Sheg Adelakun

Cloud Performance Engineer specializing in Kubernetes, observability, reliability engineering, and cloud optimization.

I build and optimize the systems behind modern applications — from Kubernetes platforms and observability pipelines to performance investigations and infrastructure cost optimization.

About

Portrait of Sheg Adelakun

I came up through SRE and DevOps before moving into cloud performance engineering, and I was hired into senior infrastructure work on demonstrated capability. Since then I have added the CKA and CKAD, with the CKS underway, because credentials should confirm practice rather than substitute for it.

The through-line in my work is evidence. Whether the question is a JVM that will not settle, a fleet that is overprovisioned, or a controller that needs to earn write access to production, I want measurements first, a clear safety policy second, and a system that operators can reason about at 3 AM above all.

Craft

Kubernetes

Cluster operations, scalability, workload optimization, resource management, autoscaling, scheduling, and platform reliability.

Observability

Grafana, Prometheus, metrics design, alerting strategy, dashboards, and operational visibility.

Performance Engineering

JVM analysis, capacity planning, bottleneck identification, workload tuning, and infrastructure optimization.

Cloud Infrastructure

AWS, EKS, automation, infrastructure architecture, reliability, and operational excellence.

FinOps

Rightsizing, utilization analysis, cost optimization, and cloud efficiency.

Security & Governance

Infrastructure security reviews, threat modeling, operational guardrails, risk analysis, and production readiness.

Engineering Philosophy

How I make technical decisions.

Measure Before Optimizing

Performance work starts with evidence, not assumptions. Every optimization begins with measurement and ends with validation.

Reliability Beats Cleverness

The best solution is often the one operators can understand during an incident. Simplicity scales better than complexity.

Build Systems, Not Heroics

Great engineers solve problems. Exceptional engineers build systems that prevent the same problem from recurring.

Proof

Verifiable credentials and completed work.

Credentials

  • Certified Kubernetes Administrator badge

    Certified Kubernetes Administrator

    The Linux Foundation / CNCF

    VerifiedLF-wpfd3rymwl

    Valid until April 2028

    Verify →
  • Certified Kubernetes Application Developer badge

    Certified Kubernetes Application Developer

    The Linux Foundation / CNCF

    VerifiedLF-sn32wzen3o

    Valid until April 2028

    Verify →
  • Certified Kubernetes Security Specialist badge

    Certified Kubernetes Security Specialist

    The Linux Foundation / CNCF

    In progress · 2026

Selected work

FinOps & Cost

Kubernetes FinOps at Fleet ScaleGovernance and rollout of automated workload rightsizing across a multi-cluster EKS fleet.

Led governance and rollout of an automated workload rightsizing platform across a multi-cluster EKS fleet. Authored the deployment safety policy (CPU floor enforcement by environment tier), built the fleet-wide analysis identifying a seven-figure annual savings opportunity, and ran the readiness review that separated deploy-ready services from at-risk ones.

  • Kubernetes
  • FinOps
  • EKS
Observability Cost Attribution & ReductionObservability spend rose with no per-service visibility. I led the attribution analysis and reduction plan.

Monthly observability spend climbed — a five-figure log-cost spike was the trigger — but billing only exposed cluster-level aggregation, making attribution hard. I led the cost analysis and reduction plan: identify the top log producers, audit metric cardinality for unbounded labels, and sequence quick wins (log-level fixes, sampling non-critical logs, dropping unused metrics) ahead of architectural changes like tiered retention by service criticality. Recognizing that one production cluster dominated spend let the plan capture most of the opportunity without waiting on perfect per-service tagging.

  • FinOps
  • Grafana Cloud
  • Cardinality

Infrastructure & Automation

Security Governance for a Write-Mode Cloud ControllerSSP and STRIDE threat model for a controller with write access to production clusters.

Authored the System Security Plan and STRIDE threat model for a controller with write access to production Kubernetes clusters. Carried it through six independent review bodies — AppSec, SRE, CloudOps, Quality Engineering, Architecture, and Performance — including formal risk acceptance for vendor-constrained threats.

