Martin Opedal
Lead Cloud Solution Architect at Microsoft
Oslo, Norway
Actions
Martin Opedal co-founded two of Norway's highest-rated breweries before he became a Lead Cloud Solution Architect at Microsoft. Both crafts taught him the same lessons: reproducibility matters, drift bites you, and the rollback always costs more than the design review.
Fifteen years in Azure, Entra, and M365. Time at Teknograd, Advania, Avanade, and Sopra Steria before Microsoft, working with regulated Nordic enterprises across financial services, insurance, government, and technology. Nine Azure and Terraform certifications, including Azure Solutions Architect Expert and Cybersecurity Architect Expert. Contributor to Azure Verified Modules. Maintains open-source Terraform patterns for landing zones, AKS, and GitHub-runner infrastructure.
On stage Martin shows real code, real tenants, and the parts that broke before they worked. The breweries are Cervisiam and Krecher, plus the Oslo beer bar Oculus, if you want to compare notes after the talk.
Area of Expertise
Topics
The Skill Library and the Memory Vault: An Architect's Agentic Workflow That Actually Ships Work
A customer asked for an ALZ design walkthrough on a Monday afternoon. The deck was in their inbox before close of business the same day. Forty-two slides, Fluent design tokens, pre-rendered Mermaid diagrams, accessible contrast, speaker notes, in my own voice. Total operator time at the keyboard: about fifteen minutes.
This session is the stack that made that possible, and how an Azure architect can build the same stack in a week.
The pitch is not "AI is fast." The pitch is that the value of an agentic workflow is in the layers around the model, not the model itself. Three layers, all on stage:
A skill library. Reusable, scoped instructions the agent loads on demand. One skill knows how to build a customer HTML deck with the right design system. Another knows my writing voice in English and Norwegian. A third drives the Sessionize-style CFP format you are looking at right now. I show what a skill file looks like, the gotchas in the loader (the silent drops, the description length limit, the untrusted/ loading convention against the lethal trifecta), and how a small library compounds over a quarter.
A memory vault. A private Obsidian-shaped Git repo the agent reads on every session start. Patterns, decisions, project memory banks, voice profiles, runbooks. Not a wiki anyone updates by hand. The vault writes itself as a side effect of work, with a session-close skill that summarises what was learned and a curate skill that fixes links and merges duplicates. I show the structure, the redaction layer (gitleaks plus a custom content policy plus a git smudge/clean filter so customer names never leave the laptop), and the daily sync.
The workflows that consume both. Live on stage I produce: a forty-plus slide customer deck from a one-paragraph brief, a hands-on lab with a working Terraform module and a step-by-step README, a LinkedIn post in my own voice from a private Teams thread (redacted on the way out), a Sessionize CFP draft that follows the format rules of this exact event, and a one-page architecture review for an ALZ design. Every output is a file I would actually ship.
The talk is not theoretical. Every workflow is the one I use in the field. The skill library and vault that drive the demos are real, currently in use, and the patterns are portable to any architect or engineer who works in Copilot CLI, Claude Code, or any agent that supports skills and a file-system memory layer.
I also show the parts that do not work yet. Skills that hit the description-length ceiling and silently fail to load. Vault context bloat that costs latency and money. The lethal-trifecta risk pattern (untrusted content plus tools plus exfiltration) and the loading convention that mitigates it. What I changed after I got it wrong.
This is a session for IT pros and architects who use Copilot or any coding agent today and want to get past the chat window into a workflow that actually saves hours per week. Not a pitch for any one product. A practical architecture for how to build a personal agentic stack that compounds.
The Azure Architecture Agent That Is Not Allowed To Apply
The first time I let an agent run terraform apply against a customer subscription, I learned something useful. It should never be allowed to do that.
An agent that can apply Terraform is a liability. An agent that can prove drift, write the PR, run the plan, and stop before apply is useful.
This session shows where that line lives in practice. I run an agent against a real tenant. The agent reads Azure state via Azure Resource Graph. It compares the live state against the IaC repo and detects drift. It writes a PR with the proposed fix. It runs terraform plan against the PR branch. It posts the plan output as a PR comment. It stops there.
Apply is a human decision. The session shows why that boundary matters, and where every shortcut around it has bitten me or someone I know.
The agent stack is public. agentic-alz for the orchestration, mcp-server-azure-architect for the Azure-aware tool surface, alz-graph-queries for the read-only ARG queries, azure-analyzer for the unified finding model. The session walks through how the agent decides what to look at, how it scopes a PR, and how it knows when to stop.
The hard part is not the agent. The hard part is the read-only contract. The session is honest about which Azure APIs are read-only by default, which look read-only but can mutate state, and how to guarantee the agent's identity has no apply path even if it tries.
Terraform your way to Azure Landing Zone Success!
Hands on session with field notes on real life use-cases with the Azure Landing Zones Terraform Accelerator
No More Spec-ulation: AI Agent Teams Building Production-Grade IaC
"Just describe your infrastructure and the AI writes it." We have all heard the pitch. The reality is hallucinated resource properties, forgotten dependencies, drifted state, and Terraform plans you are afraid to apply. What if we stopped guessing and started spec-ifying?
In this session I show how spec-driven development with Speckit and Squad turns Infrastructure as Code from a solo copy-paste-pray workflow into a structured, multi-agent engineering process, with real Terraform and Bicep deploying to real Azure.
