Senior Cloud Security Architect with 12+ years of engineering experience designing and operating secure, scalable cloud-native platforms for mission-critical systems. I combine security architecture, platform engineering, and software engineering to deliver practical, business-aligned security controls without slowing delivery. My core expertise includes cloud network security architecture (VPC segmentation, private connectivity, zero-trust access patterns), cloud load balancing across all major models (L4/L7, internal/external, regional/global), WAF strategy and deep Cloud Armor policy tuning, and resilient data-layer design including multi-region Cloud Spanner setups. I design security controls that improve both protection and reliability, while keeping systems cost-efficient and operationally sustainable. I can present architecture clearly to executives and engineering teams, produce high-quality architecture diagrams, and explain why each security/scalability/reliability decision matters. I lead threat modeling, architecture reviews, and implementation planning to increase security posture, scalability, and fault tolerance in production environments. I am currently preparing for CISSP and have strong practical command across all CISSP domains, applying these principles directly in cloud architecture and delivery. Google Cloud (5x Professional Certified): Professional Cloud Architect, Professional Cloud Network Engineer, Professional Security Operations Engineer, Professional Cloud DevOps Engineer, Professional Data Engineer. Complementing my cloud background, I hold Cloud Security Alliance certifications (CCSK, CCZT). As a published Technical Author, I regularly share hands-on engineering insights on Medium and in professional publications, focused on cloud security, platform reliability, and modern architecture.
T-Digital by Deutsche Telekom · Full-time
Sep 2024 - Present · 1 yr 9 mos
Thessaloniki, Central Macedonia, Greece · Hybrid
- Designed and operated security architecture for a multi-region, multi-cluster GKE platform used by multiple product teams in mission-critical environments.
- Implemented and tuned cloud load balancers across major patterns: internal/external, L4/L7, global/regional, with secure traffic segmentation and resilient routing strategies.
- Led Cloud Armor strategy: WAF policy design, managed/custom rules, threat-driven tuning, and operational playbooks for rapid mitigation and controlled change.
- Designed secure cloud networking and access patterns: private connectivity, OIDC/SSO, IAM least privilege, controlled privileged access, and architecture-level guardrails.
- Architected resilient data patterns including multi-region Cloud Spanner setup strategy for availability, consistency requirements, and disaster readiness.
- Delivered policy-as-code and workload hardening baselines (admission controls, image trust, runtime controls) for secure-by-default platform operations.
- Built security observability and response flows: centralized telemetry, actionable alerting, SIEM event forwarding, and incident runbooks.
- Presented architecture decisions to leadership and engineering teams with clear diagrams and rationale focused on security, scalability, and fault tolerance.
T-Digital by Deutsche Telekom · Full-time
Jun 2022 - Sep 2024 · 2 yrs 4 mos
Thessaloniki, Central Macedonia, Greece · Hybrid
- Led security architecture and platform modernization across OpenStack and AWS, including secure segmentation, service exposure patterns, and defense-in-depth controls.
- Built repeatable security baselines in CI/CD and IaC (Terraform modules and policy guardrails), reducing drift and making audit evidence generation faster.
- Drove network and identity security improvements: least-privilege IAM, privileged-access controls, and review-ready access governance processes.
- Implemented and hardened L4/L7 ingress and load-balancing patterns with TLS strategy, resilient failover paths, and secure publishing standards.
- Ran threat modeling and design reviews with cross-functional teams, documenting architecture decisions and migration plans for scalable secure delivery.
- Improved observability and incident response capabilities (Prometheus/Grafana, ELK, actionable alerting), reducing MTTR and increasing operational readiness.
- Automated lifecycle and scaling workflows to keep security posture strong while improving cost efficiency and delivery speed.
Integrated Google Cloud Armor with external load balancer to protect Kubernetes applications from malicious traffic. Requests are analyzed against custom security rules (WAF, IP allow/deny lists, geo-based policies). Suspicious requests are blocked with 403 responses before reaching the cluster, while legitimate clients maintain seamless access. Hardened the ingress layer for App 1 and App 2 in Kubernetes.
