Scott Piper

Principal Cloud Security Researcher at fwd:cloudsec

Jackson, Wyoming, United States
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts

Summary

🤩
Rockstar
🎓
Top School
Scott Piper is a Principal Cloud Security Researcher with 14 years of experience specializing in AWS security, tooling, and incident detection. He built well-known open-source projects like flaws.cloud, CloudMapper, CloudTracker, and Parliament (an IAM linter used widely in the community), and contributed security rules to Airbnb’s StreamAlert. Based in Jackson, Wyoming, he blends hands-on engineering with community leadership as a founding organizer of fwd:cloudsec and a maintainer of cloudvulndb. His background ranges from DoD software development to senior roles at Block and Wiz, giving him a rare perspective on both large-scale enterprise risk and attacker-facing cloud misconfigurations. Scott frequently turns research into practical tools and trainings used by Fortune 100s and has a knack for finding subtle IAM and policy parsing flaws that others miss.
code14 years of coding experience
job15 years of employment as a software developer
bookMasters Computer Science, Masters Computer Science at University of Tulsa
github-logo-circle

Github Skills (21)

json-parser10
json10
python10
cloudtrail10
jsonp10
rule-engine10
security10
aws10
parsing10
rule10
serverless9
terraformer8
analyse8
terraform8
testing8

Programming languages (11)

HCLTypeScriptJavaShellC++JavaScriptGoHTML

Github contributions (5)

github-logo-circle
duo-labs/parliament

Sep 2019 - Sep 2022

AWS IAM linting library
Role in this project:
userBack-end Developer
Contributions:40 releases, 4 reviews, 231 commits in 3 years
Contributions summary:Scott primarily worked on improving the functionality and accuracy of the IAM policy linter. Their commits focused on identifying and fixing issues within the IAM policy parsing and analysis logic. They addressed problems related to resource matching, condition evaluation, and principal verification. Additionally, they refactored code to allow for better usability of the core functionality of the library by other codebases, while improving the data models.
lintingiamaws-iamaws
airbnb/streamalert

Nov 2017 - Aug 2019

StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.
Role in this project:
userSecurity Engineer
Contributions:20 commits, 15 PRs, 64 comments in 1 year 9 months
Contributions summary:Scott primarily focused on enhancing security within the StreamAlert framework, specifically by developing rules to detect potential security gaps and attack attempts. Their contributions include creating a rule to identify MFA policy abuse attempts within AWS CloudTrail logs. The user also made improvements to existing tests and added support for a new output, Komand, expanding StreamAlert's alert capabilities. Finally, the user introduced a new rule and matcher for GuardDuty events and incorporated best practice security rules.
realtimerealtime-dataserverlessaws-lambdaaws
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Scott Piper - Principal Cloud Security Researcher at fwd:cloudsec