Tymur
Chmeruk.
15+ years owning enterprise infrastructure security across AWS, financial, and hybrid cloud environments - NIST · FISMA · PCI-DSS.
US Person · GC Holder · Eligible
AWS Certified Solutions Architect
Not Required
RMF · NIST 800-53 · FedRAMP
Baltimore–Washington Metro
15+
Years ExperienceF100
Enterprise Clients3+
Compliance FrameworksEligible
Clearance StatusSecurity is architecture, not afterthought.
Controls are embedded at the infrastructure layer - in IaC, in CI/CD policy gates, in network segmentation. Not bolted on post-deployment.
If you can't measure it, you can't protect it.
Operational visibility is a security control. Deep telemetry, custom alerting, and structured observability are non-negotiable in every environment I own. Telemetry must be useful, owned, and economically sane - not just collected because a vendor agent made it easy.
Frameworks are the minimum, not the goal.
NIST, FISMA, and PCI-DSS define the baseline. Strong security posture exceeds them - through Zero Trust design, least privilege enforcement, and continuous hardening.
Observability Cost Reduction
Datadog is expensive when every log, metric, trace, and health check is treated as premium telemetry.
I help infrastructure teams separate critical observability from low-value noise - keeping Datadog for APM, SLOs, incidents, traces, and application visibility while moving static infrastructure, noisy logs, and bulk metrics to Zabbix, Grafana, Prometheus, Loki, OpenSearch, or object storage.
Read the Datadog cost reduction guide →Not all telemetry is created equal.
The cleanest cost optimization is not replacing every tool. It is routing the right signal to the right system: Datadog for critical application visibility, Zabbix/Grafana for infrastructure, and lower-cost storage for bulk telemetry.
Lead Cloud Infrastructure & Security Engineer
Independent Consulting & Contract Engagements // Silver Spring, MD
- › Cut mean-time-to-detect by 40% — replaced threshold noise with actionable SolarWinds and Zabbix alerting logic across hybrid AWS environments.
- › Eliminated configuration drift across multiple AWS accounts by standardizing Terraform + GitHub Actions as the IaC baseline, enforcing secure-by-default infrastructure from the first deploy.
- › Shifted policy enforcement left — Checkov integrated into CI/CD pipelines blocks non-compliant infrastructure before it reaches production, removing security review as a post-deployment bottleneck.
- › Owns full vulnerability remediation lifecycle from Tenable Nessus detection through SCCM patch execution, maintaining continuous NIST SP 800-53 Rev 5 alignment across enterprise environments.
- › Provides hybrid cloud security architecture and compliance advisory for clients operating under FISMA and NIST frameworks.
Cloud Operations & Security Manager
Magento, an Adobe Company (B2B Contractor) // Global
- › Sustained 99.9%+ uptime across Adobe Commerce infrastructure for Fortune 100 US retail clients — owned 24/7 operational security and reliability including peak traffic events.
- › Neutralized Layer 7 DDoS threats across PCI-DSS-scoped commerce infrastructure — architected Fastly CDN and WAF stack that absorbed attack traffic without commerce platform impact.
- › Owned AWS ALB and network traffic architecture for enterprise-scale order processing — tuned configurations to sustain peak load without performance degradation.
- › Served as org-wide SolarWinds Orion SME — designed monitoring architecture, alerting logic, and dashboards used by global operations teams; delivered capacity planning data directly to leadership.
- › Drove ITIL-aligned change management and SLA compliance via ServiceNow across 7+ years of global infrastructure operations.
Enterprise Infrastructure Security Engineer
EPAM Systems (Contractor for Barclays Bank) // Global
- › Operated within Barclays Bank's global investment banking division — zero-tolerance security standards, strict financial compliance, and no margin for infrastructure failure.
- › Hardened Cisco Catalyst and Nexus network infrastructure protecting trading systems — ACLs, VLAN segmentation, and port security controls across production financial infrastructure.
- › Administered enterprise-scale Active Directory, IAM, and Group Policy across global distributed environments — least-privilege access and Zero Trust controls enforced at the directory layer.
AWS (VPC, EC2, ALB, IAM, CloudTrail, GovCloud) · Azure · Google Cloud Platform
NIST SP 800-53 Rev 5 · RMF · FedRAMP · FISMA · PCI-DSS · ATO Support · DISA STIG · CMMC Level 2 · Zero Trust Architecture
Terraform · GitHub Actions · CI/CD Automation · Checkov · Secure-by-Default Infrastructure
IAM · RBAC · Active Directory · Group Policy · Least Privilege Access · OAuth 2.0 · SAML
SolarWinds Orion · Zabbix · Splunk · NetFlow Analysis · Operational Telemetry · Alerting
Fastly WAF · Layer 7 DDoS Mitigation · Network Segmentation · Cisco ACLs · Secure Hybrid Connectivity
Docker · Kubernetes
Python · Bash · PowerShell
Tenable Nessus · SCCM · ServiceNow
Observability Cost Reduction
Datadog Cost Reduction: What to Keep in Datadog and What to Offload to Zabbix/Grafana
A practical framework for reducing observability spend by keeping critical telemetry in Datadog and moving lower-value infrastructure, logs, and metrics to Zabbix, Grafana, Prometheus, Loki, OpenSearch, or object storage.
Read → Jun 1, 2026Datadog Bill Too High? Start With Logs, Custom Metrics, and Kubernetes Noise
A diagnostic guide to finding the real Datadog cost drivers before migrating: logs, custom metrics, high-cardinality tags, Kubernetes churn, APM traces, and duplicate cloud telemetry.
Read →Infrastructure Intelligence
Intel: Kinetic Infrastructure Loss and Generative Shadow IT
Architectural fallout from AWS datacenter drone strikes, Bedrock Grok integration, and mitigating the sprawl of AI-generated shadow databases.
Read → May 15, 2026Intel: Kinetic Strikes, Project Titus, and AWS IAM Rot
Architectural response to physical drone strikes on AWS infrastructure, high-density AI power constraints, and critical IAM drift remediation.
Read → May 1, 2026Intel: Quantum Decryption Timelines, Kinetic Targets, and Modular Scaling
Assessing the blast radius of Q-Day, Oracle's UAE kinetic exposure, and AWS Project Houdini's modular IaC physical layer.
Read → Apr 15, 2026Intel: Inference Silicon Shifts, IAM Negligence, and the Q-Day Horizon
Assessing Arm's direct-to-datacenter AGI CPU, the catastrophic $25M AWS key compromise at Resolv Labs, and mandatory architectural pivots for Post-Quantum Cryptography.
Read → Apr 11, 2026Intel: Custom Silicon, Leaked Keys, and Kinetic Cloud Threats
Arm drops IP licensing for direct silicon at Meta. Resolv Labs bleeds $25M to an AWS IAM failure. Oracle UAE takes a geopolitical hit.
Read → Apr 11, 2026Hardening Hybrid Cloud: NIST 800-53 in Practice
A deep dive into implementing the Risk Management Framework (RMF) for AWS and On-Premise environments.
Read →Architect Your Scale.
Senior infrastructure and security architect based in the Baltimore–Washington Metro Area. Available for federal and commercial engagements.