AWS Security Blog

AWS Security Profiles: Sam Elmalak, Enterprise Solutions Architect

Amazon Spheres and author info

In the weeks leading up to re:Invent, we’ll share conversations we’ve had with people at AWS who will be presenting at the event so you can learn more about them and some of the interesting work that they’re doing.

How long have you been at AWS, and what do you do in your current role?

I’ve been with AWS for three and a half years. I’m an Enterprise Solutions Architect, which means that I help enterprise customers think through their cloud strategy. I work with customers on everything from business goals and how to align those goals with their technology strategy to helping individual developers create well-architected cloud solutions. I also have an area of focus around security by helping a broader set of customers with their cloud journey and security practices.

How do you explain your job to non-tech friends?

I help my customers figure out how to use AWS and the cloud in a way that delivers business value.

What are you currently working on that you’re excited about?

From a project perspective, the AWS Landing Zone initiative (which also happens to be my 2018 re:Invent topic) is the most exciting. For the last two to three years, we’ve been providing guidance to help customers decide how to build environments in a way that incorporates best practices. But the AWS Landing Zone has a team that’s building out a solution that makes it easier for customers to implement those best practices. We’re no longer just telling customers, “Here’s how you should do it.” Instead, we’re providing a real implementation. It’s a prescriptive approach that customers can set up in just a few hours. This can help customers accelerate their cloud journey and reduce the work that goes into setting up governance. And the solution can be used by any company — including enterprises, educational institutions, small businesses, and startups.

What’s the most challenging part of your job?

I need to strike a balance between different initiatives, which means being able to focus on the right priorities for the moment. I don’t always get it right, but my hope is that I can always help customers achieve their goals. Another challenge is the sheer number of launches and releases—it can be difficult to stay on top of everything that’s being released while maintaining expert-level knowledge about it all. But that’s just a side effect of how quickly AWS innovates.

What’s your favorite part of your job?

The people I work with. I get to interact with so many smart, talented achievers and builders, and they’re always so humble and willing to help. Being around people like that is an amazing experience. Also, I get to learn nonstop. There are a lot of challenging problems to figure out, but there are also so many opportunities for growth. The job ends up being whatever you make of it.

In your opinion, what’s the biggest challenge facing cloud security right now?

Often, security organizations take the approach of saying “No.” They block things instead of making things happen by partnering with their business and development teams. I think the biggest challenge is trying to change that mindset. Skillset is also a challenge: Sometimes, people need to learn how to “do” security in the cloud in a way that keeps pace with their development team, and that can require additional skills. I believe training your entire organization to develop automation and approach problems and processes in an automated manner will help remove these barriers.

Five years from now, what changes do you think we’ll see across the security/compliance landscape?

I think we’ll see more automation, more tooling, more partners, and more products — all of which will make it simpler for customers to adopt the cloud and operate there in an efficient, secure manner. As customers adopting the cloud mature, I also think the job of the security practitioner will change slightly — the work will become a matter of how to use all the available tooling and other resources in the most efficient manner. I suspect that artificial intelligence and machine learning, predictive analytics, and anomaly detection will start to play a more prominent role, allowing customers to do more and be more secure. I also think customers will be starting to think more of security in terms of users and devices rather than perimeter security.

How did you choose your session topics for re:Invent 2018?

This is my third year holding sessions on establishing a Landing Zone. Back in 2016, I had a few customers who asked me about how to set up their AWS environment. I spent quite a bit of time researching but couldn’t find a solid, well-rounded answer. So I took it upon myself to figure out what that guidance should include. I spoke with a number of more experienced people in AWS, and then proposed a re:Invent session around it. At the time, I thought it would sound boring and no one would want to attend. But after the session, feedback from customers was overwhelmingly positive and I realized that people were hungry for this kind of foundational AWS info. We put a team together to develop more guidance for our customers. The AWS Landing Zone initiative leverages that guidance by implementing best practices built by a talented team whose vision is to make our customers’ lives easier and more secure. Since then, Re:Invent sessions on Landing Zone have expanded. We’re up to at least 18 sessions, workshops, and chalk talks this year, and we’ve even added a tag (awslandingzone) so they’re all searchable in the session catalog and customers can find them. In my presentations at re:Invent, we have a customer who will talk through what their journey looked like and how the AWS Landing Zone Solution has helped them.

What are you hoping that your audience will take away from these sessions?

I want customers to start thinking differently about a few areas. One is how to enable their organizations to innovate, build and release services/products more quickly. To do that, central teams need to think of the rest of their organization as their customers, then think of ways to onboard those customers faster by means of automated, self-service processes. Their idea of an application or a team also needs to be smaller than the traditional definition of an entire business unit. I actually want customers to think smaller — and more agile. I want them to think, “What if I have to accommodate thousands of different projects, and I want them all in different accounts and isolated workspaces, sitting under this Landing Zone umbrella?”

Thinking about that type of design and approach from the beginning will help customers start, innovate, and move forward while avoiding the pitfalls of trying to fit everything into a single AWS account. It’s a cultural mindshift. I want them to start thinking in terms of the people and the groups within their organizations. I want them to think about how to enable those groups and get them to move forward and to spend less time focused on how to control everything that those groups do. I want people to think of the balance between governance/security and control.

Any tips for first-time conference attendees?

Plan to do a lot of walking and have comfortable shoes. If you’ve signed up for sessions, get there early and remember that there are at least five venues this year — it’s important to factor in travel time. Other than that, I’d say visit the partner expo, meet other customers, and learn from each other. And ask us questions; we’ll do everything we can to help. Most importantly, enjoy it and learn!

If you had to pick any other job, what would you want to do with your life?

My current role comes down to helping empower people, which I love, so I’d look for a way to replicate that feeling elsewhere by helping people realize their talents and potential.

As a backup plan, I’d downsize, go live somewhere cheap and enjoy life, nature, music and tango…

The AWS Security team is hiring! Want to find out more? Check out our career page.

Want more AWS Security news? Follow us on Twitter.


Sam Elmalak

Sam is an Enterprise Solutions Architect at AWS and a member of the AWS security community. In addition to helping customers solve their technical issues, he helps customers navigate organizational complexity and address cultural challenges. Sam is passionate about enabling teams to apply technology to address business challenges and unmet needs. He’s largely an optimist and a believer in people’s abilities to thrive and achieve amazing things.