I design landing zones, governance frameworks and secure cloud foundations for enterprises — across AWS and European cloud platforms.
Concrete platform architecture work for enterprises that need structure, security and governance — AWS-led, with capability across European and sovereign cloud environments.
Design and implementation of secure AWS foundations for multi-account environments using Control Tower, AFT and Infrastructure as Code.
Governance frameworks and security models for regulated workloads — built around AWS-native controls and applicable across multi-cloud and sovereign cloud environments.
Enterprise cloud architecture for hybrid environments and sovereignty-driven requirements — across AWS, IONOS, OVHcloud, STACKIT and private infrastructure.
Delivered across AWS and European cloud platforms — landing zones, security programs, hybrid SAP integration, sovereign cloud architecture and container platforms for regulated production environments.
I design and deploy enterprise-grade AWS Landing Zones using Control Tower and AFT — delivering automated account vending, centralized logging, and governance guardrails from day one. Your cloud foundation, built right the first time.
Discuss your project →Security is not an afterthought. I implement SCPs, permission boundaries, and zero-trust architectures that enforce compliance automatically — aligned with BSI C5, ISO 27001 and NIS2.
Discuss your security needs →AWS-led expertise across the full platform stack — with hands-on experience across European CSPs where sovereign, regulatory or strategic requirements demand it.
Multi-account foundations built to scale from day one
Zero-trust guardrails enforced through policy-as-code
Infrastructure deployed reproducibly across every environment
Hybrid & cross-border connectivity for enterprise workloads
Regulatory frameworks embedded into the platform layer
Data residency and sovereignty requirements, by design
Selected engagements from recent years. Some details are anonymized under NDA.
Delivered an audit-ready AWS landing zone with automated account vending, centralized logging and BSI C5-aligned guardrails — reducing manual provisioning time by 80% and establishing a foundation that passed a regulatory audit on first review.
Enabled fully automated self-service account provisioning across 500+ AWS accounts with 100% IaC coverage and policy-as-code enforcement — eliminating manual governance overhead and making quarterly audits predictable and repeatable.
Migrated SAP workloads to AWS with zero downtime and maintained stable hybrid connectivity to SAP RISE — enabling the client to retire on-premises infrastructure on schedule and reduce hosting costs by 35%.
Achieved stable, low-latency global connectivity bridging AWS commercial and AWS China regions — enabling the client to operate a unified platform across regulatory boundaries that previously required separate manual operations.
Cut release cycles from several weeks to days and removed all manual deployment bottlenecks — giving engineering teams full deployment autonomy on a production-ready EKS platform with zero unplanned outages in the first six months.
Raised the Security Hub compliance score from below 50% to over 90% across production accounts within eight weeks — delivering an audit-ready evidence package that passed a subsequent external penetration test without critical findings.
Architecture work is built on delivery first. The certifications provide formal validation for regulated environments and procurement processes where it is required.
The most comprehensive AWS architecture certification — enterprise-grade design, resilience, security and cost optimization at scale.
Core AWS architecture certification covering design, resilience, security and networking.
AWS certification covering data pipeline design, analytics services and data governance at enterprise scale.
AWS cloud fundamentals: core services, security, pricing and architectural best practices.
Advanced CNCF certification focused on securing container-based applications and Kubernetes infrastructure in production.
Hands-on CNCF certification validating the ability to design, install, configure and manage production-grade Kubernetes clusters.
CNCF certification covering containerized application design, deployment and configuration for Kubernetes environments.
Professional cloud architecture certification for EU-sovereign infrastructure on the IONOS Cloud platform.
STACKIT cloud engineering certification covering the sovereign German cloud platform by Schwarz Group — infrastructure, services and compliance for regulated European environments.
Microsoft Azure core services, compliance, security, pricing and support fundamentals.
Share the challenge, the environment and the outcome you need. That is enough to start a useful conversation.
Project requests, architecture reviews, landing zones, governance — tell me what you need.
I don't just write reports and disappear. I design, build and implement — and stay until it works.
The initial consultation is free and without obligation — just a conversation about whether I can actually help.