Defense in depth
I treat every layer like it's the only one — network, identity, data, app. Bonus points for least privilege actually being least.
$ whoami
A slightly nerdier intro.
The README behind the portfolio — what I care about, what makes me tick, and a few jokes you're contractually obliged to groan at.
hemza@hemzav.be: ~/portfolio
$whoami
hemza
$cat ~/about.txt
Cloud engineer in consultancy. Azure-first.
Currently leveling up: AWS · Oracle Cloud.
Security-curious. IaC enjoyer. Tea > coffee, most days.
$sudo make-it-secure --layer all --trust 0
✔ Identity hardened (MFA, Conditional Access, PIM)
✔ Network segmented (hub-spoke, NSGs, private endpoints)
✔ Secrets in Key Vault — never, ever in git
✔ Logging centralized (ship it before you need it)
$exit
$
# Quick facts
- Role
- Cloud Engineer @ Consultancy
- Primary cloud
- Microsoft Azure ☁️
- Currently studying
- AWS · Oracle Cloud
- Soft spot
- Security, IAM, Zero Trust
- Editor war stance
- Whatever ships — but vim keys in everything
- Coffee : code ratio
- ≈ 1 : 1 (some days 2 : 1)
- Favourite shell
- bash, with a sprinkle of PowerShell
- Uptime SLO
- 99.9% caffeinated
# Security mindset
Security isn't a tab in the project plan — it's a thread that runs through every decision. Here's how I think about it on Azure (and beyond).
Zero Trust by default
“Never trust, always verify.” Yes, even that internal VNet you swore was safe.
Identity is the new perimeter
Conditional Access, MFA, PIM, managed identities — the boring stuff that prevents the loud incidents.
Threat-informed
Reading post-mortems, MITRE ATT&CK, and the occasional CVE feed instead of doom-scrolling.
# man abbreviations(7)
A field guide to the acronyms I drop in code reviews, Slack threads, and client meetings — slightly more often than I should.
RTFM
Read The Fine Manual (yes, the polite version)
PEBKAC
Problem Exists Between Keyboard And Chair
ID-10-T
A user error, written like a bug ticket
YAGNI
You Aren't Gonna Need It
KISS
Keep It Simple, Stupid
DRY
Don't Repeat Yourself
WET
Write Everything Twice — the anti-pattern of DRY
WONTFIX
It's not a bug, it's a feature
LGTM
Looks Good To Me — pairs nicely with “SHIP IT”
TL;DR
Too Long; Didn't Read
IaC
Infrastructure as Code — and as documentation
MFA
Multi-Factor Authentication — please, just turn it on
BOFH
Bastard Operator From Hell — folklore, not a job title
404
Brain not found. Try caffeine.
418
I'm a teapot. ☕
# ./jokes.sh --groan-level high
- 01.There are 10 types of people: those who understand binary, and those who don't.
- 02.Why do programmers prefer dark mode? Because light attracts bugs. 🐛
- 03.I would tell you a UDP joke, but you might not get it.
- 04.A SQL query walks into a bar, sees two tables and asks: “May I JOIN you?”
- 05.There's no place like 127.0.0.1.
- 06.Why was the function sad? It didn't get called back.
- 07.I'd tell you a joke about HTTPS, but you wouldn't get it without the right certificate.
- 08.The cloud is just someone else's computer — make sure you patch it.
- 09.Real engineers count from 0. The rest of us learn the hard way.
- 10.DNS is always the problem. If it's not DNS, it's certificates. If it's not certs, it's still DNS.
- 11.“It works on my machine.” → ship the machine.
- 12.Why did the developer go broke? Because he used up all his cache.
$ echo "Thanks for scrolling. May your deploys be green and your alerts be quiet."