Senior Cloud Security Architect profile
Professional Profile

Senior Cloud Security Architect

12+ years experience6 roles19 certifications

This is a public version of my CV. For the latest role-tailored résumé, get in touch

About Me

Senior Cloud Security Architect with 12+ years of engineering experience designing and operating secure, scalable cloud-native platforms for mission-critical systems. I combine security architecture, platform engineering, and software engineering to deliver practical, business-aligned security controls without slowing delivery.

My core expertise includes cloud network security architecture (VPC segmentation, private connectivity, zero-trust access patterns), cloud load balancing across all major models (L4/L7, internal/external, regional/global), WAF strategy and deep Cloud Armor policy tuning, and resilient data-layer design including multi-region Cloud Spanner setups. I design security controls that improve both protection and reliability, while keeping systems cost-efficient and operationally sustainable.

I can present architecture clearly to executives and engineering teams, produce high-quality architecture diagrams, and explain why each security/scalability/reliability decision matters. I lead threat modeling, architecture reviews, and implementation planning to increase security posture, scalability, and fault tolerance in production environments.

I am currently preparing for CISSP and have strong practical command across all CISSP domains, applying these principles directly in cloud architecture and delivery.

Google Cloud (5x Professional Certified): Professional Cloud Architect, Professional Cloud Network Engineer, Professional Security Operations Engineer, Professional Cloud DevOps Engineer, Professional Data Engineer.

Complementing my cloud background, I hold Cloud Security Alliance certifications (CCSK, CCZT). As a published Technical Author, I regularly share hands-on engineering insights on Medium and in professional publications, focused on cloud security, platform reliability, and modern architecture.

Contact

Email
LinkedIn profile linkLinkedIn
GitHub profile linkGitHub

Skills

Cloud & Platform
Cloud Network Security (VPC Segmentation)
Cloud Load Balancing (L4/L7, Internal/External, Regional/Global)
Multi-Region Cloud Spanner Architecture
Threat Modeling
Service Mesh (Istio / Linkerd)
KEDA
Kubernetes
Docker
AWS / GCP / Azure
OpenStack
Security & Zero Trust
CISSP (in progress)
CISSP Domains (all 8)
Cloud Security Architecture
Security Architecture for Mission-Critical Systems
Cloud Armor (WAF Strategy and Policy Tuning)
Architecture Reviews & Security Design Authority
Executive Security Communication & Architecture Presentations
API Security
OAuth 2.0 / OIDC
Zero Trust
SLSA Framework
Provenance / Attestations
EU Cyber Resilience Act (CRA)
AI Governance (EU AI Act, NIST AI RMF)
ISO/IEC 27001
SAST (SonarQube, Semgrep)
DAST (OWASP ZAP)
SCA & Container Scanning (Trivy)
SBOM (Syft/CycloneDX)
Signing (Sigstore Cosign)
Secrets (Vault, SOPS, KMS)
Policy-as-Code (OPA/Gatekeeper, Kyverno)
K8s Security (NetworkPolicies, Pod Security, mTLS)
NGINX / HAProxy (WAF/TLS)
Compliance (CIS Benchmarks, GDPR basics)
Delivery & IaC
Terraform
Pulumi
GitLab CI
GitHub Actions
Jenkins
Argo CD (GitOps)
Ansible
Reliability & Observability
Cost-Efficient Secure Architecture (FinOps-Aware)
SRE (SLI/SLO)
Prometheus / Grafana
Languages & Foundations
Architecture Diagramming & Technical Storytelling
OpenAPI
Event-Driven Architecture
Python
Go (Golang)
Node.js / TypeScript
Bash
Additional Expertise
ELK / OpenSearch, Jaeger
RESTful APIs
Incident Response & Hardening

Experience

Senior Cloud Security Architect | GCP Platform Security

T-Digital by Deutsche Telekom · Full-time

Sep 2024 - Present · 1 yr 11 mos

Thessaloniki, Central Macedonia, Greece · Hybrid

  • Designed and operated security architecture for a multi-region, multi-cluster GKE platform used by multiple product teams in mission-critical environments.
  • Implemented and tuned cloud load balancers across major patterns: internal/external, L4/L7, global/regional, with secure traffic segmentation and resilient routing strategies.
  • Led Cloud Armor strategy: WAF policy design, managed/custom rules, threat-driven tuning, and operational playbooks for rapid mitigation and controlled change.
  • Designed secure cloud networking and access patterns: private connectivity, OIDC/SSO, IAM least privilege, controlled privileged access, and architecture-level guardrails.
  • Architected resilient data patterns including multi-region Cloud Spanner setup strategy for availability, consistency requirements, and disaster readiness.
  • Delivered policy-as-code and workload hardening baselines (admission controls, image trust, runtime controls) for secure-by-default platform operations.
  • Built security observability and response flows: centralized telemetry, actionable alerting, SIEM event forwarding, and incident runbooks.
  • Presented architecture decisions to leadership and engineering teams with clear diagrams and rationale focused on security, scalability, and fault tolerance.

