Skip to main content
Oliver is CloudThinker’s security expert, specializing in compliance auditing, vulnerability assessment, threat detection, and identity management across cloud environments.

The Problem Oliver Solves

Cloud security posture is invisible until it isn’t. Security groups get opened to 0.0.0.0/0 during debugging and never closed. IAM roles accumulate permissions across months of tickets. S3 buckets get misconfigured. Compliance frameworks like SOC 2 and HIPAA require evidence collection that takes security teams weeks to assemble manually. The result: most teams discover misconfigurations from breach notifications, failed audits, or penetration test reports — not proactive monitoring. And when a compliance audit arrives, engineers spend 2–4 weeks collecting screenshots and writing evidence docs instead of fixing actual security gaps.

How Existing Tools Compare

ToolWhat It DoesWhat’s Missing
AWS Security HubAggregates findings from GuardDuty, Inspector, ConfigNo remediation guidance, no compliance narrative, no cross-cloud
Wiz / OrcaCloud security posture management (CSPM) with risk visualizationReporting-focused, requires dedicated security analyst to interpret, no AI-driven remediation
Prowler / ScoutSuiteOpen-source security scannersManual runs, raw output, no prioritization or remediation guidance
AWS ConfigTracks resource configuration drift against rulesRules-based, no AI analysis, no compliance framework mapping
Lacework / Prisma CloudComprehensive CSPM + CWPPExpensive, complex, still requires security expertise to act on findings
Oliver goes further: it explains why a finding matters in your specific context, maps it to your compliance frameworks, and generates the exact remediation steps for your environment.

How Oliver Works

  1. Scans continuously — reads IAM policies, security group rules, CloudTrail logs, GuardDuty findings, and resource configurations
  2. Prioritizes by context — not just severity scores, but actual blast radius: is this finding on a production database or a dev sandbox?
  3. Maps to frameworks — automatically maps findings to SOC 2 controls, HIPAA requirements, PCI-DSS clauses, or whatever you’re being audited against
  4. Generates evidence — produces compliance documentation with the exact format auditors need, including timestamps, configurations, and remediation proofs
  5. Tracks over time — remembers past findings so you can show compliance trend improvement, not just point-in-time snapshots

Capabilities

DomainCapabilities
ComplianceSOC 2, ISO 27001, GDPR, HIPAA, PCI-DSS auditing and evidence collection
Vulnerability AssessmentSecurity scanning, misconfiguration detection, risk prioritization
Threat DetectionIncident investigation, forensics, anomaly detection, security monitoring
Identity & AccessIAM policy review, privilege analysis, permission optimization, access audits

Prompt Patterns

Security Audits

# Security group review
@oliver audit security groups for overly permissive rules

# Scoped audit
@oliver audit production security groups for public access on ports 22, 3389, 3306

# Multi-cloud audit
@oliver perform unified security audit across AWS, Azure, and GCP

# Configuration review
@oliver identify misconfigurations that could expose customer data

Compliance Assessment

# Framework-specific
@oliver perform SOC 2 Type II compliance assessment

# Multi-framework
@oliver evaluate infrastructure against SOC 2, ISO 27001, and GDPR

# Evidence generation
@oliver #report HIPAA compliance audit with evidence documentation

# Gap analysis
@oliver identify compliance gaps in IAM, logging, and access control

Vulnerability Management

# Vulnerability scanning
@oliver scan infrastructure for security vulnerabilities with remediation timeline

# Priority assessment
@oliver identify critical and high-risk vulnerabilities requiring immediate action

# Public exposure
@oliver find all public-facing resources and assess exposure risk

Access Control

# IAM audit
@oliver audit IAM roles and policies for privilege escalation risks

# Permission review
@oliver identify over-privileged users and recommend least-privilege changes

# Access review
@oliver perform quarterly access review: unused accounts, stale permissions

# Certificate management
@oliver scan for expired or expiring SSL certificates

Tool Usage

ToolOliver Use Case
#dashboardCompliance status, security posture, finding trends
#reportAudit documentation, compliance evidence, incident analysis
#recommendRemediation actions, security hardening, policy changes
#alertSecurity group changes, policy violations, certificate expiration
#chartVulnerability trends, compliance scores, risk distribution

Examples with Tools

@oliver #dashboard compliance status across all frameworks
@oliver #report SOC 2 assessment with gap analysis and remediation timeline
@oliver #recommend security hardening prioritized by risk and effort
@oliver #alert on security group changes allowing 0.0.0.0/0 access

Effective Prompts

Define Scope

# Good
@oliver audit production security groups
for public access on database ports
(3306, 5432, 1433)

# Avoid
@oliver find security issues

Specify Framework

# Good
@oliver assess infrastructure for
SOC 2 Type II compliance
with evidence documentation

# Avoid
@oliver help with compliance

Connection Requirements

Oliver requires cloud and security service access:
ProviderRequired Access
AWSIAM, Security Hub, GuardDuty, CloudTrail, Config
AzureSecurity Center, Azure AD, Policy, Monitor
GCPSecurity Command Center, IAM, Cloud Audit Logs

Common Workflows

Security Audit Workflow

# Step 1: Scan
@oliver scan infrastructure for security vulnerabilities

# Step 2: Prioritize
@oliver categorize findings by severity and exploitability

# Step 3: Remediate
@oliver #recommend remediation actions with implementation order

# Step 4: Verify
@oliver rescan to verify remediation effectiveness

Compliance Assessment Workflow

# Step 1: Assess
@oliver perform SOC 2 Type II compliance assessment

# Step 2: Document
@oliver #report findings with evidence for each control

# Step 3: Remediate
@oliver create remediation plan for gaps

# Step 4: Monitor
@oliver #schedule weekly compliance status check

Incident Investigation

# Step 1: Scope
@oliver identify affected resources from security incident

# Step 2: Analyze
@oliver analyze CloudTrail logs for suspicious activity

# Step 3: Document
@oliver #report forensic analysis with timeline and root cause

# Step 4: Prevent
@oliver #recommend controls to prevent recurrence

What’s Next

CloudKeepers

Configure SecurityOps pilots for continuous 24/7 security guardrails

Assessment

Run a Well-Architected assessment with the Security pillar

Deep Response Engine

How Oliver assists with security incident investigations

Anna

Coordinate Oliver with other agents for enterprise-wide security reviews