colin-shanahanโ—devops

DevOps Engineer ยท Relocating to Charlotte, NC

Colin Shanahan ships reliable pipelines.

Ten-plus years across systems administration, infrastructure engineering, and DevOps โ€” now architecting Azure DevOps CI/CD and infrastructure as code that cut release cycles by 40% and keep critical applications at 99.9% uptime.

โ†‘ resume served live from Azure Blob Storage, published by this site's own pipeline

run #2026.06.09 ยท main azure-pipelines.yml
Plan
terraform ยท bicep
Provision
container apps ยท kv
Build
azure devops ci
Release
โˆ’40% cycle time
Operate
99.9% uptime

// highlights

Track record

โˆ’40%
release cycle time after migrating Octopus Deploy & Jenkins workflows to Azure DevOps
99.9%
uptime maintained for restoration-critical infrastructure at American Electric Power
10+ yrs
across systems administration, infrastructure, and DevOps engineering
6
certifications spanning Azure, AWS, security, and service management

// experience

Deployment history

RDGFilings running

DevOps Engineer
Oct 2022 โ€“ Present
Remote / Onsite
  • Architected Azure DevOps CI/CD pipelines, migrating legacy workflows off Octopus Deploy and Jenkins โ€” cutting release cycles by 40% and improving deployment reliability.
  • Designed and provisioned Azure infrastructure โ€” Container Apps, Function Apps, Virtual Machines, and Key Vault โ€” enabling scalable, secure environments for enterprise applications.
  • Authored Terraform and Bicep to automate infrastructure provisioning, replacing GCP-based systems with consistent, repeatable deployments.
  • Partnered with engineering and product teams to define operational requirements, aligning DevOps practice with business needs in an Agile environment.
  • Contributed to HIPAA compliance initiatives for a child company โ€” secure configurations, documented processes, regulatory alignment.
  • Mentored junior engineers and dev teams on Azure DevOps best practices, building a culture of knowledge-sharing.

American Electric Power (AEP)

Infrastructure Engineer
Jun 2019 โ€“ Oct 2022
Roanoke, VA
  • Led the onsite team managing critical infrastructure โ€” Oracle databases and Windows servers โ€” sustaining 99.9% uptime for restoration-focused applications.
  • Designed and implemented failover systems using Azure DevOps, enabling rapid recovery and minimizing downtime during outages.
  • Documented system configurations and collaborated cross-functionally to troubleshoot issues and keep teams unblocked.

1901 Group

Systems Administrator / Help Desk Lead
May 2015 โ€“ Jun 2019
Blacksburg, VA / Washington, DC
  • Deployed Microsoft Intune for endpoint management, streamlining device configuration and improving security compliance org-wide.
  • Handled networking operations โ€” firewall maintenance, DNS configuration, switch management โ€” keeping infrastructure secure and reliable.
  • Served as mid-level escalation point for server and system issues, resolving complex problems and mentoring junior team members.
  • Documented processes and configurations to raise operational efficiency and support team knowledge-sharing.

// selected work

Case studies

migration ยท ci/cd

Retiring Octopus Deploy & Jenkins without breaking release day

Problem
Two legacy deployment systems, fragmented release knowledge, and slow, unreliable release cycles.
Approach
Rebuilt the workflows as Azure DevOps multi-stage YAML pipelines, migrating incrementally so teams never lost the ability to ship while cutting over.
โœ“ release cycles โˆ’40% ยท reliability up ยท one platform
iac ยท cloud migration

Replacing hand-built GCP systems with Terraform & Bicep on Azure

Problem
Infrastructure provisioned by hand on GCP โ€” inconsistent environments, no repeatable path from dev to production.
Approach
Codified the estate in Terraform and Bicep: Container Apps, Function Apps, VMs, and Key Vault, provisioned identically every time from version-controlled templates.
โœ“ repeatable environments ยท drift eliminated ยท auditable infra
reliability ยท failover

Failover for the systems that turn the lights back on

Problem
At AEP, restoration-focused applications backed by Oracle and Windows servers couldn't afford downtime โ€” these are the systems crews depend on during outages.
Approach
Designed and implemented failover systems orchestrated through Azure DevOps, enabling rapid, practiced recovery instead of ad-hoc heroics.
โœ“ 99.9% uptime sustained ยท rapid recovery during outages

// code i've shipped

Project showcase

infrastructure as code ยท terraform ยท github actions ยท oidc

This site, as code

The portfolio you're reading is its own demo: Terraform provisions the Azure Static Web App hosting it plus the Blob Storage serving the resume, and GitHub Actions redeploys both on every push โ€” authenticating to Azure via OIDC federation, with zero cloud credentials stored in CI.

