Career

Experience

4+ years across enterprise finance, NGOs, fintech, media, and freelance consulting. Progression: Freelance Data Scientist → Data Engineer → Data Lead → Data Architect → DevSecOps / Platform Engineer → AI & Platform Architect.

Consulting context — Four of the six roles below were delivered as a senior specialist through Invent Consulting Ltd, embedded directly at each enterprise client. Concurrent engagements (CarDuka, World Relief, Old Mutual) reflect the standard consulting model where specialists run parallel client projects.

EMPLOYMENT STRUCTURE

Invent Consulting Ltd (Consulting Employer)

Joined June 30, 2024. Client engagements below are concurrent and date-scoped.

Jun 2024 – Present Consulting

Old Mutual Group East Africa

Cloud Platform / DevSecOps / AI infrastructure ownership

Nov 2024 – Present

NCBA Bank — CarDuka Platform

V1 CI/CD enablement + V2 data/AI/platform engineering

Nov 2024 – Feb 2026

World Relief (East & Central Africa)

Fabric lakehouse + self-service data platform

Jul 2024 – Feb 2025

Solidaridad Network East Africa

Azure VM deployment automation sprint

Oct 2024

Nov 2024 – Present

Cloud Platform & DevSecOps Engineer

Old Mutual Group East Africa · Pan-African insurance & financial services group · via Invent Consulting

Current Enterprise Insurance / Finance

Nairobi, Kenya

De facto cloud platform owner for Old Mutual East Africa — built the CI/CD and DevSecOps baseline from scratch across 9+ products, raised flagship SLO from 90% to 99.9%, and identified $150K/year in Azure savings across the managed subscription.

25+

Internal & vendor teams supported

Production AKS clusters

8h → 10m

Deploy TAT (manual → CI/CD)

90% → 99.9%

Flagship platform SLO / uptime

Role Scope & Ownership (Hands-On IC)

› Primarily an individual contributor in title and execution, but operating as the de facto cloud platform owner for a vendor-heavy environment supporting ~20 internal developer teams and ~5 vendor teams across IT, GI, Digital, Automations, Investments, and Risk & Compliance.
› Full ownership within scope of work for Azure infrastructure provisioning (AKS, databases, apps/web apps, Azure Functions, Blob Storage, VNets/subnets), Terraform IaC, Azure DevOps CI/CD, SRE/incident response, monitoring/observability, Azure AI Foundry platform operations, and cloud/Kubernetes FinOps.
› Cross-functional SME for cloud and infra in architecture planning — support Solution Architects with Architecture Board / Technical Design Forum preparation and collaborate with networking, SOC, DBAs/sysadmins, domain/cert teams, and IT managers on shared dependencies.

Phase 2 · Platform, DevSecOps & Reliability (Mar 2025 – Present)

› Built the CI/CD and DevSecOps baseline from scratch (there was no prior CI/CD / DevSecOps standard) across 9+ projects: Azure DevOps pipelines, ArgoCD GitOps, Trivy + Semgrep scanning, Falco runtime threat detection, and Cosign image signing for supply chain integrity.
› Reduced deployment turnaround from ~8 hours (manual VM/AKS releases by 1–2 people) to ~10 minutes for dev → staging; after CAB/security approvals, production releases typically execute in ~2–5 minutes.
› Increased release throughput to roughly 2 deployments/hour/system on average and reduced post-approval environment provisioning from ~1 week to <=2 days using reusable Terraform modules and standardized pipeline templates (shared template repo for new projects).
› Raised reliability on flagship workloads from ~90% to formal ~99.9% SLO/uptime and improved incident response through proactive monitoring, alerting, and centralized observability/logging.
› Defined DR blueprints reused by other teams, including multi-AZ AKS node design, HA databases, Cloudflare → Azure Front Door failover, and Redis clustering/backups (self-managed for cost control vs managed Redis).

