SECURE CLOUD.

STABLE OPERATIONS.

I am a senior cloud infrastructure, DevOps and security consultant based in Poland, with international delivery experience across Ukraine, the EU and North America. My background combines hands-on engineering in Azure, Kubernetes, Microsoft 365, identity, networking, virtualization and hosting with earlier CTO/CIO responsibility for large distributed IT organizations.

I work best where infrastructure is already business-critical: Azure and Microsoft 365 tenants, AKS and GitOps platforms, hybrid networks, web hosting environments, mail systems, backup and disaster recovery, Cloudflare, and security operations. I can join as a consultant for a focused project or as a senior hands-on specialist when a company needs execution, not just advice.

My style is practical: understand the business risk, design the architecture, implement it, document it, monitor it, and leave the team with a system they can operate.

Cloud and hybrid architecture. Azure infrastructure, Microsoft 365, Entra ID, networking, VPN, RBAC, Key Vault, tenant structure, governance and cost-aware design.

DevOps and platform engineering. AKS, Kubernetes, Helm, ArgoCD, Flux, GitHub Actions, Azure DevOps, Docker, self-hosted runners, Terraform, Ansible and repeatable delivery workflows.

Security and identity. PIM automation, Conditional Access, MFA, Defender, Purview sensitivity labels, Intune, audit methodology, security posture reviews and executive-ready reporting.

Web, DNS and mail infrastructure. Cloudflare, Nginx, Apache, WordPress, CloudPanel, SSL/TLS, SPF, DKIM, DMARC, Mailcow, hosting hardening, migrations, backups and performance.

Virtualization, backup and recovery. VMware, Proxmox, Hyper-V, SAN/NAS, Veeam, storage design, HA patterns, monitoring and disaster recovery validation.

CIELLOS Inc. – Senior DevOps / Azure System & Security Engineer, 2021-present.
Azure, Microsoft 365, Entra ID, PIM, Conditional Access, Purview, Teams Phone, Dynamics 365 infrastructure, Kubernetes, monitoring and automation for enterprise software environments.

ETI Software Solutions and telecom customer environments.
Azure AKS and managed services networks, GitOps patterns, S2S VPN/IPsec designs, WSO2/Keycloak identity integrations, customer portals, SFTP infrastructure, deployment troubleshooting and documentation across APB, Avista, Chelan, Eeyou, Vero, Loop, WeCom, Novus, Voyager, Broadband, CFOC and Maxicom contexts.

Ukrainian Pharmacy Holding – CIO, 2020-2021.
Infrastructure modernization for a national multi-brand retail network: VMware/Azure migration, secure channels, service desk, telephony, network/security improvements and business system integrations.

BOSS Gaming Studio / COSMOLOT – CIO, 2018-2020.
Led a 60+ person IT organization supporting online gaming, media, financial workflows, secure communication, storage, monitoring and high-load operations.

SMARTLINEZ – CIO / IT Project Manager, 2015-2018.
Managed international IT delivery across Ukraine and the UK: e-commerce, portals, integrations, infrastructure projects, web systems and production support.

Murakami – IT Department Director, 2015.
Supported IT operations for 58 restaurants across multiple countries, including telephony, server infrastructure, remote access, security and e-commerce initiatives.

NOVUS – Head of IT / CTO, 2008-2015.
Promoted from System Administrator to CTO; built infrastructure for headquarters, regional offices and 35+ retail locations, including AD, Exchange, Cisco networking, virtualization, security policy and business automation.

SAVANA – System Administrator, 2006-2008.
Early foundation in networks, branch connectivity, web projects and production IT operations.

Azure PIM and Teams approval automation.
Built a production privileged access workflow using PowerShell, Microsoft Graph API, Azure Functions, Managed Identity, Power Automate and Teams approval cards to reduce manual Azure Portal work and improve access governance.

Entra ID security monitoring.
Designed Azure Monitor and Log Analytics collection with Grafana dashboards for authentication analytics, MFA visibility, Conditional Access blocks, brute-force detection and operational alerting.

Security policy and compliance framework.
Documented Conditional Access, identity and governance requirements with HLR/DLR structure, traceability, policy inventory and audit-ready security documentation.

AKS, GitOps and telecom managed services.
Worked with Azure AKS networks, Kubernetes platform components, GitOps onboarding patterns, Azure DevOps/GitHub pipelines, customer VPNs, identity services and operational documentation for telecom and utility customer environments.

Web hosting and security operations.
Operate production WordPress and Linux hosting stacks with Cloudflare, Nginx, CloudPanel, SSL/TLS, DNS, mail routing, anti-spam controls, backup routines and performance/security hardening.

Core: Azure, AKS, Entra ID, Microsoft 365, PIM, Conditional Access, Key Vault, Azure Monitor, Log Analytics, Terraform, Ansible, PowerShell, Bash, Microsoft Graph API, Node.js Azure Functions.

Platform: Kubernetes, Helm, ArgoCD, Flux, Docker, GitHub Actions, Azure DevOps, Prometheus, Grafana, Loki, Alertmanager, Longhorn, MetalLB, cert-manager, SOPS, Sealed Secrets.

Infrastructure: VMware vSphere, Proxmox VE, Hyper-V, Windows Server, Active Directory, Linux, Nginx, Apache, Cloudflare, Veeam, Sophos, Cisco, OPNsense, MikroTik, WireGuard, Mailcow.

Email: dimitriy.shevchenko@gmail.com
LinkedIn: linkedin.com/in/dimitriy-shevchenko
GitHub: github.com/shevchenkod
Company profile: Bryteq infrastructure services