Cloud Security ArchitectCNAPP SpecialistPrincipal Cloud Sales EngineerCloud Native Advocate
An interactive journey through cloud-native
application protection
Hey — I'm KC, a Principal Cloud Sales Engineer at CrowdStrike. I live and breathe cloud security. Over the past decade, I've gone from managing infrastructure in the trenches to leading technical conversations with some of the largest organizations in the world about how to secure their journey from code to cloud.
My job? Translate complex cloud security into stories that click — for engineers, for CISOs, and everyone in between. Whether it's a live demo, a proof of concept, or a whiteboard session, I'm showing teams why unified security changes everything.
CrowdStrike · Feb 2026 – Present
CrowdStrike · Feb 2025 – Feb 2026
CrowdStrike · Apr 2024 – Feb 2025
CrowdStrike · May 2023 – Apr 2024
CrowdStrike · Feb 2023 – May 2023
CrowdStrike · Jul 2022 – Feb 2023
CrowdStrike · Feb 2022 – Jul 2022
CrowdStrike · May 2021 – Feb 2022
Executech · Dec 2020 – Apr 2021
Executech · May 2019 – Dec 2020
Executech · May 2018 – May 2019
Executech · Jan 2017 – May 2018
Micro Assist, LLC · Jan 2016 – Jan 2017
What I do every day
From the moment a developer writes code on their machine to the second it's running in production — every step is a potential attack surface. Here's how I break it down.
Every cloud journey begins with a developer writing code and pushing it to a repository. Infrastructure as code, application code, configuration — it all starts here.
Every cloud breach has an origin. A developer's laptop is the first link in the chain. Endpoint security ensures the code is trustworthy before it ever enters a pipeline.
Code flows through CI/CD pipelines that build Docker images, validate infrastructure as code, and deploy to the cloud. This is where security scanning catches problems before they reach production.
Terraform and CloudFormation templates are scanned for misconfigurations before deployment. Open security groups, unencrypted storage, overly permissive IAM — caught before they ever reach the cloud.
Docker images are assessed during the build process for known CVEs, malware, embedded secrets, and base image vulnerabilities. Shift-left security at its best.
Cloud infrastructure comes alive — EKS clusters spin up pods, EC2 instances process workloads, and data flows through managed services. This is where runtime security becomes critical.
Misconfigurations on EKS clusters, vulnerabilities on EC2 instances, and exposed container images are continuously monitored. Every resource is assessed for risk in real time.
What happens when something slips through? A single vulnerability becomes an entry point for a full cloud compromise.
Vulnerable container image deployed to production with unpatched CVE
The attacker identifies a known CVE in a base image that was never scanned during the CI/CD pipeline.
Attacker harvests IAM credentials from EC2 instance metadata service
Using SSRF, the attacker queries the instance metadata endpoint (169.254.169.254) to steal temporary IAM role credentials.
Pivoting across cloud resources using stolen IAM role permissions
The overly permissive IAM role allows the attacker to enumerate S3 buckets, access other EC2 instances, and assume additional roles.
Sensitive data accessed and exfiltrated from S3 buckets and databases
Customer PII and proprietary data is copied to an external bucket. Without CDR, the exfiltration goes undetected for weeks.
Without visibility across the full stack, an attacker can move from a single misconfigured container to full cloud compromise in minutes. Lateral movement using IAM permissions, privilege escalation through role chaining, and data exfiltration from unmonitored resources. This is why point solutions fail.
Cloud security isn't one thing — it's securing every stage from code to cloud. A unified platform that connects the dots across the entire application lifecycle.
From the developer's endpoint to runtime in production, every stage is secured, monitored, and connected — providing complete visibility and stopping threats before they escalate.
Endpoint protection for developers, secret scanning, and code review
IaC scanning, image assessment, and pipeline integrity
CSPM, misconfiguration detection, and cloud posture management
K8s monitoring, workload protection, and threat detection
Interested in cloud security, want to talk CNAPP strategy, or just want to geek out about infrastructure? I'd love to hear from you.
Connect on LinkedInBuilt with Next.js + Framer Motion · Deployed on Vercel
© 2026 KC Kuhns