Harry Shelton

Cloud Engineer & Architect

A Cloud Engineer designing and delivering secure, resilient, and scalable infrastructure. I translate complex business requirements into technical solutions, from modernising legacy environments to architecting greenfield Azure deployments. I specialise in design for security, governance, and operational excellence using Infrastructure as Code (IaC) and automation.

Download CV

Core Technical Expertise

Cloud & Infrastructure

Microsoft Azure Microsoft 365 Windows Server VMware

Security & Identity

Entra ID Active Directory Zero Trust (SASE) RBAC

Networking & Edge

Cloudflare Cisco Meraki SD-WAN Sophos HA BGP

DevOps & Automation

Terraform (IaC) PowerShell REST/Graph API

What I Bring to the Table

Security-First Mindset

Every solution I build prioritises security at the architectural level. I integrate identity protection, RBAC Policies, Network Segmentation, and Threat Detection from the start, avoiding afterthoughts.

Operational Maturity

My systems are automated, observable, and resilient. I focus on reducing operational friction through clear documentation, versioned infrastructure, and scalable patterns that support long-term reliability.

Business-Driven Design

Bridging the gap between business objectives and technical implementation. I design and deploy solutions that are cost-effective, maintainable, and aligned with long-term strategic goals.

Professional Experience

Cloud Project Engineer

Focus Group

May 2025 – Present
  • Lead Architect & SME for Cloudflare: Pitched & secured the Cloudflare Agency Partner program. Built a bespoke Partner Portal to manage the partnership, automating tenant creation with strict RBAC, and orchestrated the migration of hundreds of domains to Zero Trust (SASE).
  • Multi-Client Cloud Transformation: Led end-to-end migrations to Azure, re-architecting legacy workloads into cloud-native solutions (Azure Files, Azure SQL, Virtual WAN), significantly reducing TCO and hardening security postures.
  • Ransomware Recovery: Designed and delivered an emergency Azure recovery for a major UK Hospitality Group, restoring 100% operational capability across multiple sites within 48 hours.
  • Standardised Identity Security: Implemented a unified RBAC model spanning Azure, Microsoft 365, and Meraki, strengthening least-privilege access across a 150+ person technical team.

IT Technical Engineer - Projects

Focus Group

April 2024 – May 2025
  • Emergency Cloud Migration: Led an end-to-end Azure modernisation post-catastrophic server failure. Architected a greenfield environment that reduced critical app login times by 70% and came in 15% under budget.
  • Security Remediation Lead: Provided technical assurance for clients undergoing SOC2 and Cyber Essentials+ audits, designing remediations that ensured 100% pass rates.
  • Simultaneous Project Delivery: Managed concurrent implementations for SME and enterprise clients across cloud, on-premises, and modern workplace solutions.

IT Technical Field Engineer

Focus Group

August 2023 – April 2024
  • Delivered multi-site infrastructure deployments including switches, clustered servers, and resilient NAS platforms for enterprise clients.
  • Provided frontline support and remediation on SonicWALL, Sophos, and Meraki firewalls/VPNs, vastly strengthening client perimeter security.

Certifications

Microsoft Certified: Azure Administrator Associate

Credential ID: EBD01777F3B5E325

Cloudflare Certified: Zero Trust Engineer (ZTE)

Verify Credential

Cloudflare Certified: Application Security Engineer

Verify Credential

Microsoft Certified: Azure Fundamentals

Credential ID: 2D5EDD6742B17DE7

Engineering Cisco Meraki Solutions (ECMS)

Cisco Meraki Network Associate (CMNA)

Cisco Umbrella Studio 3.0

Credential ID: p9Y34OcXko

Microsoft Certified: Azure Solutions Architect Expert

In Progress

Personal Projects

Serverless File Transfer

Architected an ephemeral file transfer solution built entirely on the Cloudflare edge. Provides a zero-infrastructure sharing tool combining a Worker, R2 buckets with automatic object expiration, and Cloudflare Access for robust authentication.

JavaScript Cloudflare R2
Demo

Azure Modules (Terraform)

Designed a standardised architectural pattern for greenfield Azure deployments to ensure governance and accelerate delivery. Enforces secure hub-spoke topologies and baseline network security using reusable Terraform templates.

Azure Terraform

A.R.G.U.S - Cloudflare Partner Portal

Engineered a serverless portal for managing Cloudflare tenants, automating onboarding, and standardising RBAC policies.

Cloudflare API Zero Trust

Autopilot HWID Ingestion

Architected an automation pipeline to bridge existing, unmanaged hardware with Intune's Zero-Touch-Provisioning. A lightweight, client-side ingestion script, run as SYSTEM, captures the device's hardware hash and authenticates against the Graph API, programmatically registering the device in Autopilot. This solution enables automated tenant enrollment and re-provisioning (OOBE) for a brownfield device fleet.

Azure PowerShell

Homelab Infrastructure

Designed a resilient infrastructure to validate enterprise architecture. Incorporates Zero Trust (Cloudflare Tunnels), network segmentation (Sophos HA), and robust storage (OpenZFS) as a proving ground for secure hybrid-cloud patterns.

Docker ZFS Tailscale

AetherCred

Designed a security posture reporting tool to solve visibility gaps in Entra ID. A lightweight serverless setup using PowerShell and HTML to aggregate diverse risk signals from the Graph API into a unified metric without third-party platform costs.

PowerShell Graph API

View all projects on GitHub →


Let's Build Something Secure.

I'm always open to discussing cloud architecture, edge security, or new opportunities.

Get In Touch