[joecode]

I'm not sure how you can say that so matter-of-factly. My security friend was talking about something that Amazon does not (and presumably very few people do) know. Meanwhile my friend at Amazon was just stating the fact that he was not supposed to use AWS, or only with extreme caution. Of course that may differ from department to department, if that's what you mean.

[benblack]

http://www.linkedin.com/profile/view?id=6320672

[ceejayoz]

For anyone who doesn't want to log in to LinkedIn, "Sr. Manager, Information Security at Amazon.com"

[joecode]

Your resume is very impressive, and I see that you obviously know a lot about security at Amazon, yet this by itself does not discount my points. Those are:

1) AWS could be compromised, as my first friend claimed, without Amazon knowing about it.

2) My second friend is not allowed to use AWS for security reasons.

The truth of the first point is indeterminable, I think we may agree. Meanwhile, the second point may indeed be due to my friend being misinformed, if for example, you are aware of a Amazon-wide policy that says engineers can use AWS willy-nilly, so long as they abide by general security regulations that are used elsewhere.

[joecode]

Interesting... so it seems resume trumps argument at HN?

Well, pile on the down-votes folks, I've got to get back to work.

[dasil003]

On the offchance you're not trolling: the reason you're getting downvoted has nothing to do with resumes, it's because you are throwing out unfounded hearsay FUD. Come back with some actual evidence for debate, otherwise you're no different than any one of a million irc script kiddies. Anyone with knowledge of such an exploit would either A) keep it secret or B) tell Amazon about it. Casually dropping it in conversation screams wannabe.

[ceejayoz]

Resume - and the direct personal experience in the right department of the company you're smearing that resume includes - trumps unsourced (and frankly, hard to believe) hearsay.