colin-shanahandevops

DevOps Engineer

Colin Shanahan ships reliable pipelines.

Ten-plus years across systems administration, infrastructure engineering, and DevOps — now architecting Azure DevOps CI/CD and infrastructure as code that cut release cycles by 40% and keep critical applications at 99.9% uptime.

↑ resume served live from Azure Blob Storage, published by this site's own pipeline

run #2026.06.09 · main azure-pipelines.yml
Plan
terraform · bicep
Provision
container apps · kv
Build
azure devops ci
Release
−40% cycle time
Operate
99.9% uptime

// highlights

Track record

−40%
release cycle time after migrating Octopus Deploy & Jenkins workflows to Azure DevOps
99.9%
uptime maintained for restoration-critical infrastructure at American Electric Power
10+ yrs
across systems administration, infrastructure, and DevOps engineering
6
certifications spanning Azure, AWS, security, and service management

// experience

Deployment history

RDGFilings running

DevOps Engineer
Oct 2022 – Present
Remote / Onsite
  • Architected Azure DevOps CI/CD pipelines, migrating legacy workflows off Octopus Deploy and Jenkins — cutting release cycles by 40% and improving deployment reliability.
  • Designed and provisioned Azure infrastructure — Container Apps, Function Apps, Virtual Machines, and Key Vault — enabling scalable, secure environments for enterprise applications.
  • Authored Terraform and Bicep to automate infrastructure provisioning, replacing GCP-based systems with consistent, repeatable deployments.
  • Partnered with engineering and product teams to define operational requirements, aligning DevOps practice with business needs in an Agile environment.
  • Contributed to HIPAA compliance initiatives for a child company — secure configurations, documented processes, regulatory alignment.
  • Mentored junior engineers and dev teams on Azure DevOps best practices, building a culture of knowledge-sharing.

American Electric Power (AEP)

Infrastructure Engineer
Jun 2019 – Oct 2022
Roanoke, VA
  • Led the onsite team managing critical infrastructure — Oracle databases and Windows servers — sustaining 99.9% uptime for restoration-focused applications.
  • Designed and implemented failover systems using Azure DevOps, enabling rapid recovery and minimizing downtime during outages.
  • Documented system configurations and collaborated cross-functionally to troubleshoot issues and keep teams unblocked.

1901 Group

Systems Administrator / Help Desk Lead
May 2015 – Jun 2019
Blacksburg, VA / Washington, DC
  • Deployed Microsoft Intune for endpoint management, streamlining device configuration and improving security compliance org-wide.
  • Handled networking operations — firewall maintenance, DNS configuration, switch management — keeping infrastructure secure and reliable.
  • Served as mid-level escalation point for server and system issues, resolving complex problems and mentoring junior team members.
  • Documented processes and configurations to raise operational efficiency and support team knowledge-sharing.

// selected work

Case studies

migration · ci/cd

Retiring Octopus Deploy & Jenkins without breaking release day

Problem
Two legacy deployment systems, fragmented release knowledge, and slow, unreliable release cycles.
Approach
Rebuilt the workflows as Azure DevOps multi-stage YAML pipelines, migrating incrementally so teams never lost the ability to ship while cutting over.
✓ release cycles −40% · reliability up · one platform
iac · cloud migration

Replacing hand-built GCP systems with Terraform & Bicep on Azure

Problem
Infrastructure provisioned by hand on GCP — inconsistent environments, no repeatable path from dev to production.
Approach
Codified the estate in Terraform and Bicep: Container Apps, Function Apps, VMs, and Key Vault, provisioned identically every time from version-controlled templates.
✓ repeatable environments · drift eliminated · auditable infra
reliability · failover

Failover for the systems that turn the lights back on

Problem
At AEP, restoration-focused applications backed by Oracle and Windows servers couldn't afford downtime — these are the systems crews depend on during outages.
Approach
Designed and implemented failover systems orchestrated through Azure DevOps, enabling rapid, practiced recovery instead of ad-hoc heroics.
✓ 99.9% uptime sustained · rapid recovery during outages

// code i've shipped

Project showcase

infrastructure as code · terraform · github actions · oidc

This site, as code

The portfolio you're reading is its own demo: Terraform provisions the Azure Static Web App hosting it plus the Blob Storage serving the resume, and GitHub Actions redeploys both on every push — authenticating to Azure via OIDC federation, with zero cloud credentials stored in CI.