  • Security
  • Threat Modeling
  • Governance
Self-Service IP Allowlisting via GitOpsTurned a manual load-balancer ACL ticket into a validated, auditable GitOps flow — without bypassing approvals.

Allowlisting an IP on the load-balancer ACL was a manual ticket process. I built a Python automation around the existing Terraform repository that validates IP and CIDR syntax, detects duplicates and CIDR overlaps against the live config, injects the entry into the correct block, and routes through the existing pipeline so approval and review are preserved rather than bypassed by a direct API write. It uses locking to avoid races. I deliberately rejected a heavier design that would have orchestrated everything in a serverless function, letting the pipeline do the heavy lifting instead — the simpler system is the one operators can reason about.

  • GitOps
  • Terraform
  • Python
  • Automation
Terraform-Managed Observability BackboneBrought ~95 dashboards across 15 teams under version control with per-team isolation and least-privilege access.

Console-managed dashboards and folders drifted, were not version-controlled, and could be deleted without trace. I built and operate a modular Terraform system that manages observability by team: a central orchestration layer loading per-team dashboard definitions automatically, plus a module that provisions teams, folders, and least-privilege folder permissions. It manages roughly ninety-five dashboards across fifteen teams under version control with per-team folder isolation — the platform the rest of the governance work sits on.

  • Terraform
  • Grafana
  • IaC
  • Governance
ARM64 Migration Readiness AssessmentFleet-wide readiness classification for ARM64 adoption across containerized workloads.

Assessed application readiness for ARM64 adoption across containerized cloud workloads, classifying services by migration risk, identifying toolchain and binary-compatibility blockers, and quantifying the infrastructure cost-efficiency opportunity.

  • ARM64
  • Migration
  • Cost Efficiency

Observability

From 10% to 100% VPN Tunnel CoverageMonitoring looked complete but covered one tunnel in ten. I rebuilt it to cover every tunnel regardless of routing.

Site-to-site VPN monitoring was built on a BGP metric, but BGP was enabled on only one of ten tunnels — the rest used static routes — so the alerting silently covered ten percent of connections while appearing complete; the dark tunnels carried production database and customer-site traffic. Acting on a network engineer's discovery rather than defending the original design, I pivoted from the routing-protocol metric to a traffic-based one on the gateway resource, which covers every tunnel regardless of protocol. I built per-connection alerts across both regions, retired the obsolete BGP alerts, and rebuilt the dashboard with human-readable site names. Coverage went from one tunnel to all ten.

  • Monitoring
  • Networking
  • Grafana
Observability Engineering for Cloud PlatformsGrafana alerting through GitOps, PromQL against production schemas, and diagnosis of metric-pipeline gaps.

Designed and shipped a Grafana alerting suite through a GitOps pipeline, built PromQL against live production metric schemas, and diagnosed metric-pipeline gaps — missing ServiceMonitors and scrape coverage — that were blocking operational dashboards. Related work included synthetic monitoring across a dozen critical payment services with a live operational dashboard, and quorum-and-witness monitoring for a high-availability database cluster on a previously blind, revenue-critical failure path, with correct priority-based routing.

  • Grafana
  • Prometheus
  • PromQL
  • GitOps
Monitoring 30+ External DependenciesA major cloud outage took hours to attribute. I authored the epic to systematically watch every upstream provider.

A major cloud-provider outage hit both directly and through third parties on the same provider, and it took hours to identify the upstream as the root cause because vendor status was checked by hand during incidents. I authored the epic and split it across the team, inventorying and classifying thirty-plus external dependencies — cloud, payment, identity, and ops providers — by criticality. The design was tiered: subscription-based ingestion into the ticketing system for vendors that support it, synthetic and blackbox checks for those that do not, plus dependency mapping so an upstream alert states which internal services it affects. It was designed for sub-five-minute detection.

  • Reliability
  • Dependency Mapping
  • Synthetic Monitoring

Reliability & Incident Response

Closing a 12-Hour Monitoring Blind SpotAn unreviewed IaC change silently deleted production alert rules. I root-caused it and led the prevention program.

