[donny@scyber ~]$ whoami

Donny SchreiberCloud & Product Security Engineer · DevSecOps · GenAI Security

secured $4B+ in cloud infrastructure across regulated industries

published 3 official AWS Prescriptive Guidance documents

shipped open-source Terraform to aws-samples

eliminated 3,000+ hours of manual security review with one tool

self-taught since age 12, reverse-engineering page source

drummed 7 years for Colorado's pro sports teams

I'm a security engineer at AWS Professional Services. Over four years I've helped secure $4B+ of infrastructure for healthcare, financial-services, government, and telecom customers, building the automation, network security, access controls (IAM), guardrails, and DevSecOps pipelines that let teams ship quickly without shipping risk. I'm self-taught: it started at twelve, reverse-engineering drum videos from page source, and I spent seven years drumming for Colorado's pro sports teams while building a security career in parallel.

# Selected Work

Projects & Work

A few things I've built and shipped — public artifacts where possible: open-source infrastructure, security automation, and writing on cloud and AI security.

./multi-region-ipam

Multi-Region IPAM on AWS

Multi-account, hierarchical IP address management automated end-to-end in Terraform — 67 pools across regions, cross-account sharing via AWS RAM. I authored the official AWS Prescriptive Guidance pattern for this architecture and open-sourced the Terraform to aws-samples.

./cloud-governance

Cloud Governance & Compliance-as-Code

Policy-as-code guardrails and compliance automation for AWS at enterprise scale: Service Control Policies, AWS Config custom rules, Security Hub and GuardDuty, and Control Tower / Landing Zone Accelerator baselines that keep regulated environments continuously compliant.

  • Service Control Policies & AWS Config custom rules (Guard DSL)
  • Security Hub, GuardDuty, Control Tower, Landing Zone Accelerator
  • Detective & preventative controls across multi-account organizations
  • Frameworks: HIPAA, HITRUST, PCI DSS, SOC 2, NIST 800-53, FedRAMP
./devsecops-automation

Shift-Left DevSecOps Automation

A CI suite orchestrating 15+ SAST/DAST/IaC/secrets scanners with intelligent change detection. Cut a financial-services platform's security validation from two weeks to four hours.

  • 15+ scanners (Bandit, Semgrep, Checkov, TFSec, Terrascan, GitLeaks…)
  • GitHub Actions with 40–60% CI cost reduction
  • Weeks-to-hours security validation cycles
  • Read the write-up →
./genai-security

GenAI & Agentic-AI Security

Security for LLM and agentic systems: OWASP-LLM-Top-10 reviews, MCP / multi-agent architecture security, and internal tooling that generates least-privilege IAM policies from natural language.

  • OWASP LLM Top 10 review methodology
  • MCP / multi-agent (agentic) architecture security
  • IAMulator — internal tool: least-privilege IAM from natural language
  • Read the write-up →
./personal-builds

Personal Builds

Things I build and secure for fun and for people I care about — static and serverless apps on AWS, infrastructure-as-code, end to end.

  • ruthevelynpaints.com → — an art portfolio I built + secured on AWS
  • scyber.ai — this site (S3 + CloudFront + Terraform + WAF)
  • Infrastructure-as-Code; you own everything
# About

The Person Behind the Terminal

I've been doing security for over a decade — network and endpoint defense, SIEMs, incident response, then cloud, infrastructure, and application security. For the last four years I've been a security engineer at AWS Professional Services, helping enterprises design, build, and secure their cloud.

I'm self-taught. It started at twelve, reverse-engineering drum videos from page source to figure out how the web worked. That curiosity never left — I just pointed it at security and automation.

Before the cloud career took off, I spent seven years drumming for Colorado's pro sports teams, including the Avalanche's 2022 Stanley Cup run. I built the security career in parallel, on nights and weekends, until it became the main thing.

Have a look at my writing to see how I think and work.

Enterprise Security Background
Network defense, SIEMs, incident response, endpoint security — over a decade across regulated industries.
Cloud Security & IaC
AWS architecture, Terraform, AWS CDK, DevSecOps. I build infrastructure as code because clicking around consoles doesn't scale.
AI & Automation
I build security automation and GenAI tooling daily — and I know exactly where these systems cut corners.
[donny@scyber ~]$

Get in touch

Open to conversations about cloud, product, and AI security work. If you'd like to talk, the fastest way to reach me is below.

principles.list()

How I Build Things

01
Simple where it counts. Not everything is easy. But nothing should be needlessly complicated. If you don't understand it, I can help until you do.
02
Built to change. Modular. Structured. So when your needs evolve — and they will — you're not starting over.
03
Secure by design. Not bolted on at the end. Not "we'll get to that later." From the start.
04
Honest about trade-offs. Everything has a cost... time, money, complexity, security. The right balance isn't the same for everyone. I'll help you find yours.
05
Lean on purpose. I'm not going to recommend something just because it's shiny. Every tool earns its place. Every dollar justified.
# Latest from the Blog

Recent Writing

The blog is where I go deep. Technical posts, honest takes, and the occasional hot take.

View all posts →
# Contact Interface

Get in touch

No forms, no funnels. If you want to talk about security work, a role, or something I've built — reach out directly. I read everything.

contact_methods.avail()

Direct Contact

Email
[Protected — click to reveal]
Location
Boulder, Colorado