The repo is public. Clone it, read the Terraform, check the workflow runs — everything claimed here is verifiable. Or take the guided tour: the animated architecture →

terraformazure-static-web-appsblob-storagegithub-oidcleast-privilege
infra/main.tfthe actual code running this page
# GitHub Actions logs into Azure with a federated token —
# no client secrets, nothing to rotate, nothing to leak.
resource "azurerm_federated_identity_credential" "github_main" {
  parent_id = azurerm_user_assigned_identity.github.id
  issuer    = "https://token.actions.githubusercontent.com"
  subject   = "repo:cjshanahan1228/colinshanahan.dev-portfolio:ref:refs/heads/main"
  audience  = ["api://AzureADTokenExchange"]
}

# Least privilege: identity can only write blobs in one account.
resource "azurerm_role_assignment" "github_blob_writer" {
  scope                = azurerm_storage_account.resume.id
  role_definition_name = "Storage Blob Data Contributor"
  principal_id         = azurerm_user_assigned_identity.github.principal_id
}
observability · serverless · managed identity

Monitor it like production

A live ops dashboard for this site: Application Insights pings it every 5 minutes from three US regions (with SSL-expiry checks), and an Azure Function queries that telemetry through a managed identity — KQL over the Log Analytics API, zero keys anywhere — plus the deploy history from GitHub.

It's not a badge, it's telemetry: open the dashboard, or type status in the console below to query it live.

app-insightsazure-functionskqlmanaged-identitysynthetic-monitoring
api/src/functions/status.jsthe code answering `status` right now
// DefaultAzureCredential → system-assigned managed identity.
// No instrumentation keys, no API keys, nothing to rotate.
const logsClient = new LogsQueryClient(new DefaultAzureCredential());

const summaryKql = `
  availabilityResults
  | where timestamp > ago(24h)
  | summarize total = count(),
              passed = countif(success == true),
              avgMs = round(avg(duration), 0)`;

// Partial-failure tolerance: a GitHub hiccup can't blank
// the uptime numbers, and vice versa.
const [avail, deploys] = await Promise.allSettled([
  queryAvailability(),
  queryDeploys(),
]);

// skills & certifications

Stack manifest

# colin-shanahan/stack.yml
cloud:        [azure, aws, gcp]
ci_cd:        [azure-devops, jenkins]
iac:          [terraform, bicep, cloudformation]
containers:   [container-apps, docker]
azure:
  compute:    [container-apps, function-apps, vms]
  security:   [key-vault, intune]
tooling:      [git, jira]
practices:
  - strategic-planning
  - technical-documentation
  - hiring & mentoring
  - cross-team collaboration
Azure Administrator (AZ‑104)
Microsoft · 2025
Azure DevOps Engineer Expert (AZ‑400)
Microsoft · 2025
AWS Solutions Architect
Amazon Web Services
AWS Certified Developer
Amazon Web Services
CompTIA Security+
CompTIA
ITIL Foundation
Axelos

// multi-cloud

Fluent in three clouds

Same problems, different nouns. Azure is my daily driver, I hold two AWS certifications, and I've migrated production systems off GCP — which means I can read your estate whichever console it lives in. Here's how my toolkit translates:

Capability Azure primary AWS GCP
containers Container Apps · ACR ECS / Fargate · ECR Cloud Run · Artifact Registry
serverless Function Apps Lambda Cloud Functions
secrets Key Vault Secrets Manager Secret Manager
compute Virtual Machines EC2 Compute Engine
iac (native) Bicep / ARM CloudFormation Deployment Manager
ci/cd Azure Pipelines CodePipeline Cloud Build
terraform one language across all three columns — which is why it's my default for anything portable
azure — production daily

Architecting CI/CD and provisioning Container Apps, Function Apps, VMs, and Key Vault at RDGFilings. AZ-104 + AZ-400 certified.

aws — certified ×2

AWS Solutions Architect and AWS Certified Developer — fluent in the EC2/Lambda/IAM model and how it maps to Azure equivalents.

gcp — migrated from

Replaced GCP-based systems with Terraform- and Bicep-provisioned Azure infrastructure — you learn a cloud thoroughly when you carefully move off it.

// how i work

Operating principles

$ cat principles/01

Boring deploys are the goal

A release should be an uneventful Tuesday afternoon, not a war room. If shipping requires courage, the pipeline isn't finished.

$ cat principles/02

If it isn't in code, it doesn't exist

Hand-built infrastructure is a liability with an expiration date. Terraform and Bicep aren't extra work — they're the work.

$ cat principles/03

Documentation is a deployment artifact

A system only one person understands is a single point of failure wearing a badge. I write things down so teams scale past me.

$ cat principles/04

Mentoring compounds

The highest-leverage thing I've shipped isn't a pipeline — it's engineers who no longer need me to run one.

// console

Don't take my word for it — query me

This portfolio ships with a working shell. Type help to see what it knows.

colin@portfolio: ~
Welcome. This is a real, working terminal. Try: help, whoami, stack, uptime, certs, contact
colin@portfolio:~$

// education

Education

Ferrum College

B.S. Computer Science
Relevant coursework: Cloud Computing, Cybersecurity, Networking, Software Engineering
May 2015 · Ferrum, VA