Skip to content
View sergeksfumey's full-sized avatar

Block or report sergeksfumey

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
sergeksfumey/README.md

Serge K.S. Fumey

Senior IT Infrastructure Engineer → Infrastructure Architect

Designing resilient, secure, and compliant infrastructure for regulated environments across Azure hybrid cloud, identity, and OT/IT convergence.


About

I am a Senior IT Infrastructure Engineer with 8+ years of experience across banking and industrial environments in Europe, currently based in Luxembourg. My work sits at the intersection of Azure hybrid cloud architecture, high availability/disaster recovery, IAM, and regulatory compliance (PCI DSS · PSD2 · GDPR · CSSF).

I am transitioning into an Infrastructure Architect role — and this GitHub is the technical companion to that journey. Every repository here reflects a real architectural decision, constraint, or design problem I have worked through.

What I document here:

  • Infrastructure-as-Code (Terraform · Bicep · PowerShell DSC)
  • Architecture Decision Records (ADRs)
  • Runbooks and automation for regulated workloads
  • Design studies across hybrid cloud, Zero Trust, DR, and SecOps

All repositories are independent design studies. Production case studies from regulated environments are excluded for confidentiality reasons.


Key Differentiators

Area Evidence
Regulated banking CSSF-supervised environment (Eurobank Luxembourg)
Payment infrastructure 99.99% uptime on SEPA Instant Payment infrastructure
Identity at scale 10,000+ object AD consolidation with zero downtime
OT/IT convergence Production ICS/OT environment experience (Anthogyr)
Compliance PCI DSS · PSD2 · GDPR hands-on delivery

Design Studies

🏗️ Hybrid Infrastructure & Identity

Repository Description
azure-hybrid-identity Hybrid AD/Entra ID · SSPR · Conditional Access · PCI DSS · PSD2
mid-enterprise-hybrid-infrastructure Hyper-V + Azure integration · Arc governance · OpenVPN L2
hybrid-file-services-dfs DFS + Azure File Sync · cloud tiering · dual access model
azure-vpn-p2s-connectivity Azure VPN Gateway P2S · split tunnelling · MFA-secured remote access

🛡️ Zero Trust & Security Architecture

Repository Description
zero-trust-enterprise-network Zero Trust security control plane · PIM · Conditional Access · SIEM
zero-trust-hybrid-workload Zero Trust hybrid workload · private-only exposure · Azure Bastion
azure-confidential-computing Confidential computing for financial workloads · hardware-backed isolation
enterprise-pki-adcs Enterprise PKI · Microsoft ADCS · certificate lifecycle · TLS trust

🔁 DR, Resilience & Backup

Repository Description
cloud-native-bcdr-platform Cloud-native BCDR · Azure Site Recovery · multi-region · RTO/RPO governance
azure-bcdr-veeam Veeam for Azure · backup automation · FinOps storage governance
immutable-backup-ransomware-recovery Immutable backup · ransomware recovery · logical air-gap · CIS/NIST
hybrid-backup-compliance Compliance retention backup · GDPR · PCI DSS · ISO 27001

⚙️ SecOps, DevSecOps & Governance

Repository Description
azure-sentinel-soc Cloud-native SOC · Microsoft Sentinel · SOAR · MITRE ATT&CK · KQL
cloud-vulnerability-management Vulnerability management · Azure + Nessus · automated remediation · Sentinel
secure-file-transfer-gateway Secure file transfer · Linux hardening · DLP · integrity monitoring · SIEM
devsecops-azure-governance Security-as-Code · DevSecOps · ASGs · IaC security scanning · managed identity
policy-as-code-compliance Policy-as-Code · multi-subscription governance · Azure Resource Graph · Power BI

🚀 Cloud-Native & Platform Engineering

Repository Description
multi-tier-cloud-infrastructure Multi-tier Azure infrastructure · hub-spoke · HA/DR · modular Terraform
terraform-azure-devops IaC automation · Terraform + Azure DevOps · GitOps · secure pipeline
aks-microservices-platform AKS microservices · service mesh · observability · polyglot data architecture
aks-application-factory Cloud-native app factory · AKS + GitOps · CI/CD · namespace multi-tenancy
azure-virtual-desktop Azure Virtual Desktop · FSLogix · BYOD · secure hybrid workforce EUC

Tech Stack

Cloud & IaC Microsoft Azure · Terraform · Bicep · ARM Templates · PowerShell DSC

Identity & Security Active Directory · Microsoft Entra ID · PIM · Conditional Access · Defender for Cloud · Microsoft Sentinel

Networking Azure VPN Gateway · ExpressRoute · Hub-Spoke · Azure Firewall · Private Endpoints · Azure Bastion

Containers & DevOps AKS · Helm · GitOps · Azure DevOps · Terraform Cloud

Monitoring & Ops Azure Monitor · Log Analytics · Microsoft Sentinel · Azure Automation · KQL

Platforms VMware vSphere · Hyper-V · Windows Server · Linux · Veeam


Certifications

  • Microsoft Windows Server Hybrid Administrator Associate
  • AZ-305 — Designing Azure Infrastructure Solutions (in progress)
  • Duke University — Cloud Computing Specialization (Coursera, Feb 2025)
  • Johns Hopkins University — Cybersecurity Specialization (Coursera, Feb 2025)

Connect

Portfolio LinkedIn Email


Open to Infrastructure Architect opportunities in Luxembourg · Paris · Remote EU

Popular repositories Loading

  1. sergeksfumey sergeksfumey Public

    GitHub profile — Infrastructure Architect in progress

  2. azure-confidential-computing azure-confidential-computing Public

    Azure Confidential Computing for Financial Workloads · PCI DSS · GDPR · Hardware-backed isolation

    HCL

  3. immutable-backup-ransomware-recovery immutable-backup-ransomware-recovery Public

    Immutable Backup and Ransomware Recovery Framework · Zero Trust · CIS · NIST

    HCL

  4. secure-file-transfer-gateway secure-file-transfer-gateway Public

    Secure File Transfer Gateway · Audit · Integrity Monitoring · DLP Enforcement

    HCL

  5. cloud-vulnerability-management cloud-vulnerability-management Public

    Cloud-Native Vulnerability Management Platform · Azure + Nessus · Microsoft Sentinel

    PowerShell

  6. azure-sentinel-soc azure-sentinel-soc Public

    Cloud-Native SOC with Microsoft Sentinel · SIEM · SOAR · MITRE ATT&CK

    HCL