From Wazuh Ambassador to AWS Community Builder

Introduction

I’m excited to share that I’ve been accepted into the AWS Community Builders program for the 2026 cohort in the Security category. For me, this is a natural next step after becoming a Wazuh Ambassador - another milestone in a journey that has always been centered around open-source security and cloud infrastructure.

From Wazuh Ambassador to AWS Community Builder

When I became a Wazuh Ambassador, it marked a shift from being a long-time user and contributor to an active voice in the security community. The role pushed me to write more, share more, and engage with fellow engineers facing real-world detection and compliance challenges. Maintaining open-source projects like docker-wazuh-agent and wazuh-prometheus-exporter, writing technical blog series on SOAR integration, and helping others adopt Wazuh in production - all of this naturally expanded into the broader cloud security domain.

The more I worked with Wazuh in AWS environments - shipping CloudTrail logs, analyzing GuardDuty findings, monitoring EKS clusters - the more I realized that my day-to-day work was already deeply embedded in AWS security. Applying for the Community Builders program felt like the logical next step.

Why Security Was the Natural Fit

When I looked at the available categories, Security was the only option that made sense. My work over the past several years has been almost entirely focused on this domain: building EKS compliance checklists aligned with SOC 2 and PCI-DSS requirements, integrating container vulnerability scanning with Trivy and Wazuh, developing LLM-powered security analysis tools for AWS log analysis, and writing extensively about threat detection, SIEM tuning, and incident response automation. Security isn’t just a category I picked - it’s the thread that runs through everything I do.

The Journey That Led Here

The path to this point spans over a decade of working with security tooling:

It started with OSSEC back in 2015-2016, when I adopted the open-source host intrusion detection system and followed its evolution into Wazuh. Over 10+ years, I went from being a user to a contributor, building tools the community actually uses - a containerized Wazuh agent for Docker and Kubernetes environments, a Prometheus exporter for Wazuh metrics, and an LLM-based code security scanner supporting Claude, OpenAI, and Gemini. Along the way, I built specialized LLM models for Wazuh and AWS security analysis and explored how machine learning can enhance threat intelligence using real-world honeypot data.

In parallel, my professional work kept pushing deeper into AWS security - from architecting multi-account networking with Transit Gateway and Network Firewall, to implementing IAM compliance controls aligned with CIS benchmarks, to building observability pipelines that tie Wazuh alerts to AWS-native services like CloudTrail, GuardDuty, and Security Hub. This hands-on experience culminated in a detailed Amazon EKS SOC 2 Type II compliance checklist that I published to help teams navigate the audit process.

The Wazuh Ambassador role in 2025 was a recognition of this accumulated work. And now, the AWS Community Builder acceptance is recognition from the other side of the same equation - the cloud platform where all this security work runs.

Two Communities, One Mission

What excites me most is how these two roles complement each other. Wazuh provides the open-source SIEM and XDR platform - the detection engine, the log analysis, the compliance monitoring. AWS provides the infrastructure - the compute, the storage, the managed security services. Together, they cover the full security lifecycle: from threat detection with Wazuh rules and decoders, through correlation with AWS-native signals from GuardDuty and CloudTrail, to automated response with SOAR workflows.

Insights from the Wazuh community - real-world detection challenges, decoder edge cases, false positive tuning - directly inform how I architect security monitoring on AWS. And lessons from AWS - EKS security best practices, IAM policy design, managed service integrations - feed back into making Wazuh deployments on cloud infrastructure more robust.

Being active in both communities means I can bridge these two worlds, and that’s exactly what I plan to do.

What to Expect Next

As an AWS Community Builder, I’m planning to focus on several areas in the coming year:

AWS security deep dives - hands-on guides covering GuardDuty, Security Hub, IAM Access Analyzer, and EKS security configurations
Wazuh + AWS integration - practical tutorials on connecting Wazuh with AWS-native security services for unified monitoring
Compliance automation - sharing approaches to SOC 2, PCI-DSS, and regional compliance frameworks on AWS infrastructure
LLM-powered security tooling - exploring how AI can enhance security log analysis, rule generation, and threat detection in cloud environments
Community collaboration - engaging with other builders in the Security category, contributing to discussions, and participating in AWS events

I’ll be sharing all of this on my blog, on GitHub, and through the AWS Community Builders channels.

Conclusion

From OSSEC in 2015 to Wazuh Ambassador to AWS Community Builder - it’s been a journey driven by a simple belief: security tooling should be open, accessible, and continuously improving. I’m grateful to the Wazuh community for the foundation it gave me, and to AWS for recognizing that open-source security expertise has a place in the cloud builder community.

Here’s to a great year ahead.

Introduction