I design systems — entire cloud platforms, not just resources. Security, resilience, cost, and performance, all as one connected architecture on Azure.
10+ years in — from writing code through DevOps, into cloud architecture and now AI. I've built the kind of cross-cutting experience where I understand what happens at every layer when an architecture decision is made. I know what breaks downstream when you cut corners upstream.
I've re-architected platforms from single-tenant to multi-tenant, driven significant cloud cost reductions by questioning every architectural assumption, and built systems where security, performance, and cost are solved together — not traded against each other. Not by following a framework. By understanding what's actually happening inside the system.
Hands-on labs on GitHub, tutorials on YouTube, and written blog posts — all in one place.
Blog
A deep-dive into Azure Front Door — how it combines global HTTP load balancing, SSL offload, caching, and Web Application Firewall into a single managed service.
Lab
Step-by-step lab: create a .NET 6 Web API, containerize it with Docker, build an image, and push it to Docker Hub registry.
Lab
End-to-end lab creating Azure DevOps pipelines for an Angular-based UI — from build to multi-environment deployment with release gates.
Lab
Learn to create Azure Storage Accounts using ARM templates — declarative infrastructure as code for repeatable, consistent deployments.
Lab
Eliminate "works on my machine" forever — use Docker and VS Code Dev Containers to create fully reproducible development environments.
Video
Full tutorial on containerizing an Angular web application, building a Docker image, and pushing it to Docker Hub for reusable deployment.
Lab
Use Azure Logic Apps to call Microsoft Graph API and retrieve Azure Active Directory user lists — a practical integration automation pattern.
A detailed walkthrough of implementing Zero Trust principles across Azure — identity, network, and workload layers.
Real-world Azure architecture work — cost, security, DevOps, and system design at enterprise scale.
Designed and built a RAG-based internal knowledge agent using Azure OpenAI and Azure AI Search. Indexed a large codebase, database schemas, and technical documentation — enabling developers to query the entire system context in natural language. Integrated into debugging workflows, dramatically reducing time-to-resolution for complex issues.
Architected the cloud infrastructure layer for production AI applications — private Azure OpenAI endpoints, APIM as AI Gateway for token throttling and logging, content filtering policies, managed identity auth, and a Hub-Spoke VNet topology with private DNS zones ensuring zero public AI exposure.
Replaced keyword-based search on a large document corpus with a semantic search platform built on Azure AI Search with OpenAI ada-002 embeddings. Implemented hybrid search (keyword + vector), semantic re-ranking, and a custom relevance scoring layer. Reduced zero-result searches significantly and improved user-reported relevance scores.
Re-architected a fully siloed single-tenant platform into a shared multi-tenant architecture. Azure Front Door as the ingress layer with WAF and path-based routing rules. Custom claims enrichment via Function Apps for tenant context. All backend resources behind private endpoints with per-tenant RBAC. Client onboarding reduced to a single configuration step — zero infrastructure provisioning per client.
Systematic FinOps engineering across a large Azure estate — right-sizing compute and storage, eliminating idle resources, switching to Reserved Instances for stable workloads, and fixing root-cause architectural inefficiencies (over-provisioned Function App triggers, redundant data movement). All without degrading SLA or performance.
Designed a complete enterprise identity layer — Entra ID B2C/B2B, custom RBAC roles, custom claims enrichment via Azure Functions, and token validation (JWT, SAML, OpenID Connect, OAuth 2.0). Balanced strict access control with developer and end-user experience. All authentication flows behind private endpoints with Zero Trust network segmentation.
Architected layered security across all environments: Hub-Spoke VNet topology, NSGs and ASGs, private endpoints for all PaaS services, Key Vault for secrets, Microsoft Defender for Cloud, and Azure Firewall. Authored all compliance documentation, control evidence, and risk registers required for ISO 27001/27018 external audits — passed multiple consecutive annual audits.
Consolidated a sprawling set of client-specific Azure DevOps pipelines (thousands of lines of YAML) into a single parameterized reusable template. Automated the majority of manual operational tasks: environment onboarding, user provisioning, app deployments, test pipelines, DB schema migration, and artifact promotion. Self-hosted agents on AKS for cost and control.
Designed and operated AKS clusters across multiple isolated production environments. Configured HPA, KEDA event-driven scaling, PodDisruptionBudgets, rolling deployments, and resource quotas. Integrated automated Playwright/Selenium test gates into CI/CD — no deployment without green tests.
Replaced a brute-force full-reindex batch job with an ADF-orchestrated incremental sync pipeline using watermark-based change detection, bulk indexing tuning, and Synapse Analytics pre-aggregation. Turned a multi-day maintenance window into an on-demand, near-real-time operation — making frequent refreshes practical for the first time.
End-to-end document processing pipeline using Azure Document Intelligence for extraction, Azure OpenAI for classification and summarisation, and Azure AI Search for retrieval — with a full audit trail and human-in-the-loop review workflow.
Microsoft, IBM, and Oracle certifications across architecture, security, DevOps, data, and AI.
All 26 certifications are verified and publicly available on Credly — Microsoft Azure, IBM, and Oracle credentials.
Verify All 26 Credentials on CredlyOpen to architecture consulting, collaboration, and the right full-time opportunities.
Whether you want to discuss an architecture problem, collaborate on content, or explore working together — I'd love to hear from you.