Available · Q2 / Q3 2026
I architect, secure, and operate cloud infrastructure that doesn't break in production.
AWS Certified Solutions Architect and Certified Ethical Hacker with 12+ years building, securing, and operating cloud infrastructure for production workloads.
- Years in production
- 12+
- Certifications
- AWS · CEH
- Cloud
- Multi-AZ
- On-call
- 24×7
ssh prod-bastion
➜ usman@prod aws sts get-caller-identity --query Account 303268631774 ➜ usman@prod kubectl -n prod get pods -l app=api | grep -v Running (no output, all healthy) ➜ usman@prod curl -sI https://api.example.com | head -1 HTTP/2 200 ➜ usman@prod cf-cli waf rules deploy --zone iamuk.in ✓ 14 rules synced · 0 errors ➜ usman@prod uptime load average: 0.21, 0.18, 0.16 ➜ usman@prod
a typical morning
·AWS·Azure·Google Cloud·DigitalOcean·Cloudflare·Kubernetes·EKS·GKE·Docker·Helm·Terraform·Ansible·GitHub Actions·GitLab CI·Lambda·RDS·S3·Route 53·IAM·Linux·Nginx·Datadog·New Relic·Grafana·Prometheus·Sentry·cPanel·WHMCS·AWS·Azure·Google Cloud·DigitalOcean·Cloudflare·Kubernetes·EKS·GKE·Docker·Helm·Terraform·Ansible·GitHub Actions·GitLab CI·Lambda·RDS·S3·Route 53·IAM·Linux·Nginx·Datadog·New Relic·Grafana·Prometheus·Sentry·cPanel·WHMCS
Proof
Verified work history.
Public, third-party verified track record on Upwork. Every number you would ask about a senior engineer, on the record.
- Earnings
- $200K+
- Projects
- 104
- Hours billed
- 11,644
- Rating
- Top Rated Plustop 3% on Upwork
Available nowReferences on request
01 · What I do
Cloud, security, and the ops layer underneath.
From greenfield AWS design to keeping a cPanel fleet patched at 2 a.m. I cover the full stack of infrastructure that production businesses actually run on.
Cloud Architecture
AWS multi-account, EKS/ECS, RDS, networking, IAM. Greenfield design or cleanup of accounts that got away.
Security & Edge
Cloudflare WAF, DDoS, bot management. CEH-aligned vulnerability assessments and hardening.
DevOps & SRE
Autoscaling, CI/CD, IaC, observability, on-call setup, FinOps audits.
Hosting Ops
cPanel/WHM fleet, WHMCS automation, nginx, Linux server admin, DNS migrations, DR.
02 · Stack
What I actually run.
A working list of platforms, services, and tools I've shipped to production. Not a buzzword bingo card.
Cloud (AWS)
- Multi-account architecture
- EKS / ECS / EC2
- RDS / Aurora
- Lambda · API Gateway
- S3 · CloudFront
- Route 53
- IAM least-privilege
- VPC · Transit Gateway
Edge & Security
- Cloudflare WAF
- DDoS mitigation
- Bot management
- Rate limiting
- TLS / certificate ops
- Vulnerability assessments
- CEH-aligned hardening
- Secrets management
Scale & Reliability
- Autoscaling (ASG / HPA)
- Load balancing (ALB / NLB)
- Server monitoring
- Datadog · Grafana
- Log pipelines
- Incident response
- Runbooks · RCAs
- FinOps audits
Hosting & Ops
- cPanel / WHM
- WHMCS automation
- nginx · Apache
- Linux server admin
- Backup & DR strategy
- Email deliverability
- DNS migrations
- On-call ops
03 · Security in motion
Defense, not theater.
CEH-aligned, attacker's-eye-view security work, from WAF rule tuning to incident response. Below: a sample of what a hardened edge actually looks like in production.
