Sr. Cloud Security Analyst

Mike
Voosen

Securing cloud infrastructure at scale — from zero-trust architecture to DevSecOps pipelines.

View ProjectsGet in Touch

87→0

Critical Vulns Eliminated

20%

CIS Score Improvement

3

Cloud Platforms

AWSAzureK8sSIEMGCPTerraformZERO TRUST · ACTIVE

Approach

Security as a connected
system, not a checklist.

Zero Trust Architecture

Every request is verified, every connection is authenticated — regardless of where it originates inside or outside the perimeter.

Unified Visibility

Aggregating signals from AWS, GCP, Terraform, IAM, Kubernetes, and SIEM into a single control plane for continuous compliance.

Automated Remediation

Policy violations trigger automated workflows — not just alerts. Security controls that act, not just observe.

About

Translating threat intelligence
into measurable risk reduction.

I'm a Sr. Cloud Security Analyst at Keurig Dr. Pepper, where I lead security initiatives across AWS, Azure, and GCP. My work blends CNAPP analytics using Orca Security with Agile execution to drive vulnerability reduction, CIS compliance gains, and Zero-Trust adoption across enterprise multi-cloud environments.

I serve as a trusted advisor to engineering and leadership teams, translating complex threat intelligence into concrete, prioritized action. From patching zero-day vulnerabilities to designing resilient cloud architectures with least-privilege IAM, RBAC, and end-to-end logging pipelines feeding Microsoft Sentinel, CrowdStrike NG-SIEM, and Cribl.

I hold a B.S. in Cybersecurity from Southern New Hampshire University and carry the AWS Certified Solutions Architect – Associate, CompTIA Security+, and CompTIA Network+ certifications. I'm actively pursuing the Microsoft AZ-104 and Microsoft AZ-500.

87→0

Critical Vulns Eliminated

20%

CIS Score Improvement

3

Cloud Platforms Secured

Experience

Key Accomplishments

Sr. Cloud Security Analyst · Keurig Dr. Pepper · Frisco, TX · Mar 2024 – Present

Multi-Cloud Critical Vulnerability Elimination

Led Agile vulnerability management sprints across AWS, Azure, and GCP at Keurig Dr. Pepper — driving critical-level vulnerabilities from 87 down to zero in 4 months. Used Orca Security (CNAPP) for continuous posture analysis and prioritized remediation with engineering teams.

AWSAzureGCPOrca SecurityCNAPPAgile

CIS Compliance Program

Led cross-functional teams to improve CIS compliance scores by 20% across all cloud providers within 12 months — covering benchmarks for AWS, Azure, and GCP workloads, IAM configurations, and network controls.

CIS BenchmarksAWSAzureGCPIAM

Network Misconfiguration Remediation

Identified and systematically reduced network misconfigurations across all AWS and Azure subscriptions — improving perimeter hygiene and reducing attack surface.

AWSAzureZero-TrustNetwork Security

Multi-Cloud SIEM & Logging Pipeline

Built unified logging and monitoring coverage across all cloud providers: AWS (CloudTrail, S3 Access Logs, VPC Flow Logs), Azure (NSG Flow Logs, Activity Logs, Azure Firewall), and GCP (Audit Logs, VPC Flow Logs). Exported into Cribl and Microsoft Sentinel for centralized alerting and threat detection.

Microsoft SentinelCriblCloudTrailAzure MonitorGCPSIEM

CrowdStrike Sensor Coverage

Managed enterprise-wide effort to deploy CrowdStrike sensors across cloud-hosted VMs, reducing unprotected instances from 287 down to 74 within two quarters — significantly improving endpoint detection and response coverage.

CrowdStrikeEDRAWSAzureGCP

Cloud Builds

Hands-On Cloud Builds

Personal lab projects built in real cloud environments — architecture designed, provisioned, and documented end-to-end.

Infrastructure as Code · Azure

Azure VNet Flow Log Pipeline

End-to-end Terraform project that provisions a segmented Azure virtual network with tiered Network Security Groups, enables VNet Flow Logs captured to blob storage, and streams real-time events through Event Grid into Event Hubs — creating a complete network telemetry pipeline ready for SIEM ingestion or further analysis.

TerraformAzureVNetNSG Flow LogsEvent GridEvent HubsIaC

Architecture Flow

Terraform (IaC)VNet + NSGsNSG Flow LogsBlob StorageEvent GridEvent Hubs

Resources Provisioned via Terraform

Terraform (IaC)·main.tf

Terraform script used to deploy all resources in a single apply.

