Insights, experiences, and technical deep-dives from my work in cybersecurity, cloud infrastructure, and network engineering. Topics include incident response, vulnerability management, cloud security architecture, and lessons learned from securing critical infrastructure.
Securing 1,300 Servers: Lessons from Hardening Multi-OS Infrastructure
When I joined Caltech to support NASA and JPL missions, one of my first major challenges was securing approximately 1,300 servers spanning RedHat, Debian, SunOS, and CentOS—both on-premises and in AWS. Here’s what I learned about implementing CIS Benchmarks at scale. The Challenge Managing security across a heterogeneous environment with: Multiple operating systems with different security paradigms Legacy systems running critical mission applications A mix of on-premises and cloud infrastructure Strict compliance requirements (NIST 800-53, FIPS, FISMA) Key Strategies 1. Automated Compliance Scanning Rather than manual audits, we implemented automated CIS Benchmark scanning using tools that could handle our diverse OS landscape. This gave us baseline visibility across all 1,300+ systems. ...