About this site

About this site

I'm Partha — a DevSecOps engineer with 10+ years of building, breaking, and securing cloud infrastructure. I hold a CISSP and I've spent my career across startups and enterprises, which means I've seen both ends of the spectrum: organizations with million-dollar security budgets and three-person teams where "security" meant someone remembered to rotate the AWS root password once a year.

This blog exists because I kept solving the same problems at every small team I worked with, and I got tired of watching good engineers make avoidable mistakes simply because nobody wrote down the blueprint for them.

Why "Chaos to Control"?

Because that's literally the journey.

Early in my career, I inherited an AWS account where the root credentials were in a shared Google Doc, every S3 bucket was public by default, and the "security strategy" was hoping nobody noticed. Sound familiar?

I've spent years turning environments like that into something you can actually sleep at night about — using open-source tools, smart automation, and architecture patterns that don't require a six-figure security budget.

Every post on this site is something I've either built, deployed, or wished existed when I needed it.

What you'll find here

This isn't a news blog or a product review site. Everything here is a practical, deployable blueprint — most posts come with a companion GitHub repo you can fork and run today.

The focus areas:

Cloud Security Posture — Auditing and hardening AWS and Azure environments using tools like Prowler, Cloud Custodian, and ScoutSuite.

CI/CD Pipeline Security — Baking security into every commit with SAST, SCA, secrets scanning, and DAST — all open-source.

Container & Kubernetes Security — Runtime detection, image scanning, network policies, and policy-as-code for containerized workloads.

Software Supply Chain — SBOMs, dependency health, image signing — the stuff most small teams ignore until it's too late.

Infrastructure as Code Security — Catching misconfigurations in Terraform and CloudFormation before they reach production.

Detection & Incident Response — Monitoring, alerting, and response playbooks that work without a 24/7 SOC.

Who this is for

If you're an engineer at a startup or scale-up and you've ever thought "we should really do something about security but I don't know where to start" — this is for you.

No enterprise jargon. No tools that cost more than your entire infrastructure bill. Just real patterns, open-source tools, and step-by-step guides written by someone who's been in your exact position.

Find me elsewhere

GitHub: github.com/Parthasarathi7722 — where the code lives

LinkedIn: Partha Sarathi Das

Stay in the loop

New posts land every couple of weeks — each one a self-contained guide you can implement over a weekend. Subscribe below and they'll show up in your inbox. No fluff, no spam, just blueprints.