Projects

Production work, without the customer-sensitive bits.

Selected infrastructure and security work presented as outcomes, constraints and lessons—not a vendor-logo collection.

01

Production infrastructure

Three-node private-cloud platform

Engineering and operating a highly available virtualization platform backed by distributed NVMe storage and redundant 25 Gb networking.

3-node HCIDistributed NVMe storageHA workloads25 Gb fabric

Responsibilities span compute, storage, routing, tenant segmentation, backup architecture, maintenance planning and incident recovery. A major platform upgrade exposed post-reboot NIC naming changes that disrupted cluster communication; service was recovered, root cause isolated and the maintenance process rebuilt around deterministic interface validation and staged reboot checks.

02

Secure access

Legacy VPN to Zero Trust migration

Replacing broad network-level remote access with identity-aware, tenant-aligned connectivity.

105 users9 businessesUnder 10 daysNo material interruption

Designed and delivered a phased migration from legacy SSL VPN access to a Zero Trust model using isolated customer networks and controlled gateway placement. The rollout balanced user adoption, support load, fallback access and production continuity.

03

Lifecycle and compliance

Secure Boot certificate readiness

Preparing virtual Windows estates for the 2023 certificate transition across mixed firmware configurations.

Fleet assessmentEFI enrollmentPowerShell validationRollback-aware

Built an audit and remediation workflow to identify firmware mode, EFI configuration and certificate state, then validate enrollment inside both the hypervisor and guest operating system. The work separated OS certificate presence from the EFI state that actually governs boot trust.

04

Automation

Certificate lifecycle automation

Reducing manual certificate work across a large Windows server estate and dependent services.

~180 servers109 certificatesDNS automationService rebinding

Developed a repeatable certificate workflow using DNS validation, secure key handling and service-specific rebinding. The design accounts for renewal, deployment, verification and operational ownership rather than stopping at certificate issuance.