Cloud-focused engineer with a proven record of delivering secure, scalable infrastructure across Azure and Container environments. I specialise in deploying cloud solutions, hardening identity and access, and translating complex requirements into clear, maintainable systems. Skilled in Azure, ZFS, Entra security, and automation tooling. I focus on performance, resilience, and long-term operational clarity.
Every solution I build prioritises security at the architectural level. I integrate identity protection, RBAC Policies, Network Segmentation, and Threat Detection from the start, not as afterthoughts.
My systems are automated, observable, and resilient. I focus on reducing operational friction through clear documentation, versioned infrastructure, and scalable patterns that support long-term reliability.
I've delivered outcomes for both agile SMEs and highly-regulated enterprises. That range has taught me when to move fast, when to formalise, and how to scale cloud strategy without overengineering or going overbudget.
Developed a security posture reporting tool for Entra ID, addressing the challenge of consolidating complex identity risks into a single, actionable dashboard. The main difficulty was interfacing with the Microsoft Graph API at scale and normalising diverse data points into a consistent scoring model. I engineered a modular PowerShell backend to handle data collection and a lightweight HTML/CSS frontend for clear data visualization.
Created a Python-based wrapper for NMap to simplify network reconnaissance for non-technical stakeholders. The primary challenge was parsing NMap's XML output into a simple, non-technical human-readable format. I implemented logic to handle various scan types and edge cases, ensuring the tool was reliable and produced consistently clear CSV reports for easy analysis.
As a Cloud Engineer, I designed and executed migrations to Azure and Intune for clients of varying scales. This involved architecting hybrid identity solutions, configuring secure Azure environments, and automating resource deployment with Terraform & ARM. A key challenge was minimizing downtime during live migrations, which I solved by implementing phased rollouts and robust rollback plans.
Architected a home lab to self-host services and explore enterprise technologies. The core system is a fully automated media pipeline, handling everything from sourcing and organization to transcoding, all containerised with Docker. Network security and segmentation are managed by an HA Sophos Firewall configuration, while a custom-built OpenZFS NAS provides resilient, self-healing storage. Secure, zero-trust access is enforced via Cloudflare Tunnels, which acts as a secure reverse proxy to internal services.
Credential ID: p9Y34OcXko