{"id":49729367,"url":"https://github.com/berkeleyo/berkeleyo","last_synced_at":"2026-05-09T05:36:43.426Z","repository":{"id":209548852,"uuid":"724351571","full_name":"berkeleyo/berkeleyo","owner":"berkeleyo","description":"Personal scratchpad and profile repo.","archived":false,"fork":false,"pushed_at":"2026-02-12T10:53:48.000Z","size":82,"stargazers_count":1,"open_issues_count":2,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-02-12T18:05:19.994Z","etag":null,"topics":["github-profile","meta","profile","readme"],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/berkeleyo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-11-27T22:44:58.000Z","updated_at":"2026-02-12T10:53:52.000Z","dependencies_parsed_at":null,"dependency_job_id":"6889511b-2256-4127-9452-8966db2e1545","html_url":"https://github.com/berkeleyo/berkeleyo","commit_stats":null,"previous_names":["berkeleyo/berkeleyo"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/berkeleyo/berkeleyo","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/berkeleyo%2Fberkeleyo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/berkeleyo%2Fberkeleyo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/berkeleyo%2Fberkeleyo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/berkeleyo%2Fberkeleyo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/berkeleyo","download_url":"https://codeload.github.com/berkeleyo/berkeleyo/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/berkeleyo%2Fberkeleyo/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32808676,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-08T08:22:46.396Z","status":"online","status_checked_at":"2026-05-09T02:00:06.633Z","response_time":123,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["github-profile","meta","profile","readme"],"created_at":"2026-05-09T05:36:42.165Z","updated_at":"2026-05-09T05:36:43.380Z","avatar_url":"https://github.com/berkeleyo.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003c!-- Profile README for github.com/berkeleyo --\u003e\n\u003cdiv align=\"center\"\u003e\n  \n# Hi, I'm Berkeley 👋\n\n\u003c!-- Badges Row --\u003e\n![Profile Views](https://komarev.com/ghpvc/?username=berkeleyo\u0026color=blue\u0026style=for-the-badge)\n![Experience](https://img.shields.io/badge/Experience-6%2B%20years-1f6feb?style=for-the-badge\u0026logo=github)\n![Lines of Code](https://img.shields.io/badge/Lines%20of%20Code-100k%2B-blue?style=for-the-badge)\n\n\u003c!-- Tech stack badges (as provided, preserved) --\u003e\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"https://img.shields.io/badge/Azure-0078D4?logo=microsoftazure\u0026logoColor=white\"\u003e\n\u003cimg src=\"https://img.shields.io/badge/AWS-232F3E?logo=amazonaws\u0026logoColor=FF9900\"\u003e\n\u003cimg src=\"https://img.shields.io/badge/GCP-4285F4?logo=googlecloud\u0026logoColor=white\"\u003e\n\u003cimg src=\"https://img.shields.io/badge/PowerShell-5391FE?logo=powershell\u0026logoColor=white\"\u003e\n\u003cimg src=\"https://img.shields.io/badge/Bicep-00B4FF?logo=microsoftazure\"\u003e\n\u003cimg src=\"https://img.shields.io/badge/Terraform-7B42BC?logo=terraform\u0026logoColor=white\"\u003e\n\u003cimg src=\"https://img.shields.io/badge/GitHub%20Actions-181717?logo=githubactions\u0026logoColor=white\"\u003e\n\u003cimg src=\"https://img.shields.io/badge/Azure%20DevOps-0078D7?logo=azuredevops\u0026logoColor=white\"\u003e\n\u003cimg src=\"https://img.shields.io/badge/Docker-2496ED?logo=docker\"\u003e\n\u003cimg src=\"https://img.shields.io/badge/Kubernetes-326CE5?logo=kubernetes\"\u003e\n\u003cimg src=\"https://img.shields.io/badge/Microsoft%20Sentinel-003B57?logo=microsoft\"\u003e\n\u003cimg src=\"https://img.shields.io/badge/Intune-0078D4?logo=microsoftintune\"\u003e\n\u003cimg src=\"https://img.shields.io/badge/Fortinet-E60000?logo=fortinet\"\u003e\n\u003cimg src=\"https://img.shields.io/badge/Grafana-F46800?logo=grafana\"\u003e\n\u003cimg src=\"https://img.shields.io/badge/Prometheus-E6522C?logo=prometheus\"\u003e\n\u003c/p\u003e\n\n\u003c/div\u003e\n\n---\n\n## 🧑‍💻 About Me\n\nCloud engineer focused on **access governance**, **secure network architectures**, and **pragmatic automation**.  \nI like clean runbooks, reversible cutovers, and evidence-first security.  \nI work primarily in **Azure**, with complementary projects in **AWS** and **GCP** where they deliver value.\n\n- 🛡️ Identity \u0026 Access: JIT elevation, Conditional Access, PIM, external-ID federation (Azure • AWS STS • GCP WIF)  \n- 🌐 Networking: Fortinet SD-WAN/IPsec in Azure, HA/BGP, MTU optimization, deterministic routing and secure egress patterns  \n- ⚙️ Automation: PowerShell/Bicep, Logic Apps, YAML pipelines, GitHub/Azure DevOps  \n- 🖥️ Endpoint \u0026 Governance: Intune configuration, remediation, and policy-driven enforcement  \n- 📊 Ops: Runbooks, cutover/rollback, observability, backup verification  \n- ✍️ Documentation: concise, production-ready, redacted  \n\nRecent work also explores AI-driven automation and voice-based agents as operational interfaces for platform workflows and customer interaction systems.