AI Platform · Azure AI Foundry (Production + Pilot)

› Built and operate production Risk & Compliance AI tooling on Azure AI Foundry for approved access to core system data sources (including GI, medical, investment, and CRM-linked systems) used by Risk, Compliance, Audit, and Ops teams.
› Solved a major bottleneck in audit/compliance workflows by enabling on-demand checks through federated access patterns, reducing back-and-forth with system owners for database access; tooling is used daily by an early user base of roughly 10–20 users.
› Implemented governance and observability guardrails: Entra ID-based access control, scoped data-source permissions (with DBA collaboration), Log Analytics traceability, Foundry dashboards, and custom KQL dashboards for metrics and monitoring.
› Improved tooling accuracy from an ~80% target to ~95% SLO through retraining, data cataloging/metadata improvements, and data historization; also leading pilot use cases for internal developer docs and PR review tooling.

Selected Flagship Deliveries (Multi-Country)

› FundMaster (Kenya + Uganda, ~15 microservices) — full ownership of AKS infra, CI/CD, networking, scaling, and SRE; improved staging release cadence from ~1/day to ~hourly deployments and raised uptime/SLO from ~90% to ~99.9%. Supports GI teams plus vendor teams and 3 downstream integrated systems.
› Anchor360 (Kenya, Uganda, Rwanda) — end-to-end platform ownership and embedded infra/cloud/DevOps support for an in-house dev team; multiple staging deployments per hour, weekly production releases, near five-nines uptime, incident rate reduced from ~2–3/week to ~1 every 3 months, and MTTR improved from ~6 hours to under 1 hour.
› Medical Reconciliation Bot (Kenya + Uganda) — full platform ownership for internal GI medical claims processing workload (Excel-based reconciliation/calculation outputs); migrated from weekday-only availability to daily anytime access using autoscaling Azure Container Apps, with faster processing and lower infrastructure cost vs oversized VMs.
› Data Migration Service — migrated 15 TB from SharePoint to Azure Blob in ~2 weeks vs an anticipated ~3 months; built and operated the full migration workflow end-to-end with automated integrity checks (hash/byte comparisons) plus business validation, and implemented Blob intelligent tiering to reduce storage cost.
› Additional deliveries across the portfolio include SimSwap / Payment Gateway, Internal Developer Portal (Backstage), External API Marketplace (Azure APIM), Thrive East Africa backend services, Product Risk Rating Portal, and KCB integration services on Azure Functions.

FinOps & Cost Engineering

› Audited spend for the managed subscription scope at ~US$47K/month baseline (~US$566K/year over the prior 12 months) and identified ~US$150K/year in savings across orphaned disks, underutilized VMs, right-sizing gaps, and missing autoscaling.
› Implemented ~US$30K/year in savings since the January 2026 report; remaining actions (including RIs/Savings Plans and further right-sizing) are planned over the next ~3 months. January/February 2026 reporting also led to expanded access for broader estate cost/resource exploration.
› Ongoing cost attribution and optimization across Kubernetes workloads, VMs, and Azure-managed services using Kubecost and Azure Cost Management, with reporting consumed by IT managers and operational stakeholders.

Phase 1 · Enterprise Data Platform (Nov 2024 – Feb 2025)

› Initial engagement scope before remit expansion: designed and deployed the enterprise data warehouse supporting 6 business verticals (Medical, Life Insurance, Investment, Marketing, Pure-GI Core Systems) across Kenya, Rwanda, Uganda, South Sudan, and Tanzania.
› Engineered ETL/ELT pipelines (Python, dbt, SSIS) with Type 2 SCD, dimensional models, and OLAP cubes backing regional BI for 6,000+ platform users.
› Successful delivery in the initial data-platform scope expanded the engagement into cloud platform engineering, DevSecOps, SRE, and AI infrastructure ownership across the broader product portfolio.

