Skip to main content
mfen.de
Platform Engineering

Work

Anonymised patterns from platform, cloud, and identity work.

I focus on practical implementation: building foundations, improving delivery, and leaving teams with docs and guardrails they can run without me.

Platforms

  • AWS
  • GCP
  • Azure
  • Kubernetes

Delivery

  • Terraform
  • CI/CD
  • GitOps
  • Platform APIs

Identity & security

  • OIDC
  • SAML
  • SSO
  • Zero Trust

What I typically deliver

  • Platform foundations and paved paths (cloud + Kubernetes)
  • CI/CD pipelines that are safe, fast, and developer-friendly
  • Identity integration (SAML/OIDC), permissions, and least-privilege defaults
  • Operational readiness: observability baselines, runbooks, rollout safety
  • Security posture improvements, including supply-chain controls where they reduce risk
  • Automation: IaC, repeatable environments, drift and change discipline

Platforms I work across

  • GCP (home turf)
  • AWS (deep production experience)
  • Azure (project-driven delivery, especially Kubernetes and identity)
  • On-prem / hybrid when needed (Linux-heavy ops and virtualization background)
  • IBM Cloud (limited exposure)

Engagement patterns

1) MVP foundations with real delivery workflows

Build initial cloud foundations and a delivery setup that supports fast iteration without chaos:

  • repeatable environments (including ephemeral / PR environments where useful)
  • baseline observability and rollout safety
  • “small golden path” docs teams actually follow

2) Migration / assessment work that turns into an executable plan

Hands-on assessment of existing estates to surface waste and risk, then translate it into:

  • right-sizing and cleanup recommendations
  • target architecture options
  • a phased migration / modernization roadmap

3) Supporting non-cloud-native workloads in the cloud

When the workload dictates the architecture (VDI/workstations, Windows-heavy stacks, vendor constraints):

  • networking and access patterns that work with enterprise systems
  • identity federation for the people who need access
  • operational controls that reduce support load

4) Identity integration and access hardening

Project-level identity work that makes access predictable and auditable:

  • SAML/OIDC integrations
  • least-privilege IAM and policy guardrails
  • certificate / DNS / credential hygiene and “don’t break prod” changes

5) Kubernetes delivery with security posture improvements

Pragmatic Kubernetes enablement:

  • cluster/workload baselines
  • ingress / Gateway API patterns depending on the environment
  • supply-chain controls (signing/verification) where it improves safety without killing velocity