\n\n---\n\n### 🤖 AI Systems \u0026 Event-Driven Platforms\n\nExploration of AI-assisted automation and event-driven systems extending traditional platform engineering patterns into conversational and autonomous workflows.\n\n| Project | Description | Stack |\n|---|---|---|\n| [**AI Voice Agent Platform**](https://github.com/berkeleyo/ai-voice-agent-platform-repo) | Event-driven AI voice agent platform handling enquiry intake, outbound calling workflows, structured data capture, and automation pipelines. | 🤖 AI · Azure Functions · Event-Driven |\n\n---\n\n## 🏗️ Platform \u0026 Engineering Projects\n\nRather than isolated tooling, these repositories represent real operational problems, designed and implemented with production constraints in mind — security, rollback, observability, and long-term maintainability.\n\nProjects are grouped by engineering domain to reflect how platforms are designed and operated in practice.\n\n---\n\n### ☁️ Migration \u0026 Platform Modernisation\n\nProjects focused on moving legacy or operationally risky systems into secure, maintainable cloud architectures with controlled cutover and rollback strategies.\n\n| Project | Description | Stack |\n|---|---|---|\n| [**UniFi Controller Cloud Migration**](https://github.com/berkeleyo/unifi-controller-cloud-migration) | End-to-end migration from legacy hosting to Azure with DNS cutover strategy, version pinning, Entra App Proxy integration, MFA enforcement, and operational hardening. | ☁️ Azure · 🐧 Linux · 🧰 PowerShell |\n| [**Azure Public IP Migration**](https://github.com/berkeleyo/azure-public-ip-migration) | Discovery and migration framework for retiring Basic SKU public IPs safely across subscriptions with inventory export, validation, and reversible migration workflow. | 🧰 PowerShell · ☁️ Azure |\n| [**Azure VPN (P2S) Runbook**](https://github.com/berkeleyo/azure-vpn-repo) | Real-world VPN deployment covering authentication models, DNS behaviour, and secure connectivity modernisation patterns. | 🌐 Networking · ☁️ Azure |\n| [**CSAT Remote Access Pattern (LB + NAT Gateway)**](https://github.com/berkeleyo/azure-csat-remote-access-standard-lb-nat-natgw) | Policy-compliant remote access pattern using Standard Load Balancer inbound NAT with controlled outbound egress via NAT Gateway. | ☁️ Azure · Networking · Operations |\n\n---\n\n### 🔐 Identity \u0026 Access Platforms\n\nIdentity is treated as the primary control plane. These projects focus on removing standing privilege, enforcing least access, and making elevation auditable and time-bound.\n\n| Project | Description | Stack |\n|---|---|---|\n| [**Cloud Access Broker — JIT (Multi-Cloud)**](https://github.com/berkeleyo/cloud-access-broker-jit-multicloud) | Multi-cloud just-in-time elevation across Azure, AWS and GCP with approval workflow, audit logging, and automatic revocation. | ☁️ Azure · AWS · GCP · PowerShell |\n| [**AWS JIT Access**](https://github.com/berkeleyo/aws-jit-access) | Temporary privilege elevation using AWS Identity Center and Step Functions with CloudTrail-backed auditability. | ☁️ AWS · 🐍 Python · 🔐 IAM |\n| [**Azure Access Automation**](https://github.com/berkeleyo/azure-access-automation) | Automated access workflows integrating Forms, Power Automate and Entra ID to provide controlled, time-bound access with policy enforcement. | ☁️ Azure · ⚡ Power Automate |\n| [**Access Governance Request Platform**](https://github.com/berkeleyo/access-governance-request-platform) | Access governance platform enabling request intake, approval workflows, time-bound group membership, automated expiry removal, and audit-ready evidence generation. | ☁️ Azure · Identity · Automation |\n\n---\n\n### 🌐 Cloud Networking \u0026 Secure Connectivity\n\nNetworking projects focused on deterministic routing, secure egress, and predictable failure modes across hybrid and cloud environments.\n\n| Project | Description | Stack |\n|---|---|---|\n| [**Fortinet SD-WAN + IPsec (Azure)**](https://github.com/berkeleyo/fortinet-azure-sdwan-ipsec) | Enterprise hub-and-spoke SD-WAN architecture with HA, BGP routing, MTU optimisation, and operational validation patterns. | 🧱 Fortinet · ☁️ Azure |\n| [**Cloud-Secure Egress Policy**](https://github.com/berkeleyo/cloud-secure-egress-firewall-policy) | Centralised outbound control using firewall chaining and enforced egress paths with documented cutover and rollback strategy. | 🔐 Network Security · ☁️ Azure |\n| [**Azure Firewall Multi-Site Publishing**](https://github.com/berkeleyo/azure-firewall-multi-site-publishing) | Secure ingress architecture publishing multiple internal applications through Azure Firewall using DNAT and isolated backend patterns. | 🔥 Azure Firewall · ☁️ Azure |\n| [**Azure Hub-Spoke Hybrid Routing Pattern**](https://github.com/berkeleyo/azure-hub-spoke-hybrid-routing-pattern) | Hybrid routing design steering partner traffic over VPN gateway using UDR prefix routing and gateway transit patterns. | 🌐 Networking · ☁️ Azure |\n\n---\n\n### ⚙️ Platform Automation \u0026 Governance\n\nAutomation projects focused on scale, repeatability, and reducing operational risk across large cloud estates.