Azure AKSKubernetesTerraformArgoCDGrafanaFalcoTrivySemgrepCosignKubecostAzure DevOpsAzure FunctionsBackstageAzure APIMAzure AI FoundryAzure Front DoorCloudflareTraefikRedisKQLPythonDocker

Jul 2024 – Feb 2025

Data Architect & Data Engineer

World Relief (East & Central Africa) · via Invent Consulting

NGO Humanitarian / Development

Nairobi, Kenya

Designed and delivered a Microsoft Fabric lakehouse + self-service data platform for humanitarian program data across 6+ countries — integrating 1,400+ datasets and reducing reporting turnaround from ~2 weeks of manual Excel/R processing to daily automated refreshes and ad hoc on-demand access.

1,400+

Datasets integrated

Countries in source data

Countries fully onboarded

2 weeks → daily

Reporting TAT (manual → automated)

Role Scope & Ownership

› Operated as a hands-on Data Architect & Data Engineer: fully owned data discovery, Ona Data Platform extraction pipelines, ELT pipeline engineering, CI/CD for pipeline versioning, and Microsoft Fabric lakehouse design using a medallion architecture.
› Shared delivery with World Relief teams on transformation/mapping logic, BI visualizations, GIS latitude/longitude resolution, PII/data governance strategy, metadata/cataloging, and RBAC/data access control decisions.

Lakehouse & Pipeline Delivery

› Designed and deployed a production Microsoft Fabric data warehouse/lakehouse ingesting data from Ona into an in-house platform, covering at least Kenya, Uganda, Rwanda, Congo, Mozambique, and Zambia (based on active project data in scope).
› Integrated 1,400+ datasets across jurisdictions (form definitions + submitted responses) and automated normalization/mapping workflows to resolve coded answers into usable analytical categories (for example, categorical/value mappings across country forms).
› Replaced a manual biweekly reporting process (Excel processing + R scripts + normalization) with automated daily pipelines, reducing reporting/data turnaround from ~2 weeks to daily refreshes while keeping data available for ad hoc analysis at any time.

Self-Service Platform, API & Access Control

› Shipped a production self-service data platform backed by a FastAPI service (hosted on Azure Container Apps) that serves normalized/clean gold-layer data in multiple formats including Excel, CSV/TSV, JSON, and XML based on stakeholder needs.
› Implemented Entra ID-based RBAC for country-scoped access (for example, country users restricted to their own data unless granted broader access by admins), helping democratize data access beyond BI dashboards while maintaining governance boundaries.
› Supported internal M&E teams, donors, GIS analysts, and country/field teams with live data access; BI dashboards were adopted selectively, while the self-service platform became the broader access path for cross-team data consumption.

Adoption, Handover & Constraints

› Delivered training throughout the engagement via workshops and hands-on sessions, and prepared technical documentation/runbooks (with support from a colleague / project manager) to enable handover and ongoing operations.
› Fully onboarded and trained teams in Kenya, Uganda, and Rwanda; wider regional rollout was planned but funding was cut in January 2025, after which the production platform was handed over.
› The platform remained live and usable for always-on data access even where recurring reporting cycles were biweekly, improving responsiveness for donor and program requests.

Microsoft FabricData WarehouseLakehouseFastAPIAzure Container AppsAzure Data FactoryPower BIArcGISEntra IDRBACPythonSQL

Nov 2024 – Feb 2026

Senior Data & AI Platform Engineer

NCBA Bank — CarDuka Platform · via Invent Consulting

Fintech / Marketplace Banking / Automotive

Nairobi, Kenya

Started as a short V1 CI/CD enablement sprint, then expanded into senior data/AI/platform engineering for the CarDuka V2 marketplace build — shipping production valuation/recommendation/AI features, scaling platform reliability and autoscaling, and designing the approved reusable Duka marketplace architecture through 2028.

