CAMPUX Cloud Bootcamp
CAMPUX · The Résumé · Download & Reuse

Three résumés. Fill and ship.

Editable, ATS-safe résumé templates you can download as Markdown, fill with your own details, and export to PDF — one for each of the three tracks this bootcamp maps to. They are built on the résumé lessons of Class 37, so they are not blank forms; they are the argument, pre-shaped.

How to use these — the ATS rules that matter
A hand-drawn line illustration of three résumé documents laid out on a desk, the middle one circled in red pen and labelled "yours". yours
Pick one Start from the track you're aiming at, then make it true. The template is the shape of a strong argument; the evidence has to be yours.
Template 01

Cloud Engineer

The full-spine résumé — the one written for the composite job posting on the landing page. Leads with the end-to-end platform and balances infrastructure, delivery, and operations. Start here if you want the broadest set of postings to say yes.

cloud-engineer-resume.mdMarkdown · ATS-safe · single column
# [YOUR NAME]
Cloud Engineer — Azure
[City, Country] | [email@address] | [phone]
GitHub: github.com/[you] | LinkedIn: linkedin.com/in/[you]

## Summary
Cloud engineer with 18 months of intensive, portfolio-documented Azure engineering across infrastructure as code, secure delivery pipelines, and cost-aware architecture. Three production-shaped projects on GitHub, each scoped from a Microsoft reference architecture and defensible against the five Well-Architected pillars. AZ-900 certified; AZ-104 in progress.

## Technical Skills
- Azure core: Virtual Networks, subnets, NSGs, private endpoints, App Service, Azure Storage, Azure SQL, Front Door, Application Gateway (WAF)
- Identity and governance: Microsoft Entra ID, RBAC, managed identities, Azure Policy, management groups
- Infrastructure as Code: Bicep, Terraform (remote state, modules, plan/what-if)
- CI/CD: GitHub Actions, OIDC workload identity federation (no stored secrets), gated environments, branch protection
- Containers: Docker, Azure Container Registry, Azure Container Apps
- Observability: Azure Monitor, Log Analytics, KQL, Application Insights
- Security: Key Vault, least privilege, Defender for Cloud
- Cost / FinOps: Cost Analysis, budgets, tagging, right-sizing
- Scripting: Azure CLI, PowerShell, Python

## Projects
Enterprise Web Platform — github.com/[you]/enterprise-web-platform
- Built a zone-redundant three-tier web app scoped from Microsoft's baseline reference architecture: Application Gateway with WAF fronting a private App Service and Azure SQL, secrets in Key Vault read by managed identity.
- Shipped through a gated GitHub Actions pipeline authenticating by OIDC with zero stored secrets (gh secret list returns empty).
- Result: a public application whose data tier is unreachable from the internet; README walks a reviewer from the public URL to a private row.

Miniature Landing Zone — github.com/[you]/landing-zone
- Designed a governed Azure estate from the Cloud Adoption Framework: a management-group hierarchy, deny policies for allowed regions and required tags, hub-and-spoke networking with private DNS, and centralised logging — all as code.

AI Workload — github.com/[you]/ai-workload
- Deployed an internal assistant on Azure OpenAI reachable only through a private endpoint, metered per caller at an API Management gateway, with token spend on a dashboard, shipped by the same pipeline as everything else.

## Decisions and Trade-offs
- Chose Bicep over Terraform for an Azure-only estate — native tooling, no state to secure; would choose Terraform for a multi-cloud requirement.
- Chose Container Apps over AKS — the workloads never needed the full Kubernetes surface, and the team could not staff cluster operations.

## Certifications
- Microsoft Certified: Azure Fundamentals (AZ-900) — earned [Month Year]
- Microsoft Certified: Azure Administrator Associate (AZ-104) — in progress

## Experience
[Most recent role], [Company] — [Month Year to Present]
- [Consequence bullet: action verb + the work + the technology + a measured outcome. Frame prior experience toward cloud where you can.]
- [Second bullet, quantified where possible.]

## Education
[Degree or relevant training], [Institution] — [Year]
Template 02

Azure Administrator

Reweighted toward AZ-104: core infrastructure, identity and governance, networking, monitoring, and cost. Leads with the Landing Zone project. Start here if the postings you want say "administer," "operate," and "govern" more than "build."

azure-administrator-resume.mdMarkdown · ATS-safe · single column
# [YOUR NAME]
Azure Administrator
[City, Country] | [email@address] | [phone]
GitHub: github.com/[you] | LinkedIn: linkedin.com/in/[you]

## Summary
Azure administrator with 18 months of intensive, portfolio-documented experience operating and governing Azure estates — identity, networking, storage, monitoring, and cost. Comfortable expressing infrastructure and policy as code. AZ-104 in progress; AZ-900 certified.

