Ahmed Shalabi

About

How I think about architecture, what I bring to a programme, and where I've done it.

Approach

How I think about architecture

Most architecture mistakes are made before the first line of code.

By the time a system is in production, the trade-offs are already in concrete — the cost of a wrong decomposition is measured in years, not weeks. So I spend my time at the front: ADRs and C4 diagrams as conversation tools, not write-once deliverables. If a decision can't be explained in one paragraph and one diagram, it isn't a decision yet.

Three opinions I hold strongly:

Decompose only along bounded contexts

Microservices that share state are worse than one monolith. The Commercial Licence decomposition worked because we found the natural seams — a bounded context per business capability, from approval and licensing to location, invoicing, and safety permitting — before splitting code.

Reliability is event-driven, not REST

The Debts Hub started life as a REST callback flow. Synchronous callbacks gave weak delivery guarantees under load, so we switched to event-driven messaging over RabbitMQ. The lesson scaled across the platform: every gating integration in the Balady ecosystem now consumes events, not synchronous callbacks.

Compliance is architecture, not bolt-on

PDPL data masking, consent validation, and commercial-terms enforcement belong at the gateway, not in each consumer. The Event Distribution Hub counter-proposal was built on that principle.

The job is finding the right constraints early. Execution follows.

Skills

Capabilities I bring to a programme

Each area is grounded in production work at NHCI and earlier engagements.

Architecture & Design

Domain-Driven Design Multi-bounded-context decompositions backed by Camunda BPMN/DMN.
Expert
Event-Driven Architecture RabbitMQ Streams, Kafka, Debezium CDC, outbox, saga compensation.
Expert
Workflow Orchestration Camunda Self-Managed BPMN/DMN, saga compensation, rule engines.
Advanced

Platform & Infrastructure

Cloud & Hybrid-Cloud On-prem ↔ OCI, AWS, Azure, IBM Cloud. Strangler Fig at scale.
Advanced
Microservices on Kubernetes Production K8s, Helm, service mesh, multi-cluster, Apigee gateway.
Advanced
API & Integration Apigee, OAuth 2.0 / OIDC, HMAC + replay protection + idempotency.
Advanced

Data, Security & Operations

Data Architecture PostgreSQL, Oracle 19c, MongoDB, Redis Cluster, Elasticsearch.
Advanced
Security & Compliance PCI DSS, GDPR, PDPL data masking, SSO, signed-webhook security.
Advanced
Observability & SRE Self-managed Sentry, ELK, Elastic APM, Prometheus, Grafana.
Proficient
Career & education

Senior Solutions Architect

2024 — Present
NHCI Riyadh, Saudi Arabia

Architect for 10+ systems within the Balady citizen super-app and supporting platform services. Authored 11+ canonical HLDs, two governance frameworks (Architecture Contribution & Review; Technology Assessment & Decision), and the platform's Unified Logging Framework.

Cloud Solution Architect / Tech Lead

2016 — 2024
IBM KSA & Egypt

Cloud-native delivery for clients across banking (First Abu Dhabi Bank), retail (Nike), healthcare (Dubai Health Authority), and HR / SaaS (Panorama): monolith-to-microservices on OpenShift, PCI-compliant integration patterns, and IBM Watson SOA integrations. Also delivered an Oracle ERP (E-Business Suite) implementation for the telecom operator Orange.

Technical Consultant

2014 — 2016
Raya International Service (RIS) Cairo, Egypt

Oracle EBS R11 → R12 upgrades; migration of Letter-of-Guarantee and Letter-of-Credit modules; Java + Oracle DB integration work and financial-data reporting.

Bachelor of Accounting

2008 — 2012
Mansoura University Mansoura, Egypt

AWS Web Services Boot Camp · Oracle Developer Diploma · Java SE Programming & ADF I.

Certifications

In progress: Arcitura Digital Transformation Solution Architect · AWS Solution Architect Professional · Advanced Kubernetes Administrator.

Want the full detail? Download the CV or browse the case studies.