~5M

Users in first ~6 months post-launch (GA)

50k–200k

Peak DAU (platform context)

3×

Listing views uplift (Similar Cars)

+13%

Pricing accuracy uplift (Valuation)

V1 PLATFORM ENABLEMENT (NOV 2024)

› Short consulting sprint on legacy CarDuka V1 focused on deployment automation and environment release discipline.
› Built branch-based GitHub Actions CI/CD workflows to automate staging and production deployments (for example: staging branch → staging deploy; production release → production deploy), replacing ad hoc manual deployment steps.
› Established the delivery automation baseline that enabled the later V2 engagement to move faster.

V2 MARKETPLACE (FEB 2025 – FEB 2026 · MVP LAUNCHED JUN 2025)

› Joined as a Senior Data Engineer for the new CarDuka.com microservices marketplace build, owning data architecture, pipeline setup, warehouse analytics (Zoho Analytics), and database operations across dev/UAT/staging environments.
› Designed and implemented medallion-style data pipelines and transformations (initial warehouse model), then drove partial V2 migration toward a lakehouse architecture on ADLS Gen2 with pipelines running on AKS and orchestrated by Airflow (KubernetesExecutor).
› Scope expanded into AI/platform engineering and cloud infra SME work: AKS/Kubernetes debugging, resource optimization, configuration tuning, Log Analytics and Grafana monitoring, and Azure Container Apps autoscaling after an incident exposed missing autoscale configuration (in collaboration with NCBA cloud/DevOps teams).
› Shipped production and pilot AI/data capabilities across pricing, recommendations, CLM/LTV, liquidity balancing, RAG-powered review/search, KYC document processing, and content moderation workflows, plus an image optimization microservice for mobile/web performance.
› Before exit (Feb 27, 2026), designed and documented the reusable Azure architecture for future Duka marketplaces (e.g., Property Duka, Auctions Duka), authored ADRs/templates, presented to the architecture board, and secured approval for an extensible roadmap through 2028.

Role Scope & Ownership (V2 Main Assignment)

› Fully owned the systems and features listed below across data/AI/platform scope: data architecture, ETL/ELT pipelines, warehouse/lakehouse evolution, DB operations, AI model-backed services, platform debugging/optimization, observability setup, autoscaling work, and supporting infrastructure changes within the CarDuka environment.
› Managed database operations across ~21 databases spanning dev/UAT/staging (roughly one per microservice/environment combination in the delivery model), including reliability, integration support, and data movement into analytics/warehouse layers.
› Shared deployment and API exposure rollout with backend engineers and NCBA DevOps/cloud teams (CarDuka operates within NCBA Bank infrastructure); image optimization microservice maintenance was later handed over to the backend team.
› Delivered BI dashboards and reporting pipelines via Zoho Analytics to support business strategy, risk assessment, and operational decision-making.

AI & Data Product Impact

› Built the Car Valuation Engine (basic + advanced valuation modes) using FastAPI + XGBoost, with LLM-assisted free-text/image analysis (OpenAI + Claude for redundancy) and a synthesis layer that combines model outputs into dealer/valuer-ready valuation reports.
› Car Valuation Engine improved pricing/listing accuracy by ~13% versus pre-valuation-engine listings, contributing to better listing uptake / sales conversion quality.
› Built the Similar Cars engine (recommendation-style matching per listing), increasing listing views by ~3x.
› Built the CLM engine (churn prediction, user segmentation, LTV classification) and deployed a pilot to ~20% of platform traffic; early results show improved user stickiness and platform usage.
› Built the platform Liquidity Engine to reduce seller hotspotting and help distribute leads more evenly so dealer listings receive opportunities across the marketplace.
› Implemented a RAG-based AI review/search capability using pgvector for AI-assisted car review/search experiences grounded in marketplace data.

