// Cloud Cybersecurity — Barcelona

OMEGA
NIMBUS

鬼 雲  ·  Oni + Nimbus

Security research, cloud architecture, and threat analysis. AWS-certified. Offensive-minded. Defense-first.

View Projects Read Writeups

// About

Albert Sicart

Cloud Security Engineer & Cyber Security Consultant based in Barcelona. Currently at Azertium IT, focused on security risk assessment and GRC consulting across enterprise environments.

AWS Certified across the full security path — Cloud Practitioner, Solutions Architect Associate, and Security Specialty. Hands-on across both offensive and defensive disciplines: OSINT, digital forensics, threat hunting, web application security, and network analysis.

Background in Digital Humanities and critical thinking that shapes a unique approach to security: adversarial, analytical, and human-centered.

AWS Security Cloud Architecture GRC / Risk Threat Hunting Web App Security Burp Suite OSINT Digital Forensics Python Network Analysis Blue Team Hack The Box
3
AWS Certifications
2+
Years in Cybersecurity
360°
Security Coverage
Threat Surface Awareness

// Projects

Portfolio

WIP

// Cloud Architecture

Secure VPC Architecture on AWS

Multi-tier segmented VPC with public/private subnets, NAT Gateway, NACLs vs Security Groups comparison, and CloudTrail logging. Designed with the AWS Well-Architected Framework Security Pillar.

AWS VPC CloudTrail IAM Terraform
Planned

// Offensive Cloud

CloudGoat Attack Scenarios

Documented exploitation of intentionally vulnerable AWS environments using Rhino Security Labs' CloudGoat. Privilege escalation paths, IAM misconfigurations, and S3 exposure scenarios.

CloudGoat AWS Pentest IAM Escalation Pacu
Planned

// Threat Detection

AWS Security Monitoring Stack

End-to-end threat detection pipeline using GuardDuty, Security Hub, and CloudWatch. Alert correlation and automated response via Lambda. Simulated attack scenarios for validation.

GuardDuty Security Hub Lambda SIEM
Planned

// Network Security

Segmented Lab Network

On-prem network lab with VLAN segmentation, firewall rules, IDS/IPS, and attack/defense scenarios. Documented for both blue and red team exercises.

GNS3 VLANs Snort pfSense
Planned

// GRC + Cloud

AWS Compliance Mapping

Mapping of AWS native controls to ISO 27001, GDPR, and ENS frameworks. Control matrix, gap analysis, and remediation playbooks for a fictional SME environment.

ISO 27001 GDPR AWS Config ENS
WIP

// OSINT

OSINT Automation Toolkit

Python-based OSINT automation for passive reconnaissance. Target profiling, infrastructure enumeration, and report generation. Designed for authorized red team engagements.

Python Recon OSINT Automation

// Research & Writeups

Writeups

// AWS Security

Coming Soon

IAM Privilege Escalation: From ReadOnly to Admin in 4 Steps

A walkthrough of a common IAM misconfiguration chain that allows an attacker with minimal initial permissions to achieve full administrative access in an AWS environment. Includes detection and remediation guidance.

// HTB Writeup

Coming Soon

HackTheBox: Chemistry

Full walkthrough of the Chemistry machine — enumeration, foothold, privilege escalation.

// Cloud Architecture

Coming Soon

Designing Zero Trust on AWS: A Practical Approach

Breaking down Zero Trust principles into concrete AWS implementation patterns: identity-first access, micro-segmentation, and continuous verification.

// Contact

Get in Touch

Open to collaborations, research opportunities, and senior cloud security roles. Based in Barcelona. Remote-friendly.