Cloud Infrastructure Lead · AWS Solutions Architect
East Freetown, MA · 10+ years in ITBuilt from
helpdesk to
architecture.
I design, deploy, and operate AWS environments for healthcare, biotech, and research teams. Multi-account foundations. Hybrid networks. Identity that holds up under audit. I carry it independently — from first design to the week after go-live.
$40k
Found in idle spend on first cost review pass — paid back in 30 days
200
Mailboxes migrated in a single weekend. Zero rollbacks. One support ticket.
<4 hrs
First live DR failover the org ever ran. Zero data loss.
10+
Multi-account AWS environments deployed across healthcare & life sciences
~40%
Reduction in AWS incident resolution time via standardized runbooks
Background
Where I came from,
and what it built.
I did not start with a cloud certification. I started with a ticket queue — and kept moving deeper until the systems made sense.
“The sun doesn’t rush. It doesn’t force its way up. It rises, consistently, every day, whether you’re paying attention or not.
There was a period of genuine uncertainty — between where I started and where I was going, without a full picture of how to get there. I sat with it. I watched. Then I made a decision to keep moving, even before the path was visible.
That mindset carried into how I approach infrastructure: understand the system, take ownership, build what lasts, and write it down for the next person. I still see the work the same way — not something finished, but something unfolding.
Read the full story →01Helpdesk · Bay State IT
Started where users feel pain first. Learned to look past symptoms and fix system causes.
02Infrastructure & Cloud Engineering
Widened into servers, networks, storage, identity, and AWS. Cared less about closing fast, more about whether it would still make sense next month.
03AWS Ownership & Architecture
Became the person people called when design, deploy, and incident response needed one owner. Healthcare, biotech, research.
04Today · M.A. Camara LLC
Engineering, advisory, and delivery across clients who need it done right and built to last. AWS SAP & Network Specialist in progress.
Reference Architecture
AWS Landing Zone Accelerator
for Healthcare
A multi-account, HIPAA/HITRUST-aligned AWS foundation — Management Pipeline through Compliance Posture. Every layer deployed and operated in production.
Management & Tooling — Root / Management Account
🔧
CodePipeline
Source trigger
🏗️
CodeBuild
Build & validate
🗂️
CloudFormation
Stack deployment
☁️
Control Tower
Guardrails & SCPs
AWS Organizations — Organizational Unit Structure
Identity & Access Federation
IAM Identity Center (SSO) — Centralized Identity & Access
Microsoft Entra ID (SAML 2.0)
Security Controls Enforcement
Security & Compliance Services — Enabled Across All Accounts
AWS Security Hub
Aggregates findings. CIS, HIPAA, NIST controls.
Amazon GuardDuty
Threat detection — malicious IPs, DNS, CloudTrail anomalies.
AWS Config
Continuous compliance evaluation & drift detection.
AWS CloudTrail
Org-wide API audit logs centralized to Log Archive S3.
Amazon Macie
S3 sensitive data discovery — PHI / PII classification.
SCPs + KMS
Preventive controls. CMKs for EBS, S3, RDS encryption.
Network Account — Centralized Networking
Transit Gateway
TGW PeeringRoute TablesRAM Share
Inspection VPC
Network FirewallEast-West
Endpoint VPC
PrivateLinkRoute 53
Client VPN
Entra ID AuthSplit Tunnel
On-Prem / DX
Direct ConnectS2S VPN
Workload Connectivity via TGW
Workload Accounts — Data & Compute
Centralized Logging & Audit
Compliance Frameworks & Audit Posture
HIPAAHITRUST CSFCIS AWS v1.4NIST 800-53SOC 2Org-wide CloudTrail · Centralized Log Archive · Config Rules · Security Hub Aggregator
Work
Systems I’ve lived inside.
Client names stay private. The work, the numbers, and the design decisions do not.
Life Sciences · Hybrid Cloud
Secure Lab Data Workflow for a Research Environment
A hybrid cloud storage and identity architecture connecting on-premises lab staff and remote researchers to the same secure data layer — under one identity model, with full audit capability.
3Isolated data tiers. Dev, prod, shared — with production structurally read-only by design.