An unreviewed infrastructure-as-code run reorganizing monitoring folders deleted production alert rules as a side effect, and a revenue-critical service went down with no one paged for roughly twelve hours — the heartbeat alert that should have caught it no longer existed. I reconstructed the timeline, root-caused the folder-to-alert coupling, and ran the manual restoration critical-path first. I then led the prevention program: PR-time validation that detects destructive changes to alert resources in the plan, lifecycle guards on critical rules, state separation so monitoring is not coupled to general infrastructure, automated alert backups, and required review on monitoring changes. Console-managed alerts and dashboards were migrated into version control so they can no longer be changed silently.

  • Incident Response
  • Terraform
  • Grafana
  • Governance
Auto-Escalation for Unacknowledged Critical AlertsCritical alerts that no one triaged never escalated. I designed a time-based bridge that pages anyway.

Alerts defaulted to low priority and relied on a human to manually open an incident before any paging workflow began, so an alert that fired but went untriaged escalated to no one. I designed a time-based bridge: an unacknowledged critical alert auto-creates the incident after a fifteen-minute window, handing off to the existing escalation automation. The design resolved an architectural ambiguity about which system owns escalation timing, consolidating it into one layer rather than two competing ones.

  • Alerting
  • Escalation
  • On-Call
Standing Up a Problem-Management PracticeRecurring incidents kept getting solved and forgotten. I built the practice that turned them into tracked problems with corrective actions.

Incident response was resolving symptoms — a restart here, a reboot there — without anyone owning the recurrence. I stood up a structured problem-management practice on top of the incident process: root-cause analysis with corrective actions, formal known-error documentation for issues with no immediate fix, and consolidation of clusters of related recurring incidents into single tracked problem records so action items did not scatter across dozens of tickets. The practice fed a recurring report to leadership, making the pattern of recurrence visible rather than absorbed silently by on-call.

  • Problem Management
  • RCA
  • ITIL
  • Reliability

Strategy & Leadership

A Monitoring Maturity Model, Presented to the CTOBuilt a five-level maturity model that ranked services, prioritized by financial impact, and tracked the team's progress upward — taken to the CTO.

Monitoring coverage across the platform was uneven and there was no shared way to talk about how mature any given service was. I built a five-level monitoring maturity model, scored every service against it, and used it to drive a prioritization decision made jointly with partner teams: services with direct financial impact if they failed were advanced first, while lower-impact services moved up the scale on a longer horizon. The model became the framing for a read-out to the CTO and for a recurring progress report to leadership, turning scattered monitoring work into a legible roadmap with a direction and a finish line.

  • Strategy
  • Maturity Model
  • Stakeholder Communication

Impact

Verified outcomes. No animated counters, no vanity metrics.

  • Root-caused a 12-hour production monitoring blind spot and led the prevention program that closed the failure mode.
  • Took site-to-site VPN tunnel monitoring from 10% to 100% coverage after discovering most tunnels were dark.
  • Led analysis supporting a seven-figure annual infrastructure savings opportunity across a multi-cluster EKS fleet.
  • Brought ~95 dashboards across 15 teams under version-controlled, least-privilege Terraform management.
  • Authored production security reviews for Kubernetes controllers with elevated cluster permissions.
  • Certified Kubernetes Administrator (CKA) and Certified Kubernetes Application Developer (CKAD).

How the Work Gets Done

Every engagement runs the same loop — evidence in, validated change out.

Engineering workflow: Observe, Measure, Analyze, Optimize, Validate, feeding back into Observe.ObserveMeasureAnalyzeOptimizeValidate

Now

Building at the intersection of cloud infrastructure, performance engineering, and emerging AI workloads.

Current focus

  • Kubernetes performance and scalability
  • Observability and reliability engineering
  • Cloud cost optimization and FinOps
  • AI infrastructure foundations

Education

BS in Applied Computing (Artificial Intelligence) · University of Arizona

Target certifications

  • CKS
  • AWS Solutions Architect Associate

Notes

A long-term home for technical writing.

Contact

Direct links. No forms.