024
CompTIA Network+ Achieved 2024
AWS Solutions Architect – Associate Exam scheduled Jun 2026
Microsoft SC-300: Identity & Access Administrator Exam scheduled Jul 2026
AWS Security Specialty Planned Q4 2026

Connect

LinkedIn · luekrit.k@gmail.com

Popular repositories Loading

  1. Luekrit Luekrit Public

    1

  2. web-project-nextwork- web-project-nextwork- Public

    Java web app set up on an EC2 instance.

    Shell 1

  3. Cloud-Security-Automation Cloud-Security-Automation Public

    Event-driven AWS cloud security automation that detects IAM privilege escalation, alerts security teams via SNS, and supports governance-aware remediation using Terraform and Python.

    HCL 1

  4. Azure-Security-Operations-Threat-Detection Azure-Security-Operations-Threat-Detection Public

    Hands-on Microsoft Sentinel SOC lab demonstrating Azure honeypot monitoring, Windows Event Log collection, KQL investigation, GeoIP enrichment, and attack map visualization.

  5. Threat-Hunting-at-Australian-University-s-Incidents Threat-Hunting-at-Australian-University-s-Incidents Public

  6. Enterprise-IAM-Governance-Lab-with-AI-Powered-Identity-Analytics-Automation Enterprise-IAM-Governance-Lab-with-AI-Powered-Identity-Analytics-Automation Public

    Simulating identity lifecycle, access governance, and intelligent access anomaly detection in AWS and Microsoft Entra environments.

    Python