AWS Storage GatewayEntra ID SSOSite-to-Site VPNClient VPNAmazon S3SSE-KMS
Read the case study →Architecture — Conceptual Overview
Identity & Authentication LayerSSO · MFA · RBAC
Network Access — On-Prem & RemoteEncrypted tunnels
Cloud File GatewayProtocol + cache
Environment-Segregated Object Storage3 isolated tiers
Data Protection, Lifecycle & AuditEncrypted · Versioned
Multi-Account · IAM · Healthcare
When the AWS Footprint Outgrew One Account
Moved a client from ad-hoc AWS sprawl to a clean multi-account foundation. The real goal was an estate a new engineer or auditor can map without guesswork.
1 dayIdentity onboarding. Down from days of manual IAM work via IAM Identity Center + SCIM.
Control TowerLZ AcceleratorIAM Identity CenterSCIMHealthcare
New engineers reach the right accounts in under an hour. No more manual IAM user creation or access spreadsheets.
Guardrails people actually use — SCPs prevent root usage, enforce regions, block public S3 at the org level.
Audit-ready from day one. Centralized CloudTrail, Config rules, Security Hub aggregated across every account.
Estate a new engineer can map. Documentation and account structure designed for the next person, not the current project.
Advisory · Cost · Security
Honest Reads on What the Estate Is Really Doing
Architecture and risk reviews aimed at better sequencing, cleaner spend, and fewer operational surprises. I call out delivery gaps early when promises outrun platform reality.
$40k/yrFound in idle reserved instances and orphaned snapshots. First pass. Paid back in 30 days.
AdvisoryCost OptimizationSecurity ReviewsRoadmaps
Migrated ~200 mailboxes in one weekend. Zero rollbacks. One support ticket — a naming conflict caught in pre-flight.
Replaced a flat VPC-per-account mesh with a Transit Gateway hub — cut routing table sprawl ~60%.
First live DR failover the org ever ran — completed under 4 hours, zero data loss. The runbook replaced a document no one trusted.
Zero Slurm job failures in the 6 months after cluster rebuild — team stopped tracking cluster state manually.
How I Can Help
Situations where
a conversation helps.
Not a product menu. These are the places where responsibility has pulled me in and I’ve kept showing up.
🏗️
AWS Foundation & Governance
Multi-account foundations via Control Tower and LZ Accelerator. Guardrails, SCPs, centralized logging, and compliance baselines that hold up under audit — not just on paper.
Let’s talk →🔀
Hybrid Connectivity
VPN, Transit Gateway, and routing patterns that stay legible under pressure. I prefer explicit maps over hidden assumptions — built to survive staff turnover.
Let’s talk →🔑
Identity & Access
IAM Identity Center, Okta, Azure AD, and AD integration so access models make sense to both users and auditors. The knot, untied.
Let’s talk →🧬
Healthcare & Life Sciences
HIPAA/HITRUST-aligned environments, Biotech Blueprint, ParallelCluster, lab workflow systems, and HPC stacks treated like production — not temporary grant artifacts.
Let’s talk →📦
Storage, Backup & Recovery
Gateway and NAS patterns, backup scope, and DR plans the operating team can actually execute. A plan is only credible if someone has practiced it.
Let’s talk →📧
Migrations & M365
Workspace-to-M365 moves with real DNS/identity cutovers and a stabilization phase after go-live. I stay through the week after — that's where trust is earned.
Let’s talk →How I Work
The rules I reach for
when things get real.
01
Ownership
If I put my name on a design, I own what happens in operations too: certificates, integrations, drift, and handoff quality.
02
Clarity for every audience
Engineers need specifics, and non-engineers still need clear trade-offs. I aim for language both groups can act on.
03
Security and scale as engineering
Security and scale are design decisions, not late-stage add-ons. It is always cheaper to argue in design than in incident review.
04
Operational truth
I trust evidence: logs, metrics, runbooks, and clear change history. Process should match how failures actually happen.
05
Promises you can keep
What is sold and what the platform can sustain should describe the same reality. I push back when that gap grows.
06
Writing for the next person
Documentation is part of delivery. Good notes and diagrams are how you respect the next operator and your future self.