Multi-regional Kubernetes deployment across West 3 and West 4 regions with GitLab Config Sync and Google Fleet. Ensures high availability by spreading workloads (App A, App B, App C) across zones (a, b, c). Unified GitOps delivery pipelines, consistent security policies, and cross-cluster management with Fleet.
Credential ID: 8a9ddfba001e4a55bf42667a6b62da9b
Skills: Cloud Solution Architecture, Security and Compliance, Cloud Networking, +6 more
Show credentialCredential ID: eb748cbd0c904f8389d3f755f3a32584
Skills: Cloud Networking, Hybrid Connectivity, Network Security, +6 more
Show credential
Cloud Assess Academy
2025
Digital badge and certificate issued by Cloud Assess Academy for completing the Advanced GDPR course, providing advanced understanding of GDPR compliance, data protection principles, and organizational obligations.
Alison Online Learning
2025
Certificate of Completion for successfully completing the ISO/IEC 27701 Data Protection and Privacy Information Management course, covering the extension of ISO/IEC 27001 for privacy management, GDPR-related practices, and implementation of a Privacy Information Management System (PIMS).
British Standards Institution (BSI)
2025
Awareness eLearning Certificate of Completion covering ISO/IEC 23894:2023 Guidance on AI Risk Management: principles, context, identification, assessment, and mitigation of risks in AI systems for trustworthy and responsible AI.
Bachelor's Degree, Law
Engineer's Degree, Automation Management Systems
Engineer's Degree, Translation
Step-by-step guide to reading Linux top: load averages, memory usage, CPU breakdown, and process states. Includes real-world scenarios for diagnosing compute, I/O, and VM bottlenecks — with clear habits to turn raw numbers into actionable insights.
Show publicationIntroduces a micro-kernel architecture in Go where the core handles only lifecycle, routing and synchronization, while all business logic runs as pluggable modules. Demonstrates hot-swappable plugins for metrics, caching, and email — enabling granular scaling, non-blocking pub/sub, and clean code evolution.
Show publication
Google Cloud Gen AI Technical Expert Badge Challenge - Early Adopter EditionIssued by Google Cloud - Aug 2025
Certification / Award
Recognized as one of the first 1,100 professionals worldwide to complete the Gen AI Technical Expert Badge Challenge (Early Adopter Edition). This advanced challenge required earning multiple high-level Google Cloud Technical Expert credentials, including 'Build with Vertex', 'Intelligent Search', and 'Customer Engagement Suite with Google AI'. The achievement demonstrates proficiency in applying Generative AI for enterprise use cases, from building with Vertex AI, through creating intelligent retrieval and search solutions, to designing conversational AI for customer engagement. Award included a digital badge, exclusive Google swag, and global community recognition. Valid until Aug 2026.
Google Cloud Arcade - Champions MilestoneIssued by Google Cloud - Jun 2024
Award
Recognized as one of the select professionals worldwide to achieve the Champions Milestone in Google Cloud Arcade, earning a total of 78 points. This rare accomplishment reflects over six months of consistent learning and hands-on practice, during which more than 300–400 individual labs were completed across diverse Google Cloud technologies. It highlights outstanding dedication to continuous upskilling in cloud technologies, persistence in real-world lab work, and a strong commitment to professional growth. Award eligibility included exclusive prizes and global community recognition.
3rd RIL AI HackathonIssued by Research Innovation Lab - Jun 2024
Hackathon
Won 1st place at the 3rd RIL AI Hackathon, hosted by the Research Innovation Lab and associated with T-Digital (Deutsche Telekom). Our team built a production-ready data uploader tailored for RAG-based chatbots. It supports PDF document ingestion, offers multiple adaptive chunking strategies, works autonomously with uploaded corpora, and automatically selects the best strategy using LLM-driven evaluation. We also instrumented RAGAS for response-quality measurement. The solution improves efficiency, reduces redundancies, and raises the overall quality of chatbot answers.
2nd RIL AI HackathonIssued by Research Innovation Lab - Dec 2023
Hackathon
Won 1st place at the 2nd RIL AI Hackathon, hosted by Research Innovation Lab and associated with T-Digital (Deutsche Telekom). Developed an AI solution that analyzes user stories and test cases, providing insights to improve quality and efficiency in software development.
