Minneapolis-St. Paul, Minnesota
Open to Opportunities
9 Cloud Regions · 3 Providers

Stephen D.Thomas

AI Cloud Architect & Team Lead

Architecting institutional-grade cloud infrastructure with zero-downtime track record across multi-cloud environments.

LinkedInGet In Touch
Zero-Downtime Track Record
Multi-Cloud Mastery
Full-Stack Infrastructure
AI-Native Operations
Scroll
By the Numbers
0+
Users Migrated
Zero Downtime
$0B
AUM Supported
Farallon Capital
0
Cloud Regions
Azure · AWS · GCP
0+
Years Experience
Full Stack Infrastructure
Zero
Downtime Events
Enterprise Migrations
0+
AI Agents
AIHiveMind Fleet
Infrastructure

Global Infrastructure

Deployed across 9 data centers on 3 cloud providers — click any region to explore.

Loading globe…
Click a data center on the globe to explore

All Regions (9)

Infrastructure & Technology

The Stack

Production infrastructure, agent fleet, and everything being built right now

400Cores
CPU Compute
On-prem K3s Cluster
800GB
RAM
High-Memory Workloads
170+Agents
AI Agent Fleet
AIHiveMind Orchestration
3Clouds
Multi-Cloud
Azure · AWS · GCP
9Regions
Global Footprint
Spanning 3 Continents
100%
Code Base
Zero Manual Provisioning
Infrastructure Overview
AIHiveMind Agent Fleet
Full Stack Layers
Technology Radar — Maturity vs Strategic Value
Full Technology Inventory
Cloud Providers
Microsoft AzureAmazon Web ServicesGoogle Cloud PlatformCloudflare PagesCloudflare Workers
Orchestration & Containers
K3sKubernetesDockerKEDAAzure Container Apps.NET AspireService Mesh
AI & Agent Platform
AIHiveMindClaude APIAnthropic SDKMCP ProtocolA2A ProtocolTAMPC2PAPrivate State TokensLangChainVector Stores
Infrastructure as Code + Security
TerraformtfsecTrivyCheckovBicepARM TemplatesPulumiAnsibleGitHub ActionsAzure DevOpsJenkins
Languages & Frameworks
TypeScriptC# / .NET 9PythonPowerShellGoBashNext.jsReactASP.NET Core
Identity & Security
Entra IDRBACZero TrustKey VaultConditional AccessISO 27001NIST 800-53SAML / OIDC / WS-FedCitrix FASMFA
Databases & Messaging
PostgreSQLRedisCosmos DBAzure Service BusRabbitMQSQLitePrisma ORMEntity Framework
Networking
ExpressRouteAzure VNetVPN GatewayGCP TunnelsAWS VPCTraefikNGINXPrivate DNSLoad Balancers
Monitoring & Observability
Azure MonitorLog AnalyticsGrafanaPrometheusApplication InsightsSentryOpenTelemetry
Security & Compliance
Private State TokensCloudflare TurnstileHSTSTLS 1.3 + 0-RTTZero TrustISO 27001NIST 800-53tfsecTrivyTAMPC2PA
On-Premises Hardware
Alpha x4 (4× Dell R740)400 CPU Cores800GB RAM10G FiberUniFi NetworkLutron AutomationQolsys IQ4Zigbee/Z-WaveStarlinkiDRAC
Currently Building — Right Now
A2A Communication Protocol

Proprietary agent-to-agent authentication and coordination standard — defining how autonomous AI agents negotiate, verify, and collaborate across distributed systems.

A2AMCPEntra IDJWTProtocol Design
AIHiveMind Expansion

Scaling the 170+ agent fleet with new verticals, improved memory systems, mixture-of-agents reasoning chains, and tighter K3s/KEDA orchestration.

AIHiveMindK3sKEDAClaude APIMCP Protocol
MCP Server Standardization

Building standardised MCP server patterns for authentication, tool registration, context compression, and multi-tenant agent access control.

MCPTypeScriptAzure Container AppsKey Vault
FinancialCloud.ai Platform

Institutional fintech platform — 70-agent financial operations fleet, fund accounting, trading execution, risk management, investor reporting.

