Work

What I Work On

Platform-engineering work that came out of real customer engagements. Every claim links to a repo, blog post, or talk.

Azure Landing Zones at Scale

End-to-end ALZ Corp deployments with automated compliance validation and 135+ checklist queries.

• azure-analyzer: bundled assessment runner that unifies azqr, PSRule, AzGovViz, and 135 ALZ graph queries into one portable JSON + HTML report
• alz-graph-queries: automated ALZ checklist validation via Azure Resource Graph queries that take coverage from 49 to 135 items
• Azure Landing Zones 2025: blog post on ALZ governance patterns, network topology, and compliance automation

GitHub Runners on Azure (Private Networking)

GitHub-hosted and self-hosted runners with Azure VNet integration, Container Apps, and ALZ Corp firewall egress.

• terraform-azurerm-avm-ptn-cicd-agents-and-runners: official AVM pattern module for self-hosted ADO agents and GitHub runners with PAT and UAMI auth, no public IP egress
• ghec-vnet-runners-azure: GitHub-hosted runners with Azure VNet integration for GHE.com, EU data residency and private endpoint connectivity
• terraform-azurerm-github-runners-alz-corp: self-hosted GitHub Actions runners inside ALZ Corp landing zones with central firewall egress

AKS Automatic with azapi

AKS Automatic clusters with ALZ Corp networking, BYO VNet, and multiple ingress patterns documented with full Terraform parity.

• terraform-azapi-aks-automatic: AKS Automatic with BYO VNet, Application Gateway for Containers, NGINX, Istio ingress options, managed identity everywhere
• aks-automatic-ingress-migration: automated migration from NGINX Ingress to Application Gateway for Containers on AKS Automatic clusters

Terraform AVM Patterns

Official Azure Verified Modules (AVM) pattern modules built to run inside ALZ Corp landing zones with network isolation.

• terraform-azurerm-avm-ptn-aiml-ai-foundry: official AVM pattern module for Azure AI Foundry (formerly AI Studio) with network isolation and private endpoints
• terraform-azurerm-avm-ptn-cicd-agents-and-runners: official AVM pattern module for CI/CD runners with network isolation and private egress

AI Platforms in Regulated Industries

Azure AI Foundry and Azure OpenAI deployments for Tier-1 Nordic banks, defense contractors, and government bodies with sovereign cloud requirements.

• Tier-1 Nordic bank: Azure OpenAI with private endpoints, customer-managed keys, and Azure AI Content Safety integration. 48M+ NOK consultant portfolio delivered.
• Defense contractor: Azure AI Foundry proof-of-concept with Azure Machine Learning private link, VNet-isolated compute, and data exfiltration prevention.
• Government bodies: Azure OpenAI reference architecture with Azure Front Door, Azure Firewall, and Azure Policy guardrails for data residency.

GitHub Copilot Adoption

GitHub Copilot enablement for enterprise customers, from technical onboarding to usage analytics and productivity measurement.

• Building with GitHub Copilot: blog post on Copilot adoption patterns, prompt engineering, and productivity gains
• Tier-1 Nordic bank: GitHub Copilot Enterprise rollout with Copilot Knowledge indexing over internal documentation, custom instructions, and usage tracking via Azure Log Analytics.
• Defense contractor: GitHub Copilot Business proof-of-concept with GitHub Enterprise Managed Users, audit log streaming to Azure Monitor, and network egress control via Azure Firewall.

Speaking & Evangelism

Technical evangelism at Microsoft events and internal knowledge-sharing sessions, covering Azure Landing Zones, AKS, and GitHub Copilot.

• NIC (Norwegian Infrastructure Conference) speaker: 94% approval rating, Level 300 technical content, live-streamed to 200+ attendees.
• Microsoft internal events: 50–100 in-person sessions, 200+ virtual sessions on Azure Landing Zones, AKS Automatic, and GitHub Copilot.
• Customer workshops: Azure OpenAI workshops for regulated industries, GitHub Advanced Security workshops for enterprise customers.