Chika Jideofor Agatha | Cloud Security & DevOps Engineer

About

I'm a Cloud Security and DevOps Engineer focused on building secure, scalable infrastructure across Microsoft Azure and AWS. My work spans identity and access management, virtual network architecture, and cloud security hardening.

I take a hands-on approach — every project documented here was designed, deployed, and verified by me, following real-world best practices including Zero Trust principles, least privilege access, and layered network security.

I'm passionate about making cloud infrastructure both powerful and provably secure.

Cloud platforms (Azure & AWS)

Documented projects

MFA

Zero Trust security enforced

IAM

Identity & access management

Skills

Technical expertise

☁️

Cloud Platforms

Azure and AWS infrastructure design and deployment

Azure AWS Azure Portal AWS Console

🔐

Identity & Access Management

User lifecycle, roles, PIM, and MFA enforcement

Azure Entra ID RBAC PIM MFA Conditional Access

🌐

Cloud Networking

VNet/VPC design with subnets, routing, and security groups

VNet VPC NSG NACL IGW Subnets

🛡️

Cloud Security

Zero Trust, layered security, monitoring & logging

Zero Trust VPC Flow Logs Password Policy Security Groups

💻

Virtual Machines

VM deployment, sizing, RDP/SSH access & networking

Azure VM EC2 RDP AMI t3.micro

🌍

DNS & Domains

Domain registration, DNS integration with cloud identity

Namecheap Custom Domains Azure Entra DNS Records

Projects

What I've built

01 Microsoft Azure

Azure Identity & Access Management — Full Setup

End-to-end setup of an Azure cloud environment for a company (BlxckOne Group), covering domain registration, Azure Entra ID configuration, identity management, and security hardening.

Purchased a custom domain via Namecheap and integrated it with Azure Entra Admin Center
Configured company branding (logo, colors, sign-in page) in Azure Entra ID
Created single users, invited external guest users, and bulk-provisioned users via CSV upload
Built Azure security groups and assigned custom RBAC roles
Configured Privileged Identity Management (PIM) with Active and Eligible role assignments
Enforced MFA via Conditional Access policies; documented Zero Trust password security
Set up the full Azure Organization Hierarchy: Tenant → Management Groups → Subscriptions → Resource Groups → Resources

Azure Entra ID PIM RBAC MFA Conditional Access Namecheap Company Branding

02 Microsoft Azure

Secure Azure VNet Architecture & VM Deployment

Designed and deployed a secure Virtual Network (VNet) architecture in Azure with multi-subnet segmentation and Network Security Groups, then hosted a web application on a deployed virtual machine.

Designed a 3-subnet VNet: FrontendSubnet, BackendSubnet, DatabaseSubnet (CIDR: 192.168.0.0/16)
Associated individual NSGs per subnet for fine-grained traffic control
Deployed a Windows VM (EC2-equivalent) in the frontend subnet with public IP and RDP access
Verified network architecture via Azure portal — address spaces, subnets, and NSG associations

Azure VNet NSG Subnets Azure VM RDP CIDR

03 Amazon AWS

AWS VPC Architecture with EC2 & Security Hardening

Designed and deployed a production-grade AWS VPC architecture for a simulated "Paypal-VPC" environment with full subnet segmentation, security controls, logging, and a live EC2 Windows instance.

Created a VPC (192.168.0.0/16) with 3 subnets: FrontEndSubnet, BackEndSubnet, DatabaseSubnet
Configured Internet Gateway, Route Tables, and DNS hostnames for public-facing frontend access
Enabled VPC Flow Logs to CloudWatch/S3 for full traffic auditing (Accepted, Rejected, All)
Configured Network ACLs per subnet — frontend allows HTTP/HTTPS, backend and DB subnets restricted to internal traffic only
Launched a Windows EC2 instance (t3.micro, Windows AMI) with SSH key pair; connected via RDP using public IP

AWS VPC EC2 NACL Security Groups VPC Flow Logs IGW Route Tables CloudWatch

04 AWS · Kubernetes · Team Project

Capstone: Three-Tier Bank App Deployment on AWS EKS

Collaborated as part of a 6-team cohort (POD12 – Cohort 5 "Digital Witch") to deploy a fully containerised three-tier banking application on AWS. The live app ran at bank.cohort5pod12.site.

Architecture spans a frontend, backend, and database tier — all running on a Kubernetes cluster deployed via AWS EKS
Contributed as Documentation Team Member — responsible for capturing and structuring the full deployment process across all six sub-teams
Infrastructure provisioned with Terraform; CI/CD pipelines built with GitHub Actions and ArgoCD for GitOps-driven deployments
Monitoring and observability integrated via Datadog on Kubernetes, with dashboards for cluster and application health
Documented secrets management best practices: AWS Secrets Manager, Kubernetes External Secrets, HashiCorp Vault, and IRSA
Collaborated across Admin, Architecture, Infrastructure, Frontend, Backend, and Monitoring sub-teams

AWS EKS Kubernetes Terraform GitHub Actions ArgoCD Datadog 3-Tier Architecture Technical Documentation

Contact

Let's work together

Open to cloud security roles, DevOps opportunities, and freelance infrastructure projects.

✉ Jideoforchika7@gmail.com 📞 +234 904 232 0096

Send an Email GitHub LinkedIn

// SETUP GUIDE — GitHub Pages + Namecheap Custom Domain

After uploading this file as your GitHub Pages site, follow these steps to connect your Namecheap domain:

In your GitHub repo → Settings → Pages, set source branch to main and enter your custom domain (e.g. yourname.online)
In Namecheap → Domain List → Manage → Advanced DNS, add these records:

Type	Host	Value
A	@	185.199.108.153
A	@	185.199.109.153
A	@	185.199.110.153
A	@	185.199.111.153
CNAME	www	YOUR_GITHUB_USERNAME.github.io

3. Back in GitHub Pages, click Enforce HTTPS once DNS propagates (up to 24–48 hrs). Then create a file called CNAME in your repo root containing just your domain name.

Chika JideoforAgatha