Next.jsPrismaPostgreSQLFarallon-grade UX
TAMP — Trusted Agent Messaging Protocol

Proprietary security framework for the AI agent fleet — tamper-evident audit trails, cryptographic agent identity, and non-repudiation for every agent action.

TAMPECDSAAzure Key VaultMCPA2A
Private State Tokens + C2PA

PST for form anti-fraud (browser-native Privacy Pass) and C2PA for AI output provenance — every artifact cryptographically signed with issuer identity and inputs.

Private State TokensC2PATurnstileECDSA P-256
Origin Story

The Journey

From building computers in 6th grade to architecting global cloud infrastructure

~1998-1999 · 6th Grade

The First Build

Built my first computer from parts in 6th grade. Not from a kit — sourced components, assembled the machine, installed the OS. While most kids were playing games, I was figuring out IRQ conflicts and jumper settings on motherboards.

Built first PC from componentsSelf-taught hardware assembly

Discovered that building things from scratch was the only way that felt right.

~1999-2000 · 7th Grade

First Business

Started selling custom-built computers to classmates, teachers, and neighbors. Learned pricing, customer service, and the art of the upsell — all before turning 13. This was the first time technology became a business, not just a hobby.

Launched custom PC building businessSold to classmates, teachers, and communityLearned business fundamentals through technology

Entrepreneurship was in the DNA from day one.

~2000-2001 · 8th Grade

Edina Football Goes Online

Hosted Edina Football's website using Road Runner cable internet. Designed the site, managed the hosting from a home server, and kept it running for the team and community. In 8th grade, I was already running production web infrastructure.

Built and hosted Edina Football websiteManaged home server infrastructureFirst production web deployment

Proved that real infrastructure could run from anywhere — the cloud mindset before the cloud existed.

Early Career · First Professional Role

From Helpdesk to IT Manager

Started on the helpdesk at Sybaritic, a medical device manufacturer. Didn't just answer tickets — identified patterns, automated repetitive tasks, and grew the role until I was managing IT for the entire organization. This is where the enterprise mindset was forged.

Started on helpdesk at SybariticGrew role through initiative and automationPromoted to IT Manager

Learned that the best way to advance is to make yourself indispensable by solving problems nobody asked you to solve.

MSP Years · Imagine IT / MSP

Senior Consultant — Financial & Legal

Joined an MSP and quickly became the senior consultant responsible for our most demanding clients — financial firms and law firms. These industries don't tolerate downtime, data loss, or excuses. Built highly available infrastructure, managed complex Exchange migrations (10,000+ mailboxes), and delivered VMware implementations and Hyper-V environments. This was the proving ground for enterprise-grade reliability.

Promoted to Senior ConsultantPrimary engineer for financial and legal clients10,000+ mailbox Exchange migrations

Financial services and legal — two industries where failure is measured in millions. Zero tolerance became the standard.

Consulting Phase · Independent Consulting

Microsoft Power BI & Azure Data Warehouse

Took time to consult directly with Microsoft during the Power BI preview phase. Converted Power Query reports to Power BI, built their Azure Data Warehouse, and supported the surrounding infrastructure. Got hands-on with the platform before it was generally available — shaping how enterprise analytics would work at scale.

Consulted with Microsoft during Power BI previewConverted Power Query reports to Power BIBuilt Azure Data Warehouse

Working with Microsoft on a product before GA — few people get to shape the tools that millions will use.

FPX · FPX (Revalize)

SaaS Administration — Enterprise Scale

Worked as SaaS Administrator at FPX, where the client roster included the nation's top credit card processors and helicopter manufacturers. Managed enterprise SaaS platforms at massive scale — uptime, security, and performance for clients who move billions in transactions.

SaaS platform administration at enterprise scaleManaged infrastructure for top-tier financial and manufacturing clientsDelivered high-availability platforms for mission-critical workloads

When your clients process billions in credit card transactions, 'good enough' doesn't exist.

2017-2018 · 3M / Bibliotheca

Data Center Migration to Azure

Led the data center migration of a 3M product (Bibliotheca) from 3M's on-premises data center to Azure. This was a full lift — not a simple rehost, but a re-architecture for cloud-native operation. IoT security architecture for library systems deployed globally.