\n\n| Project | Description | Stack |\n|---|---|---|\n| [**Azure Governance Baseline Framework**](https://github.com/berkeleyo/azure-governance-baseline-framework) | Governance baseline implementing naming standards, tag enforcement, policy-as-code scaffolding, drift detection, and controlled remediation workflows. | ☁️ Azure · Policy · PowerShell |\n| [**Azure Cost \u0026 Tagging Governance**](https://github.com/berkeleyo/azure-cost-tagging) | Automation enforcing tagging standards and cost attribution models across subscriptions with reporting and remediation workflows. | ☁️ Azure · Governance · Automation |\n| [**Azure Budget Governance**](https://github.com/berkeleyo/azure-budget-governance) | Budget enforcement and alerting automation using cost management APIs and operational reporting patterns. | ☁️ Azure · FinOps · Automation |\n| [**Intune Kyocera Print Governance**](https://github.com/berkeleyo/intune-kyocera-only-print-governance) | Endpoint governance automation enforcing compliant printer usage and removing unmanaged drivers through Intune remediation. | 🖥️ Intune · 🧰 PowerShell |\n\n---\n\n### 📊 Observability \u0026 Operations\n\nOperational tooling focused on visibility, health validation, and ensuring systems remain observable after deployment.\n\n| Project | Description | Stack |\n|---|---|---|\n| [**LogicMonitor Hybrid Monitoring**](https://github.com/berkeleyo/logicmonitor-hybrid-monitoring) | Hybrid monitoring model spanning Hyper-V, AWS and GCP with unified alerting and operational dashboards. | 📊 LogicMonitor · ☁️ AWS · ☁️ GCP |\n| [**Observability (Grafana + Kibana)**](https://github.com/berkeleyo/observability-grafana-kibana) | Centralised observability stack for metrics and log analysis across hybrid environments. | 📊 Grafana · Kibana · Monitoring |\n| [**M365 Security Alerts to Teams**](https://github.com/berkeleyo/m365-security-alerts-to-teams) | Logic App workflow aggregating security alerts and publishing operational summaries to Teams using adaptive cards. | ☁️ Azure · Security · Automation |\n| [**Datto Grafana Monitoring**](https://github.com/berkeleyo/datto-grafana-presales) | Monitoring dashboards and alerting patterns designed for operational visibility and infrastructure validation. | 📊 Grafana · Monitoring |\n\n---\n\n## 🧠 Engineering Focus\n\n- Identity-first platform design and least-privilege access models\n- Deterministic cloud networking and secure ingress/egress architecture\n- DevOps practices aligned with operational ownership\n- Governance and repeatability across multi-subscription environments\n- Automation driven by operational need rather than tooling preference\n- Documentation designed for operational handover\n\n---\n\n## 🚀 Professional Impact\n\n- Removed standing privilege through identity-driven elevation models across cloud environments.\n- Delivered production migrations and cutovers with pre-defined rollback paths and controlled change patterns.\n- Standardised network and access patterns reducing operational drift across environments.\n- Built automation replacing manual access provisioning and configuration workflows.\n- Produced operational runbooks enabling predictable support and incident response.\n\n---\n\n## 🧭 How I Work\n\n- Design for rollback first.\n- Prefer small, reversible changes over high-risk deployments.\n- Treat identity as the primary security boundary.\n- Document systems so someone else can operate them at 3am.\n- Automate only after the manual process is fully understood.\n\n---\n\n## 🔐 Security Philosophy\n\n- Identity over network trust.\n- Short-lived access over standing privilege.\n- Evidence over assumptions.\n- Safe defaults over permissive convenience.\n- Production systems should fail predictably.\n\n---\n\n## 🔍 Currently Exploring\n\n- Workload identity federation patterns across cloud providers  \n- Zero-trust network segmentation models  \n- Policy-as-code for access governance and platform controls  \n- Platform engineering workflows for repeatable environments  \n\n---\n\n## 🧩 Redaction \u0026 Security Statement\n\u003e 🧾 All documentation and code samples are **redacted for confidentiality**.  \n\u003e No secrets, IP addresses, or tenant identifiers are included.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fberkeleyo%2Fberkeleyo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fberkeleyo%2Fberkeleyo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fberkeleyo%2Fberkeleyo/lists"}