Cloud engineer focused on access governance, secure network architectures, and pragmatic automation.
I like clean runbooks, reversible cutovers, and evidence-first security.
I work primarily in Azure, with complementary projects in AWS and GCP where they deliver value.
- 🛡️ Identity & Access: JIT elevation, Conditional Access, PIM, external-ID federation (Azure • AWS STS • GCP WIF)
- 🌐 Networking: Fortinet SD-WAN/IPsec in Azure, HA/BGP, MTU optimization
- ⚙️ Automation: PowerShell/Bicep, Logic Apps, YAML pipelines, GitHub/Azure DevOps
- 📊 Ops: Runbooks, cutover/rollback, observability, backup verification
- ✍️ Documentation: concise, production-ready, redacted
| Project | Description | Stack |
|---|---|---|
| Cloud Access Broker — JIT (Multi-Cloud) | Time-bound least-privilege elevation across Azure, AWS & GCP with approvals, audit, and auto-revocation. | ☁️ Azure · AWS · GCP · PowerShell/Bash |
| AWS JIT Access | Identity Center + Step Functions flow for temporary AWS elevation with auto-expiry & CloudTrail logging. | ☁️ AWS · 🐍 Python · 🔐 IAM |
| Azure Access Automation | Forms → SharePoint → Power Automate → Entra ID group → Conditional Access (time-boxed outside-country access). | ☁️ Azure · ⚡ Power Automate |
| Fortinet SD-WAN + IPsec (Azure) | Hub-and-spoke SD-WAN/IPsec topology with HA/BGP, MTU hardening, and route health validation. | 🧱 Fortinet · ☁️ Azure |
| Azure Public IP Migration | Discover Basic SKU IPs, export inventory CSV, and migrate safely to Standard SKU. | 🧰 PowerShell · ☁️ Azure |
| Azure VPN (P2S) Runbook | Real-world Azure P2S VPN rollout: OpenVPN/Entra ID vs IKEv2, DNS strategy, and secure defaults. | 🌐 Networking · ☁️ Azure |
| Cloud-Secure Egress Policy | Lock down outbound Internet egress via central firewall/NVA chain with cutover & rollback docs. | 🔐 Network Security · ☁️ Azure |
| LogicMonitor Hybrid (Hyper-V • AWS • GCP) | Hybrid observability with collectors/agents and cloud integrations; CPU/Memory/Uptime alerting. | 📊 LogicMonitor · ☁️ AWS · ☁️ GCP |
| Grafana Backup Monitoring | Dashboards + parser for backup health verification; pragmatic CI examples. | 📈 Grafana · 🐍 Python |
- Identity & Access Governance (Multi-Cloud) — Secure, auditable JIT access spanning Entra ID PIM, AWS STS AssumeRole, and GCP Workload Identity Federation.
- Cloud Networking & Security — Enterprise SD-WAN/IPsec with HA/BGP and MTU tuning; hub-and-spoke patterns; deterministic egress.
- Security Automation & SOC Integration — Sentinel/M365 playbooks for enrichment, triage, and notification routing to Teams.
- Governance & FinOps — Policy-as-code, tagging hygiene, drift detection, and cost accountability across estates.
- Operational Resilience — Production-grade runbooks, rollback plans, and health checks to ensure smooth cutovers.
🧾 All documentation and code samples are redacted for confidentiality.
No secrets, IP addresses, or tenant identifiers are included.