>samit_hota

Research

Notes from the field

Writing on offensive tradecraft, cloud security, threat intelligence, and what it actually takes to run a security program that survives contact with real attackers.

Industry Analysis

AWS Billing Console Glitch Triggers Inaccurate Cost Estimates

Learn what caused the AWS Billing Console glitch on July 16-17, 2026, why your cost estimates are inaccurate, and why you don't need to panic.

Jul 17, 2026#news
Cloud Security

The IAM Blind Spots That Keep Showing Up in Cloud Assessments

Over-permissioned roles and implicit trust chains are the single most common finding across cloud security assessments. Here's why they keep happening.

Jun 2, 2026#aws
Career & Advisory

Compliant Doesn't Mean Secure — And Your Board Should Know the Difference

SOC 2 and ISO 27001 prove you have a process. They don't prove an attacker can't get in. Here's how to talk about the gap with leadership.

May 14, 2026#compliance
Offensive Security

Anatomy of a Modern Supply Chain Attack — And Where Defenses Actually Break

A walkthrough of how a single compromised dependency turns into full CI/CD compromise, and the specific control points that stop it in practice.

Apr 21, 2026#supply-chain
Threat Intelligence

What Changed in Ransomware Tradecraft This Year

Ransomware operators have shifted from smash-and-encrypt to slow, quiet data theft. Here's what that means for detection and response strategy.

Mar 9, 2026#ransomware