My name is Craig Balding and I am an independent cyber security consultant.

On this site, I share expert knowledge on Cloud Security, covering the technology and tools, hacks and human factors, policy, regulation and strategy.

Who am I writing for?

  1. Developers & DevOps teams handling sensitive data: how to use cloud services safely, norms, minimum standards, best tools, OPSEC
  2. Incident Response and forensic teams: how to integrate threat management tooling, talk about response teams at cloud providers, facilitate intros, create helpful tools
  3. Security Assessment and Red teams: 101, cloud specific assessment tooling, useful tricks and tips
  4. Decision makers: CISOs, risk and policy people, regulators and insurance - inform about breaches, controls gaps, shared responsiblity, influence policy, educate about breaches, network
  5. SME customers: risks, tips, easy to use security tools


  • Cloud related offense & defence tools, attacks and tactics (open source focused but some commercial)
  • Cloud provider security: major developments, analysis of breaches and security controls and security - claims, technical walk throughs, gaps, certifications and regulatory issues
  • Cloud research, studies and reports
  • My observations, annoyances and suggestions for cloud services
  • Occasional interviews, book reviews

This website is generated by Hugo and delivered to you via netlify.

I welcome your feedback, please get in touch