CASE — 01
Enterprise Azure Landing Zone
Designed and rolled out a hub-and-spoke ALZ for an enterprise of 200+ workloads. Centralised firewall, DNS, identity, and policy with a paved-road model for product teams.
ALZ Networking Policy
● SYS_STATUS · OPERATIONAL · London / Remote
v.2025.12 — PORTFOLIO_BUILD
[ 00 ] INTRODUCTION
CLOUD
PLATFORM
ENGINEER.
I'm Karan Singh. I build scalable, secure, standardised platforms on Microsoft Azure — hub-and-spoke networks, landing zones, reusable pipelines, and the operational discipline that lets teams ship without chaos.
[ ROLE ]
Platform Engineering · SRE · DevSecOps
[ NOW ]
- ›Standardising Azure DevOps pipeline templates across teams.
- ›Migrating workloads to federated identity (no more secrets).
- ›Writing toward Microsoft MVP recognition.
[ AVAILABILITY ]
Open to consulting & MVP collaborations
10+
Years in Cloud / IT Ops
200+
Azure workloads governed
30+
Teams onboarded to paved roads
∞
Lab environments broken
[ SECTION_01 / ABOUT ]
Building systems
that refuse to be heroic.
I work across enterprise infrastructure, Azure operations, automation, identity, networking, security, and DevOps transformation. My day-to-day is designing cloud platforms, standardising pipelines, writing Terraform that survives, and helping teams move away from manual, inconsistent deployments.
I believe good engineering is not about clever one-off solutions. It's about repeatable, reliable systems that teams can actually operate at scale — without chaos, without heroics, and without the on-call pager becoming a personality trait.
Outside of work, I enjoy breaking things in lab environments so I understand how they actually work, and writing toward Microsoft MVP recognition.
01 PRINCIPLE
Repeatable over clever
Brilliant one-off scripts age into mysteries. Boring, repeatable systems compound.
02 PRINCIPLE
Paved roads, not walled gardens
Platforms succeed when teams want to use them — not when they're forced to.
03 PRINCIPLE
Policy as code, governance as product
Compliance should be a guardrail in the pipeline, not a PDF in SharePoint.
04 PRINCIPLE
Identity is the new perimeter
Federation, short-lived tokens, and least-privilege beat any network ACL spreadsheet.
[ SECTION_02 / FOCUS_AREAS ]
What I obsess over.
09 DOMAINS
/ 01
Platform Engineering
/ 02
Site Reliability Engineering
/ 03
DevSecOps
/ 04
Azure Architecture
/ 05
Infrastructure as Code
/ 06
CI/CD Standardisation
/ 07
Cloud Governance
/ 08
Kubernetes
/ 09
Observability
[ SECTION_03 / CASE_STUDIES ]
Selected
platform work.
A handful of programmes I've led or contributed to in enterprise Azure environments. Names redacted, lessons kept.
CASE — 02
Reusable Pipeline Template Library
Built a versioned library of Azure DevOps YAML templates covering build, scan, sign, and promote. Cut average time-to-production from days to hours across 30+ teams.
Azure DevOps CI/CD Security
CASE — 03
Terraform Module Registry
Stood up an internal Terraform module registry with semantic versioning, automated tests via Terratest, and policy-as-code enforcement via Azure Policy & OPA.
Terraform IaC OPA
CASE — 04
Workload Identity Federation Migration
Removed every long-lived service principal secret from enterprise pipelines. Federated identities scoped per repo and per environment, with audit trails to match.
Security OIDC Entra ID
[ SECTION_04 / WRITING ]