● WAF · DDoS · BOTtls 1.3 · ocsp stapled
WAF
ON
DDoS
MITIGATED
TLS
1.3
edge.waf · live feed
last 60s07:09:24BLOCKED192.0.2.45·SQLi attempt·/admin/login
07:09:24BLOCKED198.51.100.12·Bot · 432 rpm·/api/search
07:09:24RATE-LIMIT203.0.113.7·1,023 req / 60s·/login
07:09:24BLOCKED192.0.2.99·XSS payload·/search?q=
07:09:24CHALLENGED198.51.100.34·Suspicious UA·/checkout
07:09:24BLOCKED203.0.113.55·OWASP 942-100·/wp-login.php
07:09:24ALLOWED203.0.113.91·Verified bot · Googlebot·/
07:09:24BLOCKED198.51.100.77·Credential stuffing·/auth
07:09:24RATE-LIMIT192.0.2.18·Burst 4× threshold·/api/v2
07:09:24BLOCKED203.0.113.4·Path traversal·/../../etc
07:09:24CHALLENGED198.51.100.66·Tor exit node·/admin
07:09:24BLOCKED192.0.2.220·RCE attempt·/cgi-bin
07:09:24BLOCKED192.0.2.45·SQLi attempt·/admin/login
07:09:24BLOCKED198.51.100.12·Bot · 432 rpm·/api/search
07:09:24RATE-LIMIT203.0.113.7·1,023 req / 60s·/login
07:09:24BLOCKED192.0.2.99·XSS payload·/search?q=
07:09:24CHALLENGED198.51.100.34·Suspicious UA·/checkout
07:09:24BLOCKED203.0.113.55·OWASP 942-100·/wp-login.php
07:09:24ALLOWED203.0.113.91·Verified bot · Googlebot·/
07:09:24BLOCKED198.51.100.77·Credential stuffing·/auth
07:09:24RATE-LIMIT192.0.2.18·Burst 4× threshold·/api/v2
07:09:24BLOCKED203.0.113.4·Path traversal·/../../etc
07:09:24CHALLENGED198.51.100.66·Tor exit node·/admin
07:09:24BLOCKED192.0.2.220·RCE attempt·/cgi-bin
illustrative · sample WAF events
ssh sec-bastion · audit
read-only➜ usman@sec nmap -sV -Pn target.example.com 443/tcp open https nginx 1.27 22/tcp open ssh OpenSSH 9.6 (key-only) ➜ usman@sec nuclei -t cves/ -u https://target.example.com [INFO] templates: 9842 · severity: critical,high,medium ✓ no critical CVEs detected ➜ usman@sec fail2ban-client status sshd Currently banned: 47 · Total banned: 12,809 ➜ usman@sec aws iam get-account-summary | jq .RootAccountMFAEnabled 1 ➜ usman@sec cf-cli waf attack-score --zone iamuk.in --last 1h blocked: 1,284 · challenged: 312 · passed: 18,973 ➜ usman@sec
What I look for
- Public S3 buckets, exposed snapshots, leaky CORS
- Over-privileged IAM, root account misuse, missing MFA
- Unpatched dependencies and active CVEs
- Auth weaknesses · credential stuffing · token leaks
- Edge mis-config: open ports, weak TLS, no WAF
- Logging gaps that hide an incident in progress
04 · Credentials
Certifications that actually back the work.
AWS Certified Solutions Architect
Amazon Web Services
Certified Ethical Hacker
EC-Council
DevOps Engineer
12+ years in production
05 · Recent work
What I've shipped lately.
Anonymized for NDA reasons. Names and full case studies on request.
AWS Migration
70%
monthly cloud bill cut
Account-to-account migration of a SaaS suite into a consolidated AWS account. Decommissioned legacy infra cleanly.
EKS Incident
0
data-loss incidents since
Recovered a self-hosted search cluster from a data-loss event, then designed a rolling-update playbook to prevent reoccurrence.
Edge / WAF
14
WAF rules deployed
Hardened a content platform behind Cloudflare WAF with bot-management and rate-limit rules. Stopped an active credential-stuffing wave.
06 · Process
How an engagement works.
01
Intro call
30 minutes. We figure out whether your problem matches what I ship. If not, I'll point you somewhere better.
02
Scoped proposal
Fixed price, fixed timeline, written deliverables. No ambiguity about what "done" means.
03
Ship & hand off
Code, runbook, diagram, and a real walkthrough so your team can run what I built.
What clients say
Receipts from past engagements.
“Rebuilt our AWS account from scratch and cut the monthly bill almost in half. Runbooks our team actually opens.”
B2B SaaS, 12 people
“Walked into a Typesense incident at 11pm. Had us back online by 1, root-caused by morning, with a playbook for next time.”
Content company, India
“Three-week security audit. We expected a slide deck. Got working IAM changes, WAF rules, and a tabletop exercise.”
Fintech, pre-Series A
Names withheld under NDA. References available on request.
07 · Writing
Notes from production.
Cloud, security, and the boring infra work that keeps systems up.
Work with me
Need a senior engineer who's already done it?
Whether it's a security audit, a cloud migration, or putting your platform on EKS. Short engagements, fixed scope, no retainers.
08 · Newsletter
One signal a week.
Cloud architecture, security incidents, and DevOps lessons, drawn from real work. Not LinkedIn talking points.
Unsubscribe anytime. 5 minute read.