What I Work On
Platform-engineering work that came out of real customer engagements. Every claim links to a repo, blog post, or talk.
Azure Landing Zones at Scale
End-to-end ALZ Corp deployments with automated compliance validation and 135+ checklist queries.
- azure-analyzer: bundled assessment runner that unifies azqr, PSRule, AzGovViz, and 135 ALZ graph queries into one portable JSON + HTML report
- alz-graph-queries: automated ALZ checklist validation via Azure Resource Graph queries that take coverage from 49 to 135 items
- Azure Landing Zones 2025: blog post on ALZ governance patterns, network topology, and compliance automation
GitHub Runners on Azure (Private Networking)
GitHub-hosted and self-hosted runners with Azure VNet integration, Container Apps, and ALZ Corp firewall egress.
- terraform-azurerm-avm-ptn-cicd-agents-and-runners: official AVM pattern module for self-hosted ADO agents and GitHub runners with PAT and UAMI auth, no public IP egress
- ghec-vnet-runners-azure: GitHub-hosted runners with Azure VNet integration for GHE.com, EU data residency and private endpoint connectivity
- terraform-azurerm-github-runners-alz-corp: self-hosted GitHub Actions runners inside ALZ Corp landing zones with central firewall egress
AKS Automatic with azapi
AKS Automatic clusters with ALZ Corp networking, BYO VNet, and multiple ingress patterns documented with full Terraform parity.
- terraform-azapi-aks-automatic: AKS Automatic with BYO VNet, Application Gateway for Containers, NGINX, Istio ingress options, managed identity everywhere
- aks-automatic-ingress-migration: automated migration from NGINX Ingress to Application Gateway for Containers on AKS Automatic clusters
Terraform AVM Patterns
Official Azure Verified Modules (AVM) pattern modules built to run inside ALZ Corp landing zones with network isolation.
- terraform-azurerm-avm-ptn-aiml-ai-foundry: official AVM pattern module for Azure AI Foundry (formerly AI Studio) with network isolation and private endpoints
- terraform-azurerm-avm-ptn-cicd-agents-and-runners: official AVM pattern module for CI/CD runners with network isolation and private egress
AI Platforms in Regulated Industries
Azure AI Foundry and Azure OpenAI deployments for defense contractors and government bodies with sovereign cloud requirements.
- Defense contractor: Azure AI Foundry proof-of-concept with Azure Machine Learning private link, VNet-isolated compute, and data exfiltration prevention.
- Government bodies: Azure OpenAI reference architecture with Azure Front Door, Azure Firewall, and Azure Policy guardrails for data residency.
GitHub Copilot Adoption
GitHub Copilot enablement for enterprise customers, from technical onboarding to usage analytics and productivity measurement.
- Building with GitHub Copilot: blog post on Copilot adoption patterns, prompt engineering, and productivity gains
- Tier-1 Nordic bank: GitHub Copilot Enterprise rollout with Copilot Knowledge indexing over internal documentation, custom instructions, and usage tracking via Azure Log Analytics.
- Defense contractor: GitHub Copilot Business proof-of-concept with GitHub Enterprise Managed Users, audit log streaming to Azure Monitor, and network egress control via Azure Firewall.
Speaking & Evangelism
Technical evangelism at Microsoft events and internal knowledge-sharing sessions, covering Azure Landing Zones, AKS, and GitHub Copilot.
- Upcoming: "Where does code generation stop and InfraOps start?" at Agentic AI & DevOps Days, Oslo, June 16, 2026.
- Nordic Infrastructure Conference (NIC): a Level 300, live-streamed session on Terraform, GitHub Copilot, and infrastructure-as-code security (94% approval, 200+ attendees).
- Microsoft customer sessions and workshops on GHAS, GitHub and Azure DevOps, Azure Arc and Azure Local, and Azure OpenAI for enterprise and regulated-industry customers.
- Microsoft internal events: 50 to 100 in-person sessions, 200+ virtual sessions on Azure Landing Zones, AKS Automatic, and GitHub Copilot.
Session catalog
Talks I am currently pitching. Full abstracts on Sessionize.
The Skill Library and the Memory Vault: An Architect's Agentic Workflow That Actually Ships Work
A customer asked for an ALZ design walkthrough on a Monday afternoon. The deck was in their inbox before close of business the same day. Forty-two slides, Fluent design tokens, pre-rendered Mermaid diagrams, accessible...
The Azure Architecture Agent That Is Not Allowed To Apply
The first time I let an agent run terraform apply against a customer subscription, I learned something useful. It should never be allowed to do that. An agent that can apply Terraform is a liability. An agent that can...
Terraform your way to Azure Landing Zone Success!
Hands on session with field notes on real life use-cases with the Azure Landing Zones Terraform Accelerator
No More Spec-ulation: AI Agent Teams Building Production-Grade IaC
"Just describe your infrastructure and the AI writes it." We have all heard the pitch. The reality is hallucinated resource properties, forgotten dependencies, drifted state, and Terraform plans you are afraid to apply....
Hand Me a Subscription ID: Sixty Minutes of Live Azure Forensics with azure-analyzer
Hand me a subscription ID. I will tell you in ten minutes what is wrong with your landing zone. Hand me an hour and I will hand you back a Schema 2.2 findings report with MITRE mapping, severity, effort, and remediation...
Azure You Can: Simplify Terraform with GitHub Copilot!
Join me for a fun and informative session where we'll explore how GitHub Copilot can streamline your Terraform workflows on Azure. In "Azure You Can: Simplify Terraform with GitHub Copilot!", we'll dive into the...