Migrated product infrastructure from 3M data center to AzureDesigned IoT security architectureRe-architected for cloud-native operation

Moved a physical product's entire infrastructure to the cloud — bridging the gap between hardware and software at scale.

2018-2019 · Blue Cross Blue Shield of Minnesota

Green Field Cloud Build — AWS

Green field AWS build for Blue Cross Blue Shield of Minnesota. Everything automated from day one — no in-place patching, no manual deployments. Rip and replace architecture with A/B deployments. Started with CloudFormation, transitioned to Terraform. This was cloud done right: immutable infrastructure, automated everything, zero drift.

Green field AWS environment from scratchFull automation — no in-place patchingA/B deployment architecture

Proved that healthcare infrastructure can be both compliant and cutting-edge — no compromises.

2019-2022 · Fairview Health Services

45,000-User Entra ID Migration — Zero Downtime

Performed a 45,000-user Entra ID migration at Fairview Health Services. Disconnected all 45,000 users from Entra ID Sync, disconnected every security group and synced object, re-mapped and re-anchored the Source Anchor — all with zero issues, zero downtime, and zero user impact. This had never been done at this scale. Promoted from Cloud Security Architect & Engineer Consultant to Supervisor of Cybersecurity, Cloud Access & Federation.

45,000-user Entra ID Source Anchor migrationDisconnected and re-anchored all users, security groups, and synced objectsZero downtime, zero issues

Did something that had never been done — 45,000 users, zero downtime. The track record isn't theoretical.

2022-Present · Farallon Capital Management

Building the Cloud from Scratch — Global Hedge Fund

Joined Farallon Capital Management as the sole cloud architect and built the entire infrastructure from zero — 9 public cloud regions across Azure, AWS, and GCP, 100% Infrastructure as Code. Every Terraform module written with security built in and scanned with tfsec and Trivy. ExpressRoute circuits and GCP tunnels for private intra-cloud connectivity. OAuth 2.0 and zero-trust access for the NAV/PAC portfolio API. DR strategies across all regions with tested recovery runbooks. Built the AI platform that became the AIHiveMind — 170+ agents, MCP protocol, A2A coordination, TAMP security framework, and C2PA content provenance for every AI output.

9 public cloud regions — 100% code, zero manual provisioningAll Terraform modules: tfsec + Trivy security scanning before deploymentExpressRoute + GCP tunnels — private intra-cloud connectivity

Sole architect building a hedge fund's entire global cloud. Every module, every network, every identity — from zero to global production.

2024-Present · AI Cloud Architect — Team Lead

AI Infrastructure & The Future

Currently leading AI infrastructure initiatives at the intersection of cloud architecture and artificial intelligence. Working on C2PA (Content Provenance and Authenticity) for verifiable AI content. Designing Agent-to-Agent communication protocols for autonomous system orchestration. Building institutional-grade AI automation that serves investment management operations — NAV calculations, reconciliation processes, and portfolio analytics. The future of infrastructure is intelligent, autonomous, and provably trustworthy.

C2PA content provenance implementationAgent-to-Agent protocol designAI-driven investment operations automation

Infrastructure doesn't just host applications anymore — it thinks, decides, and acts. Building the systems that make that possible at institutional scale.

Career

Experience

15+ years of progressively complex infrastructure challenges

Farallon Capital Management is a San Francisco-based multi-strategy investment firm founded in 1986, managing approximately $40 billion in capital across public equity, credit, real assets, and direct investments. The firm operates globally with offices in San Francisco, Singapore, Tokyo, Hong Kong, and London, deploying capital across developed and emerging markets. Farallon is one of the longest-tenured and most respected hedge funds in the industry, known for disciplined risk management and a research-intensive investment process.

AI Cloud Architect — Team Lead

Jan 2024Present (2 yrs 4 mos)

Leading AI infrastructure initiatives and cloud architecture for a global investment firm. Designing C2PA content provenance systems, Agent-to-Agent communication protocols, and institutional-grade AI automation. Managing team while continuing to architect and build multi-cloud infrastructure.

