Devon Booker
Security engineer. I run a boutique SOC 2 readiness practice for AWS-native startups, using tools I built myself to move faster than traditional consultants.
Background
I've been in IT for four years and currently work as a security analyst. My day-to-day is AWS, Terraform, and cloud security - the same work I do for clients. I'm not a consultant watching from the outside; I'm a practitioner who ships.
- Cloud and infrastructure security - AWS, Terraform, Ansible, Docker, Kubernetes
- Security engineering - container security, WAF, TLS/PKI, authentication and authorization
- Compliance frameworks - SOC 2, ISO 27001, CMMC, GDPR in cloud environments
- Observability and CI/CD - Grafana, Prometheus, GitHub Actions
- Languages - Go, TypeScript; AI tooling built on Anthropic / Claude APIs
The practice
I help AWS-native startups get SOC 2 ready without the $50k readiness-assessment treadmill. The work is fixed scope, fixed price, delivered in weeks.
The edge is a tool I built called kumo-assess - a four-tier Claude agent pipeline plus a deterministic rules engine that runs a full CC6 + CC7 scan of your AWS environment in about thirty minutes. It's read-only by construction. Zero mutating API calls exist in any collector. The whole codebase is on my GitHub and covered by automated tests.
That tool handles the evidence collection and gap analysis that consultants usually do by hand. It lets me spend my time on the remediation work that actually matters - writing Terraform, reviewing IaC, fixing the things the tool finds.
Covered today: CC6 (Logical Access, Boundary Protection, Data Protection, Change Detection) and CC7 (System Operations). Additional families (CC1, CC2, CC8, A1, C1) expanding quarterly. Other frameworks - CMMC, ISO 27001, PCI DSS, HIPAA - on the roadmap.
Contact
If you're a SaaS startup working toward SOC 2 on AWS and want someone who can scan your environment and deliver the fixes, book a 30-minute scoping call. You'll leave with a fixed price and a start date.