Squad gives you a team of AI agents, each with a dedicated role (lead architect, IaC developer, validator, security engineer), collaborating on your infrastructure code the way a real engineering team would. Instead of free-form code generation, every module flows through Speckit's gated workflow: specify, plan, tasks, implement, validate. No code gets written until the spec is approved. No resource gets deployed until contracts are verified.
What you will walk away with:
Live demo: building an Azure Landing Zone component with both Terraform and Bicep, from spec to terraform apply / az deployment, driven by AI agent squads
Spec-driven IaC patterns: writing infrastructure specifications that prevent hallucinated resources, enforce naming conventions, and guarantee policy compliance before a single line of HCL or Bicep is written
Squad orchestration for IaC: configuring specialized agents (networking, identity, compute, security) that understand your Azure architecture and validate each other's work
Head-to-head comparison: the same infrastructure spec implemented in both Terraform (AzureRM/AzAPI) and Bicep, comparing how agents handle each language's idioms, module patterns, and testing approaches
Guardrails that actually work: using spec gates to catch missing NSG rules, overly permissive RBAC, and non-compliant naming before they become production incidents
This is not a "look what AI can do" talk. This is a practical workflow for infrastructure engineers who need to ship reliable, compliant Azure infrastructure at scale and want AI agents to do the heavy lifting without the guesswork.
Technologies demonstrated: Terraform (AzureRM, AzAPI), Bicep, Azure Landing Zones, GitHub Copilot, Squad, Speckit and GitHub Actions
Hand Me a Subscription ID: Sixty Minutes of Live Azure Forensics with azure-analyzer
Hand me a subscription ID. I will tell you in ten minutes what is wrong with your landing zone. Hand me an hour and I will hand you back a Schema 2.2 findings report with MITRE mapping, severity, effort, and remediation snippets for thirty assessment dimensions.
This session is sixty minutes of live Azure forensics against real tenants, audience-driven. No deploys. No applies. No state files. Just azure-analyzer running read-only against the live Azure metadata layer and the surrounding governance APIs.
azure-analyzer is a PowerShell runner that wraps thirty Azure, GitHub, and ADO scanners into one orchestrator. Each scanner emits a v1 envelope. Normalisers convert to a FindingRow Schema 2.2 row with Pillar, Frameworks, MITRE, Impact, Effort, RemediationSnippets, EvidenceUris, BaselineTags, ScoreDelta, EntityRefs, ToolVersion, and DeepLinkUrl. The orchestrator writes results.json plus entities.json (v3 entity model with edges). The report comes out as HTML and Markdown.
For the live session I use it in two modes:
Interactive query mode (first 45 minutes, audience-driven). Audience volunteers a subscription they have RBAC for. I open azure-analyzer and run individual queries from the embedded 135-query ALZ Resource Graph library, mapped to the official ALZ Checklist by item ID. Then I take requests. "Show me storage accounts with public network access enabled." "Show me NSG rules that allow inbound any-to-any over RDP." "Show me identities with Owner at the management group root that are not break-glass." Each query is one paste, one execution, one finding. Sub-second per query. The room sees what the tenant actually looks like, control by control, and where the drift is.
Report mode (final 15 minutes, capstone). I show the unified Schema 2.2 report from a pre-run scan, walking through the entity graph, MITRE technique coverage, effort-versus-impact prioritisation, and the deep-link evidence URIs that take a security engineer straight to the offending resource in the portal. This is the artifact you hand to leadership. It is what the audience-driven queries become at scale: not a screen of KQL output, but a typed, indexed, framework-mapped findings catalogue. The report renders from cached results.json, so nothing live can fail at this stage.
Read-only across the whole session. The interactive ARG queries are sub-second and idempotent. The report is a static artifact. There is nothing to break. Worst case for the audience volunteer is that we find something they did not know about. Best case is the same thing.
The session is structured but not scripted. I have baseline starter queries (BD-04, BD-05, NS-09, the policy and diagnostic settings checklist items), then take requests. By minute fifty the room has seen the runner used as a tenant audit tool, an incident response tool, a compliance proof tool, and a portfolio governance tool spanning Azure plus the GitHub and ADO supply chain. The toolkit and the query library are public. The session ends with the audience knowing how to write their own scanners against the same Schema 2.2 contract.
The fallback if no audience subscription is offered is a sandbox tenant with seeded findings. The Schema 2.2 report path is identical, just against the sandbox.
Azure You Can: Simplify Terraform with GitHub Copilot!
Join me for a fun and informative session where we'll explore how GitHub Copilot can streamline your Terraform workflows on Azure. In "Azure You Can: Simplify Terraform with GitHub Copilot!", we'll dive into the powerful combination of Terraform and GitHub Copilot to enhance your cloud infrastructure management.
We'll start with a quick overview of Terraform and Infrastructure as Code (IaC), then introduce GitHub Copilot, your AI-powered coding assistant. See how Copilot's intelligent suggestions and auto-completions can simplify complex Terraform tasks, from creating resource definitions to managing configurations.
You'll learn from real-world examples and get tips on integrating GitHub Copilot into your workflows for improved efficiency and collaboration. Plus, there will be an interactive Q&A to answer all your questions.
Don't miss this chance to elevate your Terraform skills with GitHub Copilot. Let's make your Azure infrastructure management Azure-some!
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top