SOC 2

HIPAA

May 1, 2026

•

2 min read

Public subnets, NAT gateways, and "we restrict by security group" don't survive a HIPAA review. Here's the pattern that does.

Manan Qayas

AWS Cost

Apr 26, 2026

•

2 min read

A screenshot is not evidence. A Slack message is not a control. Here's what works.

Manan Qayas

HIPAA

Apr 12, 2026

•

2 min read

S3 access logging is off, or it's logging to the same bucket. Both are fails. Here's what auditors actually want.

Manan Qayas