Ops Automation, Moderation & Performance (Pilots)

› Built an AI-powered KYC document processing workflow (pilot) for internal business ops using OpenAI vision models, reducing verification turnaround from ~24 hours to under 1 hour by removing manual document validation steps.
› Built a listing content moderation workflow (pilot) for business ops to reduce moderation decision fatigue at growing volume (~50 listings/day, ~8 images per listing on average), reducing dealer/listing onboarding turnaround from ~48 hours to under 1 day.
› Built an image optimization microservice (pilot) that serves client-appropriate image formats based on bandwidth/device constraints, improving mobile/web load performance and user experience while reducing bandwidth usage by ~20% (and still improving).
› Configured autoscaling for Azure Container Apps workloads after a production incident caused by missing autoscale settings, improving resilience during traffic spikes.

Platform Scale Context & Architecture (Context + 2028 Roadmap)

› Platform context after launch (Jun 14, 2025): ~5M users in the first ~6 months (Google Analytics), ~50k–200k peak DAU, ~15k registered users, and 3,000+ listings.
› Designed the reusable Azure platform architecture for the broader Duka marketplace family (e.g., Property Duka, Auctions Duka and related verticals) as a living/extensible architecture through 2028.
› Authored ADRs, architecture documentation, and reusable templates, ran stakeholder sessions with internal teams, and created Azure DevOps CI/CD templates to accelerate future marketplace implementation after architecture board approval.

Azure AKSKubernetesAzure Container AppsADLS Gen2FastAPIXGBoostpgvectorRAGOpenAIClaudeAirflowAzure DevOpsGitHub ActionsGrafanaLog AnalyticsZoho AnalyticsPython

Oct 2024

DevOps Engineer

Solidaridad Network East Africa · via Invent Consulting

NGO Agriculture / Sustainability

Nairobi, Kenya

Delivered a short DevOps sprint to automate deployments for Solidaridad's website on Azure VMs — replacing manual releases (~2 hours) with GitHub Actions-based CI/CD (<10 minutes) and safer dev/staging/UAT environment separation.

Website system automated

Environments separated (dev/staging/UAT)

2h → <10m

Deployment time reduction

Push → deploy

Release flow automation

Sprint Scope & Ownership

› One-month consulting sprint focused on deployment automation for a single production website; fully owned the DevOps implementation scope.
› Worked on a pure Azure VM hosting model and standardized release handling across dev, staging, and UAT environments.

CI/CD Automation & Environment Separation

› Built GitHub Actions-based CI/CD workflows with GitHub Secrets so deployments run automatically after code pushes, replacing manual release steps.
› Implemented environment separation for dev/staging/UAT with distinct configuration, secrets, and database credentials to improve release safety and reduce cross-environment mistakes.
› Added Grafana-based server monitoring for baseline visibility on VM health and deployment/runtime issues.

Delivery Outcomes

› Reduced deployment turnaround from ~2 hours (manual) to under 10 minutes (automated).
› Enabled safer and more frequent releases by making environment-specific deployment behavior repeatable and automated.

Azure VMsGitHub ActionsGitHub SecretsGrafanaCI/CD

Feb 2023 – Aug 2024

Data Lead & Data Engineer

Yakwetu Online Limited

Startup Media / Video Streaming

Nairobi, Kenya

Joined as a Data Engineer and grew into Data Lead as the first data hire — built Yakwetu's data function and AWS data platform from scratch for a TVOD African-content streaming marketplace, improving retention (~15%), reducing abandonment (~15%), and enabling daily revenue/marketing visibility.

~15%

User retention improvement

~10%

Ad cost reduction

<$0.03

Cost per click achieved

~8%

Transactions uplift (recommendations)

Role Progression, Team Building & Ownership

› Joined as a Data Engineer and progressed into Data Lead, owning end-to-end data infrastructure and analytics for a startup TVOD platform (pay-to-watch and buy-to-own digital content model).
› Built the data function from scratch: interviewed and helped hire 5 interns, with 2 retained into full-time roles (Data Analyst and Content Analyst), and worked alongside a Data Scientist as the team matured.
› Established data SOPs and standards including data cataloging, taxonomy, database schema management, optimization practices, and data/lakehouse hygiene for long-term analytics reliability.

