Solution Designing



Platform Landing Zone

Application Landing Zone

Security posture increase

Cloud Adoption Framework

Getting started

Defining a strategy




Innovate and Modernize




Well Architected Framework



Cost Optimization

Operational Excellence

Performance Efficiency

DevOps (Azure DevOps or GitHub)

Everything as Code

For many years already we have the possibility to maintain any manual configuration, as code. However, we still click around and call it “production” months later. I call it “technical debt”. As people come and leave very often, there is a big chance that a manual change nobody knows about, is what keeps a company alive. Let’s steer away from that mentality and keep your intellectual property well separated on domains of interest, secure, versioned and backed up. I can help you define a future-proof DevOps strategy, by separating artifacts that don’t belong together and making logical room for configurations-as-code.

DTAP / OTAP build

A true isolation between various environments must be as secure as your electrical wires in your home. Once they touch each other, there is a big risk of fire. For each solution that your organization runs, there should be at least a non-production environment where people can safely develop, test, optimize, learn and ultimately “accept” it. Your Acceptance environment is the Production of tomorrow and you need to be able to control and predict the day of tomorrow. I have almost 20 years of experience in safely shipping software, fully automated, stage by stage, with rollback possibility. Some services such as Entra ID, or the Microsoft 365 suite are indeed production only, but also there room can be made for trying things out, using automation. There is always a possibility for automation. I strive for descriptive configuration rather than imperative, with each occasion. Don’t wait and don’t rely too much on retro-fitting.

Pipeline optimization

When is it good enough? When the ammount of effort it takes to make it perfect financially outshines the benefits. Until then, there is always room for improvements such as steering away from using platform hosted secrets or ensuring the pipeline code is easy to be reverse-engineered. A good pipeline makes room for failures, handles them, and does not rely on multiple runs to hopefully produce the desired outcomes as initially wished for. Automation pipelines for Mission Critical workloads must simulate the changes on the target environments, require human intervention whenever needed and shall never cross-contaminate other environments. What engineers want? Shortest time to failure observation and the possibility to resume fast on iterative changes. I can help your organization by analyzing your current workflows, design, plan, optimize, create proof-of-value, educate and coach the existing workforce to become more agile at what they do.

Shifting Security to the Left

Ever wondered what Shift-To-Left means? It has to do with introducing non-blocking security measures before your code touches even the Development environment, the outter most left abbreviation letter in DTAP. Developers of any nature are like water, they always find the path of least resistance, cutting most of the corners, especially the ones of Security. It has to do with both the technology and the mindset of securing developer-driven innovations. You need to stop secret leaks before your company name becomes the header of various newspapers for client data leak. As an example, a common mistake is to let a database server be accessible from the internet, unencrypted and with a connection string hardcoded somewhere in your public or private code base (or easy to deduct). You must have a unified visibility of your DevOps security posture, minimize blind spots within a single pane of glass, and get context-driven remediation guidance for code fixes. Integrating with Defender for Cloud helps your organization prioritize critical code fixes and keeps teams focused on emerging threats by reducing security issues before they reach production environments. I can help you implement suites of security scanning tools native to both GitHub and Azure DevOps that will perform automatic secrets and dependency scanning, and will prevent code vulnerabilities before your brand is worth nothing or it is too late for your business.

ISV-centric Build and Deploy (CI/CD)

Tagging for Innersourcing

Designing for Automatic testing

Should you be interested in working together, please contact me me directly.