Building, breaking,
and securing the cloud.
Long-form notes on AWS, GCP, Azure, Kubernetes, compliance, and the engineering decisions pre-seed and seed founders face. New posts every Monday and Thursday.
AWS IAM Access Analyzer: The 6 Findings I See Most in Pre-Seed Accounts
IAM Access Analyzer is free, runs in minutes, and is ignored in most pre-seed AWS accounts. The six findings I see most often, what each one means, and how to fix or safely archive it in 2026.
GCP Workload Identity Federation: How Startups Kill Static Keys
12 min·Jun 4, 2026Kubernetes Audit Log Analysis: 7 Patterns That Signal a Compromise
13 min·May 26, 2026Terraform State for Startups: 5 Patterns and When Each Breaks at Scale
14 min·May 23, 2026Cloud Egress Costs in 2026: AWS vs GCP vs Azure for High-Traffic SaaS Startups
17 min·May 19, 2026PCI DSS 4.0 in 2026: The 9 Most-Missed Requirements for Pre-Seed Fintech CTOs
Most pre-seed and seed fintechs are still operating against PCI DSS 3.2.1 mental models. By May 2026 the 4.0 standard is fully in force. The 9 requirements I see startups miss most often, with engineering-level fixes and stage-specific guidance.
13 min read·May 19, 2026AWS vs GCP for Indian Fintech: The 12 Decision Points No One Writes About
The standard AWS-vs-GCP comparisons miss the realities that matter for Indian fintech: RBI Data Localisation, India region maturity, hybrid connectivity to NPCI and banks, talent pool size, and Spanner vs Aurora for ledger systems. 12 honest verdicts grounded in production experience on both clouds.
14 min read·May 15, 2026AWS S3 Block Public Access: Four Settings, What Each One Does, and Why You Need All Four
Most S3 breaches start with a checkbox flip, not a hacker. AWS shipped four settings called Block Public Access to fix that. This is the boring reference your team should read before configuring a bucket. Account level vs bucket level. Pre-2023 defaults vs post-2023 defaults. DPDP and RBI angles for Indian operators.
8 min read·May 12, 2026I Audited Five OTT Platforms With Browser Devtools. The Cache Headers Told a Story.
Three weeks of network-panel audits across five streaming platforms. Cache TTLs ranged from 5 minutes to nearly a year for the same kind of asset. Two of five shipped unsigned segment URLs. The accessibility gap was the most stark finding. What architecture choices reveal about the engineering culture behind each player.
11 min read·May 7, 2026What SOC 2 Actually Costs an Indian Seed Startup in 2026: A Line Item Breakdown
Indian seed-stage SaaS does SOC 2 Type II for ₹8-14 lakh all-in. The same opinion letter costs ₹34 lakh+ if you copy the Western default stack (Vanta + Big-4 + US pen test). Customers can't tell them apart. Here's the line-item breakdown grounded in 12+ Indian-market sources, not US enterprise aggregators.
13 min read·Apr 23, 2026Ghost Hunter: The $28,000 Question Your Dashboard Won't Answer
Every cloud bill tells you what went up. None of them tell you why. Ghost-hunter is an AI investigator that reasons through your bill the way a senior SRE does: one hypothesis at a time, read-only, every command validated before it runs.
8 min read·Apr 19, 2026I Looked at 30 Startups' Infrastructure. Every Single One Had the Same Problem.
After reviewing 30 startups under 50 engineers, a pattern emerged: the CTO is doing everything, security is on nobody's plate, and one bad day is all it takes. Here are the 7 things I found in every single one.
6 min read·Apr 12, 2026RBI Compliance for Fintech Startups: Security Checklist 2026
A practical infrastructure checklist for fintech CTOs. Covers RBI cybersecurity framework, data localization, VAPT requirements, and the mistakes that trigger enforcement actions.
10 min read·Apr 5, 2026DPDP Act Compliance for Startups: What Your Dev Team Needs to Build Before May 2027
DPDP Act enforcement starts May 2027. Here is exactly what your startup needs to build, with penalties up to INR 250 crore for non-compliance.
9 min read·Apr 5, 2026AWS IAM Audit for Startups: A Step-by-Step Guide to Finding and Fixing Risky Permissions
Learn how to run a practical AWS IAM audit for your startup, find overprivileged roles, and fix the misconfigurations that lead to breaches.
5 min read·Mar 26, 2026Cloud Cost Optimization for Startups: Cut AWS Bills Fast
A practical guide for startup engineers to reduce cloud spend using proven cost optimization techniques that do not sacrifice performance.
4 min read·Mar 26, 2026