Selected Projects

  • AI Prompt Security

    A Chrome & Safari extension that keeps secrets out of AI prompts — it scans messages before they reach ChatGPT, Claude or Gemini using 110+ regex patterns plus Shannon-entropy analysis, then redacts or blocks API keys, tokens and PII. 100% local, zero telemetry.

    JavaScript · Chrome Extension · Safari Extension · Security · Privacy

    Chrome Web Store
  • Risk Analytics

    A quantitative model that gives leadership measurable visibility into key-person dependency, decision bottlenecks and human control-bypass risk — Bus Factor, Decision Concentration and Bypass Risk in one product. Published to PyPI with a citable DOI.

    Python · NetworkX · Risk Modeling · CLI · Research

    View on GitHub

Licenses & Certifications

Google8×

Google Cloud Certified Professional Cloud Architect

Issued by Google · Issued May 2025

Credential ID: 8a9ddfba001e4a55bf42667a6b62da9b

Skills: Cloud Solution Architecture, Security and Compliance, Cloud Networking, +6 more

Show credential

Google Cloud Certified Professional Network Engineer

Issued by Google · Issued Jul 2025

Credential ID: eb748cbd0c904f8389d3f755f3a32584

Skills: Cloud Networking, Hybrid Connectivity, Network Security, +6 more

Show credential

Courses

20265

NIS-2 Deep Dive

K&P Computer / BLUE Consult

Completion certificate for the NIS-2 Deep Dive web training (28 May 2026) covering real attack scenarios (identity theft, compromised backups, user account breaches), NIS-2 requirements including risk management, reporting obligations, and supply chain security, governance structures, security roles, policies, incident response processes, vulnerability management and cyber resilience with IBM solutions, network and firewall security, SOC/SIEM/endpoint protection, and identity/access/communication protection.

IBM DevOps and Software Engineering (Professional Certificate)

Coursera

ACE ID IBM-0032 (v1), 14 weeks (~200 hours), minimum passing score 70. ACE: 18 SH (6 x 3) across Web Development (HTML/CSS/JavaScript), Python for Data Science, Advanced Application Security, Intro to Cloud Computing, Intro to Python, and Microservices.

Education

  • Recognized in Germany · Bachelor level

    Military Academy of the Strategic Missile Forces Academy named after Peter the GreatEngineer's Degree, Automation Management Systems

    2007 - 2012

    Engineer's Degree, Automation Management Systems

    Engineer's Degree, Translation

    Recognized by the KMK Central Office for Foreign Education (ZAB) as equivalent to a German Bachelor's degree

    Time Management · Self-discipline · Communication and Collaboration

  • Humanitarian, Economic and Information Institute of TechnologyBachelor's Degree, Law

    2012 - 2016

    Bachelor's Degree, Law

    Data Privacy and Security · Compliance and Regulations · Communication and Collaboration · Technical Analysis

Publications

8articles published onGoogle Cloud - Community · Dev Genius · DataDrivenInvestor

Latest

Dev GeniusApr 18, 2026

Why Firewalls Are Losing Their Central Role in 2026

Why perimeter firewalls no longer anchor security architecture: the shift to identity-centric Zero Trust, microsegmentation, and workload-level controls in modern cloud networks.

Show publication
  1. How to Stop Data Exfiltration in Google Cloud with VPC Service Controls and Private Endpoints

    Apr 10, 2026

    Google Cloud - Community

    Designing data exfiltration defenses on GCP: VPC Service Controls perimeters, private Google access, and endpoint policies to keep sensitive data inside a trusted boundary.

Honors and Awards

6distinctionsselected by Google & the developer community

  1. Issued by Google CloudJun 2026

    One of only a handful of engineers Google names Ambassador for Infrastructure — a recognition it reserves for the very top tier of its global Cloud community. Awarded for sustained, hands-on mastery of Google Cloud infrastructure, proven in the console rather than on paper.

  2. Issued by Google CloudMay 2026

    Recognised by Google as a Security Champion — a distinction given to practitioners who consistently demonstrate deep, applied expertise in securing Google Cloud environments and raising the security bar across the community.

    © 2026 Aleksei AleinikovSenior Cloud Security Architectalekseialeinikov.com