  • Developing proprietary AI agent-to-agent (A2A) communication protocols — the standards layer for how autonomous agents authenticate, negotiate, and coordinate across distributed systems without human intervention
  • Building TAMP (Trusted Agent Messaging Protocol) — a security framework governing how AI agents exchange messages, verify identity, and maintain tamper-evident audit trails across the fleet
  • Implementing C2PA (Coalition for Content Provenance and Authenticity) outputs — every AI-generated artifact is cryptographically signed with provenance metadata so the firm knows exactly what created it, when, and from what inputs
  • Building and standardizing MCP (Model Context Protocol) server architecture — tool registries, context compression, authentication patterns, and multi-tenant agent access control
  • Leading all AI infrastructure initiatives: 170+ agent fleet orchestration, memory systems, multi-model routing, and mixture-of-agents reasoning chains
  • Building AI-driven investment operations automation: NAV, PAC, reconciliation, compliance monitoring, research synthesis, and portfolio analytics
  • Managing and mentoring cloud engineering team while continuing to architect and build hands-on — never left the keyboard
MCP (Model Context Protocol)TAMPA2A ProtocolC2PA (Content Provenance)Claude APIAnthropic SDKTerraformtfsecTrivyAzureAWSGCP.NET AspireContainer AppsKEDAK3sTypeScriptPythonC#

Cloud Architect

Apr 2022Present (4 yrs 1 mo)

Built the firm's entire cloud infrastructure from zero as sole architect — 9 public cloud regions spanning the globe across Azure, AWS, and GCP. Designed all Terraform modules (Checkov/tfsec scanned), Express Route circuits, GCP tunnels, and intra-cloud private connectivity. Built API management for the custom NAV/PAC solution with OAuth and zero-trust access. Created internal platforms: AI assistant, cloud management system, and project management tools.

  • Built entire cloud infrastructure from zero as sole architect — every resource, every module, every network
  • Designed and deployed a global multi-cloud footprint spanning 9 public cloud regions across Azure, AWS, and GCP — covering North America, Europe, and Asia-Pacific
  • Deployed Express Route circuits and GCP tunnels for private intra-cloud connectivity across all three providers
  • Built all Terraform modules from scratch with security baked in by design — every module scanned with tfsec and Trivy before deployment; security is not a layer added after, it is the foundation
  • Operated a 100% code-based infrastructure — zero manual provisioning, zero console configuration; every resource, every policy, every secret is defined in code and version controlled
  • Built out API management for the firm's custom NAV/PAC solution — designed OAuth 2.0 authentication and zero-trust access controls for all portfolio analytics API endpoints
  • Designed and implemented DR (Disaster Recovery) strategies across all cloud regions — cross-region failover, backup policies, RTO/RPO targets, and tested recovery runbooks
  • Built custom Service Principal lifecycle management with automated secret rotation via Key Vault
  • Created Farallon AI Assistant — first internal AI chat system, deployed before ChatGPT was public
  • Built Fusion Nexus — full cloud management and operations platform
  • Built Fusion Forge — internal project management platform replacing Jira
  • Designed Zero-Retention Data Sandboxes for secure investment data operations
  • Built NAV, PAC, and reconciliation processes in Azure — institutional-grade financial operations automation
  • Trained and mentored helpdesk teams; built all internal operational tooling
TerraformCheckovtfsecAzureAWSGCPAzure API ManagementOAuth 2.0Zero TrustExpressRouteGCP VPN TunnelsKubernetesContainer AppsKEDAService PrincipalsKey VaultEntra IDPythonTypeScript.NETC#
Capabilities Developed
Multi-cloud architecture across 9 global regions (Azure, AWS, GCP)100% Infrastructure as Code — zero manual provisioning, everything version controlledTerraform module design with security built in (tfsec + Trivy scanning)API management design (OAuth 2.0, zero-trust, Azure APIM)Disaster recovery strategy — cross-region failover, RTO/RPO, tested runbooksGlobal private network design (ExpressRoute, GCP tunnels, VPN)AI security protocols: TAMP (agent messaging), C2PA (content provenance), A2A (coordination)MCP server architecture and multi-tenant agent access controlInvestment operations technology (NAV, PAC, reconciliation automation)Security architecture for regulated financial environments (ISO 27001, NIST 800-53)Team leadership and hands-on technical mentorship
Work

Notable Projects

Platforms, tools, and systems built from scratch

Automated Server Build-Outs with Automatic VM Creation

Imagine IT, Inc.Apr 2015

Automated server provisioning with automatic virtual machine creation in highly available networks. Multiple backup methods based on budget tiers.