The repo is public. Clone it, read the Terraform, check the workflow runs โ€” everything claimed here is verifiable.

terraformazure-static-web-appsblob-storagegithub-oidcleast-privilege
infra/main.tfthe actual code running this page
# GitHub Actions logs into Azure with a federated token โ€”
# no client secrets, nothing to rotate, nothing to leak.
resource "azurerm_federated_identity_credential" "github_main" {
  parent_id = azurerm_user_assigned_identity.github.id
  issuer    = "https://token.actions.githubusercontent.com"
  subject   = "repo:cjshanahan1228/colinshanahan.dev-portfolio:ref:refs/heads/main"
  audience  = ["api://AzureADTokenExchange"]
}

# Least privilege: identity can only write blobs in one account.
resource "azurerm_role_assignment" "github_blob_writer" {
  scope                = azurerm_storage_account.resume.id
  role_definition_name = "Storage Blob Data Contributor"
  principal_id         = azurerm_user_assigned_identity.github.principal_id
}
observability ยท serverless ยท managed identity

Monitor it like production

A live ops dashboard for this site: Application Insights pings it every 5 minutes from three US regions (with SSL-expiry checks), and an Azure Function queries that telemetry through a managed identity โ€” KQL over the Log Analytics API, zero keys anywhere โ€” plus the deploy history from GitHub.

It's not a badge, it's telemetry: open the dashboard, or type status in the console below to query it live.

app-insightsazure-functionskqlmanaged-identitysynthetic-monitoring
api/src/functions/status.jsthe code answering `status` right now
// DefaultAzureCredential โ†’ system-assigned managed identity.
// No instrumentation keys, no API keys, nothing to rotate.
const logsClient = new LogsQueryClient(new DefaultAzureCredential());

const summaryKql = `
  availabilityResults
  | where timestamp > ago(24h)
  | summarize total = count(),
              passed = countif(success == true),
              avgMs = round(avg(duration), 0)`;

// Partial-failure tolerance: a GitHub hiccup can't blank
// the uptime numbers, and vice versa.
const [avail, deploys] = await Promise.allSettled([
  queryAvailability(),
  queryDeploys(),
]);

// skills & certifications

Stack manifest

# colin-shanahan/stack.yml
cloud:        [azure, aws, gcp]
ci_cd:        [azure-devops, jenkins]
iac:          [terraform, bicep, cloudformation]
containers:   [container-apps, docker]
azure:
  compute:    [container-apps, function-apps, vms]
  security:   [key-vault, intune]
tooling:      [git, jira]
practices:
  - strategic-planning
  - technical-documentation
  - hiring & mentoring
  - cross-team collaboration
Azure Administrator (AZโ€‘104)
Microsoft ยท 2025
Azure DevOps Engineer Expert (AZโ€‘400)
Microsoft ยท 2025
AWS Solutions Architect
Amazon Web Services
AWS Certified Developer
Amazon Web Services
CompTIA Security+
CompTIA
ITIL Foundation
Axelos

// multi-cloud

Fluent in three clouds

Same problems, different nouns. Azure is my daily driver, I hold two AWS certifications, and I've migrated production systems off GCP โ€” which means I can read your estate whichever console it lives in. Here's how my toolkit translates:

Capability Azure primary AWS GCP
containers Container Apps ยท ACR ECS / Fargate ยท ECR Cloud Run ยท Artifact Registry
serverless Function Apps Lambda Cloud Functions
secrets Key Vault Secrets Manager Secret Manager
compute Virtual Machines EC2 Compute Engine
iac (native) Bicep / ARM CloudFormation Deployment Manager
ci/cd Azure Pipelines CodePipeline Cloud Build
terraform one language across all three columns โ€” which is why it's my default for anything portable
azure โ€” production daily

Architecting CI/CD and provisioning Container Apps, Function Apps, VMs, and Key Vault at RDGFilings. AZ-104 + AZ-400 certified.

aws โ€” certified ร—2

AWS Solutions Architect and AWS Certified Developer โ€” fluent in the EC2/Lambda/IAM model and how it maps to Azure equivalents.

gcp โ€” migrated from

Replaced GCP-based systems with Terraform- and Bicep-provisioned Azure infrastructure โ€” you learn a cloud thoroughly when you carefully move off it.

// how i work

Operating principles

$ cat principles/01

Boring deploys are the goal

A release should be an uneventful Tuesday afternoon, not a war room. If shipping requires courage, the pipeline isn't finished.

$ cat principles/02

If it isn't in code, it doesn't exist

Hand-built infrastructure is a liability with an expiration date. Terraform and Bicep aren't extra work โ€” they're the work.

$ cat principles/03

Documentation is a deployment artifact

A system only one person understands is a single point of failure wearing a badge. I write things down so teams scale past me.

$ cat principles/04

Mentoring compounds

The highest-leverage thing I've shipped isn't a pipeline โ€” it's engineers who no longer need me to run one.

// console

Don't take my word for it โ€” query me

This portfolio ships with a working shell. Type help to see what it knows.

colin@portfolio: ~
Welcome. This is a real, working terminal. Try: help, whoami, stack, uptime, certs, contact
colin@portfolio:~$

// education

Education

Ferrum College

B.S. Computer Science
Relevant coursework: Cloud Computing, Cybersecurity, Networking, Software Engineering
May 2015 ยท Ferrum, VA