My Journey Building an EKS Cluster: The Struggles, Breakthroughs, and Lessons Learned
My Journey Building an EKS Cluster: The Struggles and Breakthroughs
Custom-home
Shaz's DevOps & Security Journey
DevOps Engineer | Cybersecurity Enthusiast | Cloud Architect
Building secure infrastructure through continuous learning and sharing knowledge
Tech Stack & Expertise
Cloud & Infrastructure
- AWS
- Azure
- Google Cloud
- Kubernetes
- Docker
Security & DevOps
- Vulnerability Scanning
- Secrets Management
- CI/CD Pipelines
- Infrastructure as Code
- Threat Detection
Tools & Technologies
- Terraform
- Python
- Bash
- Monitoring
- Automation
Current Focus
Professional
- DevOps Engineer at Seqera Labs
- Building secure CI/CD pipelines with Trivy integration
- Automating secrets management with ESO
- Multi-cloud infrastructure automation
Learning & Growth
- MSc Cybersecurity at University of York
- Advanced HackTheBox challenges
- Cloud security architecture patterns
- Expanding penetration testing skills
My DevOps Journey
May 2025 - Present
DevOps Engineer
Seqera Labs
Building secure CI/CD pipelines with integrated security scanning, automating secrets management with ESO, and implementing infrastructure as code with embedded security baselines.
Kubernetes Terraform CI/CD Security
2024 - 2025
Cloud Support Engineer
Seqera Labs
Provided technical support for cloud infrastructure, troubleshooting complex deployment issues, and optimizing system performance across multi-cloud environments.
AWS Azure GCP Troubleshooting
2023 - 2024
IT Administrator
Cloudbeds
Managed enterprise IT infrastructure, implemented automation solutions, and maintained 99.9% system uptime while reducing support ticket volumes by 40%.
System Administration Automation Infrastructure
2022 - 2023
Infrastructure Technology Helpdesk Administrator
TractionOnDemand
Specialized in infrastructure support, network troubleshooting, and user technical assistance while building foundational DevOps skills.
Infrastructure Networking Technical Support
2021 - 2022
Application Support Analyst & Service Desk Analyst
Impellam Group
Started my tech journey in application support and service desk roles, developing problem-solving skills and technical foundation.
Application Support Service Desk Problem Solving
Expected August 2026
MSc Computer Science with Cybersecurity
University of York
Advanced studies in cybersecurity, focusing on threat detection, security architecture, and defensive strategies.
Cybersecurity Threat Analysis Security Architecture
Latest Insights
AppArmor for Container Runtimes on Ubuntu 24.04: Solving the Batch Start Task Crash
Ubuntu 24.04 (Noble Numbat) introduced significant security hardening, including a stricter default AppArmor profile for...
Jun 04, 2026
NLB Idle Timeouts and Container Image Builds: Why Large Pulls Die at 350s
During a recent infrastructure audit, a bizarre CI failure was identified: container image pulls for...
Jun 03, 2026
On-Prem Grafana to GitOps: Migrating Dashboards as Code
Manual dashboard management in Grafana often leads to configuration drift. In a recent initiative, I...
Jun 01, 2026
AppArmor for Container Runtimes on Ubuntu 24.04: Solving the Batch Start Task Crash
Ubuntu 24.04 (Noble Numbat) introduced significant security hardening, including a stricter default AppArmor profile for unprivileged user namespaces. While beneficial for security, this change can disrupt container runtimes and specialized...
NLB Idle Timeouts and Container Image Builds: Why Large Pulls Die at 350s
During a recent infrastructure audit, a bizarre CI failure was identified: container image pulls for large automated builds were terminating at exactly the 350-second mark. There was no error from...
On-Prem Grafana to GitOps: Migrating Dashboards as Code
Manual dashboard management in Grafana often leads to configuration drift. In a recent initiative, I tackled the migration of over 50 legacy dashboards from an on-prem instance to a modern,...
Replacing Static AWS Keys with OIDC: A CI/CD Publisher Walkthrough
Static AWS credentials stored in GitHub Secrets represent a significant security liability. If compromised, they provide persistent access until manually revoked. A more secure approach is to migrate to OIDC...
Cross-Account S3 Access: Bucket Policies vs. Role Chaining
In complex enterprise AWS setups, data storage (S3) and compute resources often reside in different accounts. Configuring this cross-account access securely is a fundamental IAM challenge.
Debugging Azure Batch: Resolving Silent Failures with Healthy Service Principals
A common and frustrating scenario in Azure Batch occurs when the service principal is healthy and sign-in logs show 100% success, yet the management plane remains inactive. Jobs may be...
IRSA to EKS Pod Identity: Migrating a Multi-Controller Stack
As EKS Pod Identity gains traction, many are weighing the trade-offs against the established IAM Roles for Service Accounts (IRSA) pattern. In a recent modernization of a production Kubernetes environment,...
My Approach to Securing CI/CD Pipelines (And Why I Stopped Focusing Just on Speed)
For a long time, my main focus with CI/CD was speed. How fast can I get code from a commit to production? It was all about automation and efficiency. Security...
Security Checklist for Service Account Tokens and PATs
Most token incidents I have dealt with were not sophisticated attacks. They came from basic things like old PATs nobody owned, overly broad scopes, and credentials sitting in too many...