$ whoami  →  cloud-engineering-student

Karim
El Atfy

Cloud & Infrastructure Engineer @ Politecnico di MilanoOpen to junior cloud / devops / sysadmin roles

Computer Engineering student at PoliMi. I build cloud projects to understand how things behave outside a tutorial: Azure infrastructure, Terraform, Linux, containers, CI/CD and the boring details that make deployments reliable.

View Projects GitHub LinkedIn Download CV

AZ-900

Microsoft Certified

5+

Azure IaC Projects

Milan / Varese

Hybrid or remote

scroll

Who I Am

About Me

Hands-on cloud projects, written up clearly and deployed for real.

I'm a Computer Engineering student at Politecnico di Milano. My focus is practical cloud engineering: Azure, Terraform, Linux, networking and the operational side of keeping infrastructure understandable.

I build projects in steps. First a single VM, then segmented networks, then private access, then high availability, and now CI/CD container platforms with identity, observability and security checks.

I'm preparing for AZ-104 and CCNA, but I try to avoid collecting theory in a vacuum. If I study a service or pattern, I turn it into a small deployment and document what broke, what worked and what I would change in production.

I'm looking for junior Cloud Engineer, Junior System Administrator, Cloud/DevOps internship or Cloud Operations roles around Milan/Varese, remote or hybrid. Italian native, English C1, French conversational.

// Tech Stack

Azure Terraform Linux Bash Networking NSG / Security Git / GitHub cloud-init Nginx ARM / Bicep SSH Python Docker Kubernetes GitHub Actions Container Apps ACR Key Vault Managed Identity OIDC App Insights Log Analytics Checkov Trivy FastAPI
profile.json
{
"name": "Karim El Atfy",
"location": "Milan / Varese, Italy",
"focus": ["Azure", "Terraform", "Linux", "DevSecOps"],
"currently": ["AZ-104", "CCNA", "Kubernetes basics"],
"best_project": "Azure DevSecOps Container Platform",
"seeking": "junior cloud / devops / sysadmin / cloud ops",
"available": true
}

Work Experience

Experience

Operational work alongside my studies, with a focus on clean records, accountability and practical support.

Administrative & Accounting Support
Furizon APS · Third Sector / Non-profit
2025 - Present Ongoing collaboration

Administrative and accounting support for Furizon APS, a non-profit association in the events/community space. I help with records, invoices, member data, reconciliation work and reporting, keeping the back office organized while studying engineering.

Accounting Support Data Reconciliation Member Management Financial Reporting Third Sector / APS

Credentials

Certifications

Certifications and study tracks that match the infrastructure work I am building in public.

AZ-900
Microsoft Azure Fundamentals
Passed
AZ-104
Microsoft Azure Administrator
Preparing
CCNA
Cisco Certified Network Associate
Preparing

What I Build

Projects

A public progression of Azure projects: each one adds a new infrastructure concern, from the first VM to a security-checked container deployment pipeline.

L1 Foundation L2 Core Infrastructure L3 Secure Architecture L4 Production-Oriented L5 DevSecOps Platform
GitHub
Azure Terraform Linux VM
L1 Foundation
Foundational IaC deployment: a Linux VM on Azure with custom networking, NSG rules, SSH key access, and automated Nginx provisioning via cloud-init.
Terraform Azure Linux cloud-init NSG Nginx
What this shows

A clean starting point: Azure networking, SSH access, NSG rules and cloud-init automation.

HCL
GitHub
Secure Two-Tier Infrastructure
L2 Core Infrastructure
Segmented two-tier Azure environment with management and web subnets, subnet-scoped NSGs, dedicated admin VM, and automated provisioning across multiple VMs.
Terraform Azure VNet Subnet Design ARM64 Multi-VM
What this shows

Subnet separation, management access patterns and multi-VM provisioning without turning the code into a mess.

HCL
GitHub
Secure Private Platform
L3 Secure Architecture
Private-first infrastructure design: no public VM IPs, Azure Bastion for secure admin access, Key Vault, Log Analytics, and modular Terraform structure.
Azure Bastion Key Vault Log Analytics Private VNet Modules
What this shows

Private-by-default thinking: no public VM IPs, Bastion access, Key Vault and operational logging.

HCL
GitHub
Load Balanced Web Platform
L4 Production-Oriented Pattern
Public Azure Load Balancer fronting two private ARM64 Ubuntu backend VMs, with Bastion admin access, health probes, NSG-based security, and cloud-init automation.
Load Balancer Backend Pool Health Probes High Availability ARM64
What this shows

A first high-availability pattern with backend pools, health probes and traffic distribution.

HCL

Growth Areas

Currently Learning

Current study areas, connected to projects I'm actually building. No fake precision, just the work in progress.

Azure Administration (AZ-104)

Deepening knowledge of Azure services, identity management, governance, and administration workflows beyond the fundamentals.

PreparingIdentity, governance, monitoring, networking and day-to-day administration labs.

Networking (CCNA)

Studying routing, switching, VLANs, subnetting, and core networking protocols as the base for real cloud infrastructure design.

PreparingRouting, switching, VLANs, subnetting and troubleshooting fundamentals.

Linux Operations

Building operational confidence with file systems, process management, SSH hardening, and scripting for cloud VM environments.

Applied in projectsSSH, service management, filesystems, hardening basics and scripting.

Terraform Best Practices

Moving toward modular, reusable, production-grade IaC: remote state, workspaces, and enterprise-pattern infrastructure design.

Applied in projectsModules, remote state, variables, outputs and cleaner environment separation.

Docker

Building confidence with images, containers, Dockerfiles, networking, volumes, and Compose-based environments for cloud deployment.

Applied in latest projectDockerfiles, local builds, image push to ACR and container deployment flow.

Kubernetes

Learning core orchestration concepts: pods, deployments, services, namespaces, and the foundations for running workloads on AKS.

Learning nextPods, deployments, services, namespaces and AKS fundamentals.

Built in public, then cleaned up until it makes sense.

I use projects as a way to learn properly: deploy it, break it, debug it, document the decision, then rebuild the next version with fewer shortcuts.

I'm junior and I say that clearly. The point of this site is not to pretend otherwise, but to show how I think, how I structure work, and how fast I can turn theory into working infrastructure.

See My Work on GitHub
01
Working Azure deployments

The projects are deployed on Azure and documented from setup to cleanup, not only described in a README.

02
Readable infrastructure

I care about naming, modules, state, diagrams and commit history because infrastructure has to be understood by the next person.

03
Security as a habit

Identity, least privilege, private access and scanning are introduced early, even when the project is still small.

Let's Connect

Open to junior cloud roles
and real technical conversations.

Currently looking around Milan/Varese and remote or hybrid setups. Best fit: Junior Cloud Engineer, Junior System Administrator, Cloud/DevOps internship, Cloud Operations or monitoring-focused roles.

Connect on LinkedIn View GitHub Download CV
Milan / Varese / Remote · Italian native · English C1 · French conversational