Shez Bhagwandin

Cloud Engineer

|

About

Shez Bhagwandin

Here is a little background

Shez Bhagwandin is a Senior Cloud Engineer who specializes in making cloud platforms more reliable, secure, and efficient. Working primarily in Azure, he designs automation systems that handle identity governance, application monitoring, and CI/CD pipelines—turning manual, repetitive tasks into scalable, auditable solutions. His journey into cloud engineering began with hands-on networking and infrastructure work, building a foundation that now informs how he approaches platform reliability and DevOps. Whether it's creating uptime monitoring systems for business-critical APIs or automating identity compliance across hundreds of applications, Shez focuses on solutions that reduce operational overhead and improve system observability. Certified as a Microsoft Azure Administrator and holding degrees in Network Technology and IT Management, Shez combines technical depth with a practical, problem-solving mindset. He's passionate about infrastructure as code, API-driven automation, and building systems that just work. When he's not automating cloud infrastructure, you'll find Shez on the golf course, staying active, or spending time with his family—all reminders that discipline, continuous improvement, and balance matter both professionally and personally.

Experience

Window Nation

Cloud Engineer

Window Nation

July 2021 - Present

  • Designed and maintained Azure-based platform automation and governance systems supporting identity, application access, and business-critical workflows across enterprise infrastructure.
  • Built Azure DevOps YAML pipelines and Infrastructure as Code solutions using Terraform and ARM templates for standardized, repeatable deployments.
  • Developed application uptime and reliability monitoring platform using Azure Logic Apps, Blob Storage, and Power BI, reducing mean time to detect incidents by ~70% across 15+ business-critical services.
  • Automated identity governance workflows using PowerShell and Microsoft Graph, monitoring 400+ app registrations, service principals, and enterprise applications for compliance and security.

Skills

Hover over a skill for current proficiency

SharePoint

95%

Azure

100%

Azure ARM

85%

Azure DevOps

95%

Bicep

85%

Docker

80%

HTML 5

85%

Mac OS

90%

Power BI

80%

Power Apps

100%

PowerShell

95%

VS Code

100%

Power Automate

85%

Function Apps

95%

GitHub Actions

95%

Projects

Green Light

Green Light

Getting a tee time at a popular municipal golf course means checking the booking site repeatedly and hoping something opens up. I built Green Light to handle that automatically. Green Light is a personal Telegram bot that monitors Rocky Point and Fox Hollow golf courses for available tee times in a target morning window. Send it a natural language message like "Looking for a tee time Saturday for 2 players" and it registers the search, checks immediately, then continues polling the ForeUp booking API every hour until it finds something or the date passes. Multiple searches run concurrently, and a check-in notification fires every six hours so you know it's still running. Built on Azure Functions (PowerShell) with a dual-trigger architecture: an HTTP trigger handles incoming Telegram messages and commands while a timer trigger drives the hourly polling loop. Search state is persisted in Azure Table Storage, and infrastructure is defined as Bicep and deployed through a three-stage GitHub Actions pipeline that includes Checkov security scanning before any deployment runs.

View DetailsClick to expand
Canary

Canary

Canary is an internal outage notification system I built to eliminate alert fatigue and ensure the right stakeholders are informed when a confirmed service disruption occurs. Prior to Canary, our team relied on manual monitoring of vendor status pages, a process prone to delays and missed incidents during off-hours. The system polls an IsDown board every five minutes, evaluates active incidents against a two-check confirmation threshold to filter transient false positives, and routes potential outages through a Microsoft Teams approval gate before notifying stakeholders via Microsoft Graph email. Recovery notifications are handled automatically when services return to operational. Adding a new service to the IsDown board requires no code changes, as Canary picks it up on the next polling cycle. Built on Azure Functions (PowerShell), with all infrastructure defined as Bicep and deployed through a two-stage Azure DevOps pipeline. Secrets are managed via Key Vault with Managed Identity, and outage state is persisted in Azure Table Storage.

View DetailsClick to expand
Help Desk Automation

Help Desk Automation

Tier 2 and 3 support teams were spending significant time on repetitive, process-driven tickets for license assignments, Active Directory changes, Exchange configurations, and DevOps project access. These requests followed predictable patterns but still required manual intervention to resolve and close. The Ticket Completion Software (TCS) is an Azure Function that polls the ServiceDesk Plus ticketing system every 15 minutes, identifies tickets matching automatable request types, and executes the required actions through a combination of Microsoft Graph, PowerShell, and the ServiceDesk Plus API. Once complete, TCS updates the ticket, replies to the requester through the ticket thread, and closes it with no human touchpoint required. Built on Azure Functions (PowerShell) with Microsoft Graph handling identity and licensing operations, and the ServiceDesk Plus API managing ticket lifecycle.

View DetailsClick to expand
SharePoint Intranet

SharePoint Intranet

Employees across departments were repeatedly submitting help desk tickets for information that should have been self-service, with no centralized location to find or maintain policy documents, department resources, or onboarding materials. I designed and built a company-wide SharePoint intranet now used by over 1,700 employees across 12 departments. The platform is structured around a tiered Microsoft 365 security group model where each department's content is scoped to its own group. Department owners can manage membership directly without requiring SharePoint admin access, and employees needing access to a specific library are granted it through group membership alone, keeping permissions consistent and auditable without distributing administrative roles.

View DetailsClick to expand
Mobile Fleet Management

Mobile Fleet Management

Field operations teams were completing monthly vehicle inspections on paper forms, creating a manual data entry burden and making it difficult to track vehicle conditions, flag outstanding issues, or identify trends across the fleet. I built a PowerApps canvas application that digitizes the entire inspection process. Employees complete a structured monthly questionnaire on their mobile device, including photos taken on-site, with a conditional flow that triggers an additional tool inspection for vehicles with onboard equipment. Responses and images are submitted directly to SharePoint, where the fleet operations team can review them in real time. Power Automate handles the automation layer: generating reports for vehicles with outstanding issues, alerting on missing or replacement-needed tools, and automatically resolving vehicle images from a separate SharePoint list based on year, make, and model. This eliminates manual image management as the vehicle registry changes.

View DetailsClick to expand

Contact

The time will never be better, lets chat

+1 443-449-1170

shezbhagwandin@gmail.com