## Technical Skills
- Identity and access: Microsoft Entra ID, RBAC, managed identities, Conditional Access basics
- Governance: Azure Policy (deny and DeployIfNotExists), management groups, tagging standards, resource organization
- Networking: Virtual Networks, subnets, NSGs, private endpoints, private DNS, VPN Gateway, hub-and-spoke
- Compute and storage: Virtual Machines, scale sets, App Service, Azure Storage (LRS/ZRS/GRS), Azure SQL, backup and restore
- Monitoring: Azure Monitor, Log Analytics, KQL, diagnostic settings, alerts and action groups
- Cost management: Cost Analysis, budgets, reservations, right-sizing
- Automation: Azure CLI, PowerShell, Bicep

## Projects
Miniature Landing Zone — github.com/[you]/landing-zone
- Designed a governed Azure estate from the Cloud Adoption Framework: a management-group hierarchy, deny policies for allowed regions and required tags, hub-and-spoke networking with private DNS, and centralised logging via a DeployIfNotExists policy — all as code.
- Result: any new workload lands already governed; nothing can be created ungoverned or untagged.

Observability and Cost Guardrails — github.com/[you]/eyes-and-guardrails
- Stood up centralised monitoring and a cost guardrail over a multi-resource estate: telemetry by policy, three owned alerts (not forty ignored ones), and a budget with a forecasted threshold.

Private Web Application — github.com/[you]/private-application
- Delivered a two-tier app with storage unreachable from the internet: private endpoint, private DNS, public access disabled, keyless managed-identity access — with an evidence runbook that proves each claim.

## Decisions and Trade-offs
- Enforced tags with a modify policy inheriting cost-center from the resource group, rather than denying every untagged resource — enforcement that does not teach people to type "tbd".
- Reserved only the measured flat floor of compute; left spiky workloads on pay-as-you-go.

## Certifications
- Microsoft Certified: Azure Administrator Associate (AZ-104) — in progress
- Microsoft Certified: Azure Fundamentals (AZ-900) — earned [Month Year]

## Experience
[Most recent role], [Company] — [Month Year to Present]
- [Consequence bullet: what you administered or automated, the technology, the measured outcome.]
- [Second bullet, quantified where possible.]

## Education
[Degree or relevant training], [Institution] — [Year]
Template 03

DevOps Engineer

Weighted toward Phase Three: Git, infrastructure as code, GitHub Actions federated to Azure, containers, and pipelines. Leads with the GitOps loop and the AI workload's delivery story. Start here if the postings emphasise CI/CD, automation, and "you build it, you run it."

devops-engineer-resume.mdMarkdown · ATS-safe · single column
# [YOUR NAME]
DevOps Engineer — Azure
[City, Country] | [email@address] | [phone]
GitHub: github.com/[you] | LinkedIn: linkedin.com/in/[you]

## Summary
DevOps engineer with 18 months of intensive, portfolio-documented experience shipping Azure infrastructure through reviewed, secret-free pipelines. Strong on Git, infrastructure as code, GitHub Actions with OIDC, and container delivery. AZ-900 certified; AZ-400 in progress.

## Technical Skills
- CI/CD: GitHub Actions (workflows, reusable workflows, matrices), Azure Pipelines (classic and YAML), gated environments, approvals
- Secure delivery: OIDC workload identity federation (no stored secrets), branch protection, CODEOWNERS, pipeline least privilege
- Infrastructure as Code: Bicep, Terraform (remote state, modules, plan/what-if, drift detection)
- Containers: Docker, Azure Container Registry, Azure Container Apps, image scanning
- Source control: Git (trunk-based and GitFlow), pull-request review, semantic versioning
- Observability: Azure Monitor, Log Analytics, KQL, Application Insights, alerting
- Scripting: Bash, PowerShell, Python; Azure CLI
- Security: Key Vault, managed identities, Defender for Cloud scanners

## Projects
The GitOps Loop — github.com/[you]/gitops-loop
- Built a full delivery loop: a pull request that runs a what-if plan, a merge that deploys to non-production, a human-gated production stage, and OIDC authentication with zero stored secrets — verified by an empty gh secret list.
- Result: no one deploys by clicking; every change is reviewed, planned, and reproducible.

AI Workload delivery — github.com/[you]/ai-workload
- Shipped an Azure OpenAI assistant's entire infrastructure through the same pipeline as everything else: private endpoint, keyless identity, an API Management gateway metering tokens per caller, and a spend dashboard.

Enterprise Web Platform — github.com/[you]/enterprise-web-platform
- Delivered a zone-redundant three-tier app end to end through a gated pipeline, with deployment slots for zero-downtime releases and telemetry flowing from day one.

## Decisions and Trade-offs
- Converted classic release pipelines to YAML only when touched, and federated the riskiest secret-bearing service connection first — migration by risk, not by crusade.
- Used self-hosted runners only where a private-network reach demanded it, with the same patching and least-privilege discipline as production.

## Certifications
- Microsoft Certified: Azure Fundamentals (AZ-900) — earned [Month Year]
- Microsoft Certified: DevOps Engineer Expert (AZ-400) — in progress

## Experience
[Most recent role], [Company] — [Month Year to Present]
- [Consequence bullet: the pipeline or automation you built, the technology, the measured outcome — lead times, deploy frequency, toil removed.]
- [Second bullet, quantified where possible.]

## Education
[Degree or relevant training], [Institution] — [Year]

Where these come from: the résumé philosophy behind every line — consequence bullets, honest tenure, the decisions-and-trade-offs section — is taught in Class 37, Landing the Job. The three projects they reference are the capstone plates; build those, and the Projects section fills itself with things a reviewer can actually clone. Then rehearse the questions on the interview page and walk in with a plan for your first ninety days.