Chika Jideofor Agatha

Cloud Security & DevOps Engineer

Chika Jideofor
Agatha

Designing and securing cloud infrastructure on Azure and AWS — from identity management and network architecture to VM deployment and zero-trust access policies.

View Projects Get in Touch

About

I'm a Cloud Security and DevOps Engineer focused on building secure, scalable infrastructure across Microsoft Azure and AWS. My work spans identity and access management, virtual network architecture, and cloud security hardening.

I take a hands-on approach — every project documented here was designed, deployed, and verified by me, following real-world best practices including Zero Trust principles, least privilege access, and layered network security.

I'm passionate about making cloud infrastructure both powerful and provably secure.

2
Cloud platforms (Azure & AWS)
3+
Documented projects
MFA
Zero Trust security enforced
IAM
Identity & access management

Skills

Technical expertise

☁️

Cloud Platforms

Azure and AWS infrastructure design and deployment

Azure AWS Azure Portal AWS Console
🔐

Identity & Access Management

User lifecycle, roles, PIM, and MFA enforcement

Azure Entra ID RBAC PIM MFA Conditional Access
🌐

Cloud Networking

VNet/VPC design with subnets, routing, and security groups

VNet VPC NSG NACL IGW Subnets
🛡️

Cloud Security

Zero Trust, layered security, monitoring & logging

Zero Trust VPC Flow Logs Password Policy Security Groups
💻

Virtual Machines

VM deployment, sizing, RDP/SSH access & networking

Azure VM EC2 RDP AMI t3.micro
🌍

DNS & Domains

Domain registration, DNS integration with cloud identity

Namecheap Custom Domains Azure Entra DNS Records

Projects

What I've built

01 Microsoft Azure

Azure Identity & Access Management — Full Setup

End-to-end setup of an Azure cloud environment for a company (BlxckOne Group), covering domain registration, Azure Entra ID configuration, identity management, and security hardening.

  • Purchased a custom domain via Namecheap and integrated it with Azure Entra Admin Center
  • Configured company branding (logo, colors, sign-in page) in Azure Entra ID
  • Created single users, invited external guest users, and bulk-provisioned users via CSV upload
  • Built Azure security groups and assigned custom RBAC roles
  • Configured Privileged Identity Management (PIM) with Active and Eligible role assignments
  • Enforced MFA via Conditional Access policies; documented Zero Trust password security
  • Set up the full Azure Organization Hierarchy: Tenant → Management Groups → Subscriptions → Resource Groups → Resources
Azure Entra ID PIM RBAC MFA Conditional Access Namecheap Company Branding
02 Microsoft Azure

Secure Azure VNet Architecture & VM Deployment

Designed and deployed a secure Virtual Network (VNet) architecture in Azure with multi-subnet segmentation and Network Security Groups, then hosted a web application on a deployed virtual machine.

  • Designed a 3-subnet VNet: FrontendSubnet, BackendSubnet, DatabaseSubnet (CIDR: 192.168.0.0/16)
  • Associated individual NSGs per subnet for fine-grained traffic control
  • Deployed a Windows VM (EC2-equivalent) in the frontend subnet with public IP and RDP access
  • Verified network architecture via Azure portal — address spaces, subnets, and NSG associations
Azure VNet NSG Subnets Azure VM RDP CIDR
03 Amazon AWS

AWS VPC Architecture with EC2 & Security Hardening

Designed and deployed a production-grade AWS VPC architecture for a simulated "Paypal-VPC" environment with full subnet segmentation, security controls, logging, and a live EC2 Windows instance.

  • Created a VPC (192.168.0.0/16) with 3 subnets: FrontEndSubnet, BackEndSubnet, DatabaseSubnet
  • Configured Internet Gateway, Route Tables, and DNS hostnames for public-facing frontend access
  • Enabled VPC Flow Logs to CloudWatch/S3 for full traffic auditing (Accepted, Rejected, All)
  • Configured Network ACLs per subnet — frontend allows HTTP/HTTPS, backend and DB subnets restricted to internal traffic only
  • Launched a Windows EC2 instance (t3.micro, Windows AMI) with SSH key pair; connected via RDP using public IP
AWS VPC EC2 NACL Security Groups VPC Flow Logs IGW Route Tables CloudWatch
04 AWS · Kubernetes · Team Project

Capstone: Three-Tier Bank App Deployment on AWS EKS

Collaborated as part of a 6-team cohort (POD12 – Cohort 5 "Digital Witch") to deploy a fully containerised three-tier banking application on AWS. The live app ran at bank.cohort5pod12.site.

  • Architecture spans a frontend, backend, and database tier — all running on a Kubernetes cluster deployed via AWS EKS
  • Contributed as Documentation Team Member — responsible for capturing and structuring the full deployment process across all six sub-teams
  • Infrastructure provisioned with Terraform; CI/CD pipelines built with GitHub Actions and ArgoCD for GitOps-driven deployments
  • Monitoring and observability integrated via Datadog on Kubernetes, with dashboards for cluster and application health
  • Documented secrets management best practices: AWS Secrets Manager, Kubernetes External Secrets, HashiCorp Vault, and IRSA
  • Collaborated across Admin, Architecture, Infrastructure, Frontend, Backend, and Monitoring sub-teams
AWS EKS Kubernetes Terraform GitHub Actions ArgoCD Datadog 3-Tier Architecture Technical Documentation

Contact

Let's work together

Open to cloud security roles, DevOps opportunities, and freelance infrastructure projects.

Jideoforchika7@gmail.com 📞 +234 904 232 0096
Send an Email GitHub LinkedIn