Data Platform & Analytics Infrastructure (AWS)

› Built and operated the end-to-end AWS data stack in a startup setting: S3 data lake, EC2-hosted pipelines, Airflow orchestration, MySQL backend database support, InfluxDB time-series data, and analytics instrumentation/usage via GA4 and Amplitude.
› Integrated content, user behavior, and advertising data into a centralized analytics foundation that enabled reporting, recommendation logic, marketing optimization, and historical analysis.
› Designed and optimized data models/pipelines to support product analytics, personalization use cases, campaign analysis, and business reporting as the company scaled.
› Established reporting maturity from no analytics/reporting function to weekly reporting, then daily reporting, with recurring weekly/quarterly/half-year/annual business reporting cadences.

Product, Monetization & Growth Impact

› Built a baseline recommendation engine (market-basket style) that increased transactions by ~8% and improved visibility/purchases across more content titles, benefiting both Yakwetu and content owners under the revenue-share model.
› Built a watch analytics module that surfaced content preferences and high-engagement scenes/snippets, enabling better content placement and marketing creative extraction, which reduced abandonment by ~15% and improved engagement/watch time.
› Used ad campaign and audience analytics to optimize targeting, budgets, and promoted content mix; reduced ad spend by ~10% while sustaining performance and bringing CPC below $0.03.
› Implemented Tableau reporting pipelines and dashboards that made revenue, sales performance, campaign outcomes, and content performance visible for operational decision-making (including movie placement and activation-event timing).
› Established the data lake foundation that unlocked BI/ML use cases, historical data retention, and structured cataloging for future analytics work.

AWSS3EC2AirflowMySQLInfluxDBGA4AmplitudeTableauPythonProduct AnalyticsTVOD

Jan 2022 – Feb 2023

Freelance Data Scientist

Upwork & Fiverr (Independent) · SMB projects across hospitality, logistics, and healthcare

Freelance Cross-industry

Kenya (Remote / Hybrid)

Delivered short 2–3 month freelance data science and BI engagements for SMB clients — building predictive models, dashboards, and lightweight PostgreSQL/dbt data foundations across hospitality, logistics, and healthcare use cases.

2–3 mo

Typical engagement length

Counties modeled (hotel franchise)

Clinics supported (warehouse + BI)

Client engagements delivered

Freelance Scope & Delivery Model

› Delivered end-to-end freelance projects via Upwork and Fiverr, typically over 2–3 month engagements: problem scoping, data cleaning/modeling, dashboard delivery, and stakeholder handover for SMB operators.
› Worked across predictive modeling, BI reporting, and lightweight data warehousing depending on client maturity and data availability.

Selected Client Projects

› Hotel franchise (4 counties: Nakuru, Mombasa, Kisumu, Nyeri) — built predictive modeling workflows to support planning and decision-making across a multi-location operation.
› Logistics company — built fleet management dashboards and a predictive repairs / maintenance planning model to improve spare-parts ordering and maintenance readiness.
› Clinic operations (2 clinics) — delivered miniature data warehousing solutions with structured PostgreSQL data models and Tableau reports for clinic operations visibility.

Tools, Outputs & Outcomes

› Delivered BI outputs in Tableau and Power BI, helping clients move from spreadsheet-heavy operational reporting toward repeatable dashboard-based visibility.
› Used Python + SQL workflows (including dbt for transformations) to structure noisy operational datasets into analysis-ready tables for reporting and modeling.
› Built early consulting experience in stakeholder communication, requirements translation, and shipping practical analytics solutions under short timelines.

PythonPandasscikit-learnSQLPostgreSQLdbtTableauPower BIFreelance Consulting

CAREER PROGRESSION

Freelance DS '22 → Data Engineer '23 → Data Lead '24 → Data Architect '24 → DevSecOps / Platform '24–25 → AI & Platform Architect '25+