Skip to main content
Your Name

Ela Tiro

Security Engineer

About Me

Hello! I am a cybersecurity practitioner and enthusiast. In the following paragraphs, I’ll share a bit about my background, my approach to cybersecurity, and the experiences that have shaped my perspective on security. I’ll also highlight some of the projects I’m currently working on and my ongoing efforts to learn, grow, and contribute to the cybersecurity community.

I firmly believe that a skilled security professional must go through the trenches of engineering and operations to develop a deep, hands-on understanding of how technologies are configured, deployed, and interact within complex environments. Experience has taught me that security is most effective when grounded in real-world implementations. Without firsthand involvement in building, maintaining, and troubleshooting systems, it's easy to overlook critical details, such as how configurations behave under real workloads, the operational constraints teams face, or the unintended security gaps that arise. These nuances are often missed when security is approached purely from a theoretical standpoint, leading to guidance that may seem sound in principle but falls short in practice.

This philosophy has defined my own career path. I started in system administration, where I gained hands-on experience configuring and managing hybrid infrastructure, understanding the operational challenges teams face, and leveraging automation to streamline processes and improve efficiency as my employer had begun to embrace modern cloud technologies. From there, I transitioned into penetration testing, which gave me a strong understanding of offensive security, particularly common web application and network security vulnerabilities. This role also deepened my understanding of operating systems, their inner workings, configurations, and security mechanisms as this knowledge is crucial for identifying misconfigurations, privilege escalation paths, and exploit development. Leveraging my offensive security background, I gained a deep understanding of attack techniques and tactics, which has been invaluable in shaping my ability to design security strategies that are resilient and practical in defending against real-world threats.

Building on this experience, I moved into cybersecurity engineering and architecture, which brought me to my latest adventure—designing and implementing security solutions that address both the technical and operational challenges application teams face in cloud and Kubernetes environments. I am working extensively across Azure, AWS and Kubernetes to secure modern cloud-native environments. My expertise includes conducting cloud security assessments, defining Kubernetes security best practices, and developing security standards for complex cloud architectures. In addition, I specialise in threat detection within cloud environments, designing and implementing guardrails to enforce security policies, and developing custom tooling to enhance both threat detection and guardrail effectiveness. My work involves creating automated detection mechanisms, integrating with cloud-native security services, and building proactive defenses that help my current employer identify and mitigate risks before they escalate.

This blog is an outlet for me to distill and share the insights I’ve gathered throughout my career. It serves as a platform where I can reflect on my experiences, tackle complex security topics, and engage with the broader cybersecurity community. Whether it's diving into the technical aspects of Kubernetes security, sharing strategies for building secure cloud-native environments, or discussing the latest security developments, my goal is to provide practical guidance that helps others navigate the challenges of securing modern IT infrastructures.

One of the exciting projects I’m currently working on is an LLM-powered tool I’m developing to automate threat modeling and create guardrails for cloud workloads. This tool aims to streamline the threat modeling process and make it more accessible to security professionals and developers alike. By integrating LLM capabilities, I hope to provide an intelligent, automated approach to threat modeling that not only saves time but also improves the accuracy and comprehensiveness of the security posture in cloud-native environments so stay tuned! ;D