A security profile manager receives a request to add a user to a cloud computing environment and generates a security profile for the user that includes an attribute associated with usage activity of a resource category available to the user. The security profile manager monitors the usage activity of the resource category by the user in view of the security profile, determines a security vulnerability value for the user in view of the usage activity, and executes a security audit operation on the security profile in view of the security vulnerability value.