A Cloud Solutions Architect who designs and delivers secure, resilient, and scalable infrastructure. I have a proven record of translating complex business requirements into technical solutions, from modernising legacy VMware environments to architecting greenfield Azure deployments. I specialise in designing for security, governance, and operational excellence, using IaC and automation to create robust, maintainable systems. My experience ranges from small to enterprise-scale Cloud/Hybrid/On-Prem architecture to rapid ransomware recovery solutions.
Every solution I build prioritises security at the architectural level. I integrate identity protection, RBAC Policies, Network Segmentation, and Threat Detection from the start, not as afterthoughts.
My systems are automated, observable, and resilient. I focus on reducing operational friction through clear documentation, versioned infrastructure, and scalable patterns that support long-term reliability.
Bridging the gap between business objectives and technical implementation. I design & deploy solutions that are not just technically sound but also cost-effective, scalable, and aligned with long-term strategic goals.
Credential ID: p9Y34OcXko
Architected a ephemeral file transfer solution built entirely on the Cloudflare edge to provide a simple, zero-infrastructure sharing tool. A Cloudflare Worker that serves the UI, streams uploads, and handles download logic. By using R2's native deleteAfter feature to automatically expire objects after one hour. The entire application is wrapped in Cloudflare Access, providing robust, zero-trust authentication.
Designed a standardised architectural pattern for greenfield Azure deployments to ensure governance and accelerate project delivery. This reusable IaC library uses Terraform to enforce a secure hub-spoke topology, baseline network security, and standard VM configurations, solving the challenge of inconsistent and non-compliant environments.
Engineered a serverless orchestration tool to automate tenant onboarding. Built on Cloudflare Workers, the application interfaces with the Cloudflare API to instantly provision new accounts, standardise RBAC policies, and inject engineering teams via identity management. The internal tool is secured behind Cloudflare Zero Trust, ensuring strict access control and encrypted credential management.
Architected a multi-tenant, serverless ingestion pipeline for collecting endpoint asset inventories at scale. The solution leverages Cloudflare R2 as a zero-egress data lake. Endpoints use a dependency-free PowerShell script to upload data, authenticating directly against the S3-compatible API using a manually generated AWS SigV4 signature. An admin-side utility then uses rclone with in-memory credentials to securely download and aggregate the raw JSON data into a multi-sheet Excel report for analysis.
Architected an automation pipeline to bridge existing, unmanaged hardware with Intune's Zero-Touch-Provisioning. The solution establishes a secure service principal in Entra ID with scoped Graph API permissions. A lightweight, client-side ingestion script, run as SYSTEM, captures the device's hardware hash and authenticates against the Graph API, programmatically registering the device in Autopilot. This solution enables automated tenant enrollment and re-provisioning (OOBE) for a brownfield device fleet.
Designed a security posture reporting tool to solve a critical business visibility gap in Entra ID. The chosen solution was a lightweight, serverless tool (PowerShell/HTML) to provide actionable data to stakeholders without the cost of a third-party platform. The architecture involved a modular PowerShell backend to aggregate diverse risk signals from the Graph API into a unified scoring model.
Created a Python-based wrapper for NMap to simplify network reconnaissance for non-technical stakeholders. The primary challenge was parsing NMap's XML output into a simple, non-technical human-readable format. I implemented logic to handle various scan types and edge cases, ensuring the tool was reliable and produced consistently clear CSV reports for easy analysis.
Designed and manage a resilient, multi-layered infrastructure to test and validate enterprise architecture principles. This solution blueprint incorporates a zero-trust security model (Cloudflare Tunnels), enterprise-grade network segmentation (Sophos HA), and high-availability storage (OpenZFS), serving as a proving ground for secure hybrid-cloud patterns.
Developed an automation tool to rapidly deploy a comprehensive security and performance baseline to Cloudflare zones, addressing the challenge of manual, error-prone configuration across multiple domains. Designed for mass-deployment and MSP environments, the tool uses PowerShell and Python to interface with the Cloudflare API. It programmatically enforces a "secure-by-default". It also deploys WAF rules to block scanners, geo-restricts high-risk countries, applies rate-limiting to sensitive endpoints, and implements cache-bypass rules for sensitive paths to ensure site stability & compliance.