Cloud Security Architect · DevSecOps · PCI DSS

Zero breaches.
Zero audit
findings.

I help fintech companies pass PCI DSS 4.0, harden AWS infrastructure, and build security operations — without slowing down engineering. 1M+ daily transactions secured.

Book a Free 30-min Call → View Services
0
Security breaches since deployment
0
PCI DSS audit findings
99.95%
Uptime SLA for payment processing
45%
AWS cost reduction delivered
1M+
Daily payment transactions secured
85%
Reduction in standing CDE privileges
Verified results
PCI DSS 4.0 Level 1 · Zero findings $81K/month AWS savings 127 hrs/week SOC automation 60% CDE scope reduction 15 min MTTD
01

What I deliver

Audit
AWS Security Audit
Deep-dive analysis of your AWS environment against CIS Benchmarks, PCI DSS controls, and your specific threat model. You get a prioritised roadmap — not a checkbox report.
From $2,500
Delivered in 1 week
  • 40+ security checks across all accounts
  • IAM, network, data exposure analysis
  • Prioritised remediation roadmap
  • Executive summary + technical detail
Compliance
PCI DSS 4.0 Readiness
Gap analysis, scope reduction strategy, and a concrete remediation plan so you pass your QSA audit — the first time. Built on a zero-findings track record.
$6,000 – $8,000
2–3 weeks · All 12 requirements covered
  • Full gap analysis vs. PCI DSS 4.0
  • CDE scoping + tokenization strategy
  • Evidence collection automation
  • QSA pre-audit readiness review
  • 150+ automated compliance checks
Retainer
DevSecOps Retainer
Ongoing security architecture support: CI/CD hardening, incident response, EKS security, SIEM tuning. Your part-time CISO without the full-time cost.
$6,000 – $10,000 / mo
20 hrs/month · Cancel anytime
  • Security review of all architecture changes
  • SIEM alert tuning + rule development
  • Incident response support (1hr SLA)
  • Monthly security posture report
02

Measurable results

$972K
Annual AWS savings delivered for one client
60%
PCI DSS scope reduction via tokenisation
127h
Analyst hours saved per week via SOAR automation
<15m
Mean time to detection across all environments
03

Who I am

I'm a Senior Cloud Security Architect and DevSecOps leader with 15+ years of hands-on experience — from self-taught sysadmin to CISO-level advisor at a PCI DSS Level 1 payment processor handling 1M+ daily transactions.

I don't write specs for others to implement. I build the things myself — 99 AWS Terraform modules, 500+ Wazuh detection rules, 80+ SOAR workflows, 45 production Helm charts. Every control is tested in production, not on paper.

My background is unusual: BIM coordinator for a 260,000m² Gazprom complex, then fintech DevOps, then Cloud Security Architect. That breadth means I see problems most specialists miss — and I communicate clearly with both CTOs and QSAs.

Based in Israel. Available globally, remote.

  • Zero-breach track record across fintech, crypto, and payment processing
  • PCI DSS 4.0 Level 1 — zero audit findings (all 12 requirements)
  • AWS multi-account architecture (10+ accounts, 3 cloud providers)
  • NIST CSF 2.0 · ISO 27001 · SOC 2 Type II · CIS Controls v8
  • EKS security hardening (CIS EKS Benchmark v1.4.0)
  • Dual-SIEM: Wazuh + Security Onion NDR, 500+ custom rules
  • SLSA Level 3 supply chain security for all production images
  • Local LLM inference for security analysis (RTX 5090, DeepSeek R1)
04

Tech stack

AWS Yandex Cloud GCP EKS Terraform / OpenTofu Terragrunt ArgoCD Istio / mTLS Wazuh SIEM Security Onion Falco OPA Gatekeeper Kyverno HashiCorp Vault Teleport JIT Cosign / SLSA Trivy Snyk Semgrep n8n SOAR AWS GuardDuty AWS Security Hub AWS Control Tower Prometheus + Grafana Loki Keycloak Python Sigma Rules MITRE ATT&CK PCI DSS 4.0 NIST CSF 2.0 ISO 27001 SOC 2 Ollama / LLM

Ready to build security
that actually works?

Free 30-minute call. No pitch, no sales deck — just an honest conversation about your security posture and where to start.

Book a Free Call → egDevOps@gmail.com
TG @tachys WA +972 553 189 185 LI linkedin.com/in/evgeniy-gantman GH github.com/gantmane