VMwareHyper-VPowerShellAutomation

Exchange Migration Suite (2003 → 2010 → 2013 → O365)

Imagine IT, Inc.Oct 2012

Complete Exchange migration pipeline from Exchange 2003 through 2010, 2013, and Office 365. Included Active Directory upgrades, GAL upgrades, mailbox migrations of 10,000+ mail stores, public folder migration and retirement.

Exchange 2003-2013Office 365Active DirectoryPowerShellHyper-V

Farallon AI Assistant

Farallon Capital Management2023

First internal AI chat system for the firm. Built from scratch to provide AI-powered assistance to employees.

AI/MLPythonAzureTypeScript

Fusion Nexus — Cloud Management Platform

Farallon Capital Management2023

Full cloud management platform providing observability, monitoring, and operational oversight across multi-cloud infrastructure.

TypeScript.NETAzureTerraform

Fusion Forge — Project Management Platform

Farallon Capital Management2023

Replacement for Jira built to match the specific workflows and requirements of the organization. Full project management, tracking, and collaboration.

TypeScript.NETAzure
Capabilities

Skills & Expertise

63+ endorsed skills across cloud, security, AI, and development

Cloud Platforms

Microsoft Azure12y
Amazon Web Services (AWS)8y
Google Cloud Platform (GCP)5y

Infrastructure as Code

Terraform8y
CloudFormation4y
Bicep3y
ARM Templates6y

Identity & Security

Entra ID / Azure AD10y
Active Directory15y
SAML / OIDC / OAuth8y
Conditional Access6y
Zero Trust Architecture5y

Networking

Express Route5y
VPN / GCP Tunnels6y
DNS / Cloudflare10y
Virtual Networks / VPC8y
Firewall / NSG / WAF10y

Containers & Orchestration

Docker6y
Kubernetes / AKS / EKS4y
Azure Container Apps3y
KEDA2y

AI & Machine Learning

C2PA (Content Provenance)1y
Agent-to-Agent Protocols1y
Azure AI Services3y
LLM Integration2y

Development

TypeScript / JavaScript6y
Python5y
.NET / C#8y
PowerShell12y
T-SQL10y

Virtualization

VMware12y · 95 endorsements
Hyper-V10y

Cloud Computing

Cloud Computing12y · 48 endorsements
expert
advanced
intermediate
foundational
Peers & Leaders

Recommendations

19 received on LinkedIn — here are a few

Steve was one of the nicest IT people I ever worked with: he was always happy to help, patient, smiling and professional. We collaborated on many in house projects to promote some of our products (marketing and training tools) and he showed great initiative, ideas, quality and fast delivery from start to finish. As a product manager he was a great asset to my work; I really enjoyed working with Steve and would recommend him for any position.

Barbara Esanbock
Territory Sales Manager / Trainer
Worked with Steve on different teams

Steven is a remarkably dedicated individual with a wealth of experience and a huge passion for cloud based infrastructure and web development. He's always keen to improve and has a great work ethic. He was my web based wing man at Imagine IT.

Chris Abbott
Lead IT Infrastructure Administrator
Steve was senior to Chris

Steve demonstrated a unique balance of organization and creativity to provide specialized IT solutions for our team. He listened to our needs and provided a variety of ideas with our desired outcome in mind. He showed a great amount of skill and know how with building a variety of web based programs and solutions.

Kristen Estrada
Senior Corporate Impact Manager at Visit.org
Worked with Steve on the same team

I would highly recommend Steve. He has always worked very hard both personally and professionally. He is very detailed and continues to prove no challenge is too difficult.

Susan Beno
Instructor at NWTC
Worked with Steve at different companies
Contact

Let's Connect

Have a project in mind or want to discuss cloud architecture?

Protected by Private State Tokens + Cloudflare