rg-nsg-flowlog-demo·Resource Group

Logical container for all 11 project resources, tagged environment:demo

vnet-demo-eastus·Virtual Network

3 subnets with dedicated NSGs — snet-critical (10.10.1.0/24), snet-production (10.10.2.0/24), snet-noncritical (10.10.3.0/24)

nsg-critical / nsg-production / nsg-noncritical·Network Security Groups

Tiered NSG policies per subnet; flow logs enabled on all three, capturing inbound/outbound traffic metadata

vm-demo-ubuntu·Virtual Machine

Ubuntu 22.04 LTS (B1s) deployed in snet-critical to generate representative network traffic for flow log capture

stnsgflowlogdemo001·Storage Account

Receives NSG flow log blobs every hour as PT1H.json files under insights-logs-flowlogflowevent container

evgt-flowlog-demo·Event Grid System Topic

Watches the storage account and fires on Microsoft.Storage.BlobCreated events, routing to Event Hubs via evgs-flowlog-to-eventhub subscription

evhns-flowlog-demo·Event Hubs Namespace

Standard tier, zone-redundant, 1 throughput unit. Receives streamed flow log events for downstream SIEM consumption or real-time analysis

Portal Screenshots — click to enlarge

Monitoring · Backup · Recovery · Azure

Azure Monitoring, Backup, and Recovery

End-to-end Azure project demonstrating infrastructure observability and resilience. Configures Azure Monitor and Log Analytics for performance visibility, sets up threshold-based alerting with action groups, enables automated VM backups via Recovery Services Vault, and establishes cross-region disaster recovery using Site Recovery — with KQL log queries for operational insights.

Azure MonitorLog AnalyticsKQLAzure BackupSite RecoveryAlertsDR

Architecture Flow

Azure ResourcesDiagnostic SettingsLog AnalyticsAzure Monitor + AlertsAction Groups
Azure ResourcesRecovery Services VaultAzure Backup+Site Recovery (DR)

Resources Provisioned

Recovery Services Vault·Backup & DR Container

Unified container managing both Azure Backup policies and Site Recovery replication configurations for the environment.

Azure Site Recovery — Failover·Disaster Recovery

Failover test validating that VMs can be brought online in a secondary Azure region within defined RTO/RPO targets without impacting production.

Azure Site Recovery — Topology·Replication View

Visual topology map showing replication relationships between source VMs and their target region replicas, confirming replication health.

Log Analytics Workspace·Azure Monitor Logs

Central hub for log ingestion from all connected resources. Supports Kusto Query Language (KQL) for ad-hoc querying and insight generation.

VM Backups·Azure Backup

Automated backup policy applied to VMs with configurable daily, weekly, and monthly retention to ensure point-in-time data recovery.

VM Insights·Azure Monitor

Monitors VM performance (CPU, memory, disk, network) and maps process dependencies, providing deep visibility into workload behavior.

VM Monitoring Alerts·Azure Monitor Alerts

Threshold-based alert rules on VM metrics triggering action group notifications when performance limits are breached.

Portal Screenshots — click to enlarge

Skills & Credentials

Technical Stack

Cloud Platforms

AWSMicrosoft AzureGoogle Cloud (GCP)

Security Tools

Orca Security (CNAPP)CrowdStrikeDefender for CloudMicrosoft Sentinel

Data & Identity

DSPMIAMRBACLeast PrivilegeZero-TrustAzure PolicyConditional Access

Logging & Monitoring

CloudTrailVPC Flow LogsNSG Flow LogsAzure Firewall LogsCriblGCP Audit Logs

Infrastructure

KubernetesDockerS3VMsVirtual NetworkingStorageGovernance and Security

Compliance

CIS BenchmarksNIST

Threat & Risk Management

Vulnerability ManagementAgile SecurityAttack Path Analysis

Certifications

AWS Certified Solutions Architect - Associate

Amazon Web Services

Microsoft AZ-500

Azure Security Engineer Associate

In Progress

Microsoft AZ-104

Azure Administrator Associate

In Progress

CompTIA Security+

CompTIA

CompTIA Network+

CompTIA

Education

B.S. Cybersecurity

Southern New Hampshire University

AWS·Microsoft Azure·Google Cloud (GCP)·Orca Security (CNAPP)·CrowdStrike·Defender for Cloud·Microsoft Sentinel·DSPM·IAM·RBAC·Least Privilege·Zero-Trust·Azure Policy·Conditional Access·CloudTrail·VPC Flow Logs·NSG Flow Logs·Azure Firewall Logs·Cribl·GCP Audit Logs·Kubernetes·Docker·S3·VMs·Virtual Networking·Storage·Governance and Security·CIS Benchmarks·NIST·Vulnerability Management·Agile Security·Attack Path Analysis·AWS·Microsoft Azure·Google Cloud (GCP)·Orca Security (CNAPP)·CrowdStrike·Defender for Cloud·Microsoft Sentinel·DSPM·IAM·RBAC·Least Privilege·Zero-Trust·Azure Policy·Conditional Access·CloudTrail·VPC Flow Logs·NSG Flow Logs·Azure Firewall Logs·Cribl·GCP Audit Logs·Kubernetes·Docker·S3·VMs·Virtual Networking·Storage·Governance and Security·CIS Benchmarks·NIST·Vulnerability Management·Agile Security·Attack Path Analysis·

Contact

LET'S
WORK TOGETHER

Available for consulting, contract, and full-time opportunities. Let's talk about how I can help secure your cloud infrastructure.

mike.voosen@outlook.com

© 2026 Mike Voosen. All rights reserved.

Built with Next.js · Deployed on Vercel