Detailed case studies of platform engineering, security, and automation work across cloud infrastructure, AI/ML, and DevOps tooling.
I designed a three-tier Terraform architecture (67 modules) that lets one engineer safely manage 6 AWS accounts, 16 environments, and 60+ microsegmented endpoints with zero static credentials and no outbound internet access.
I built a single 785-line reusable GitHub Actions pipeline that enforces FIPS cryptography, dual vulnerability scanning, and SBOM attestation across all 40+ containers, eliminating the TOCTOU gap with a local OCI registry pattern.
I migrated 40+ containers from Docker Swarm to AWS ECS Fargate with zero data loss and zero application code changes, using PostgreSQL logical replication as a hot standby for instant rollback.
I built a suite of GitOps tools, from a declarative PaaS deployment system managing 40+ containers to a self-service deployment manager at 98% test coverage, all designed to let a small team operate like a large one.
I made Google Workspace the single source of truth for access across 10+ systems and built a differential Kong config engine that treats gateway state as code, delivering 15+ branded login experiences from one Keycloak deployment.
I collapsed 12+ per-brand Docker builds (50-60 min) into a single image that resolves brand identity at startup in ~200ms, replacing 650 lines of shell scripts with 1,341 lines of tested Go tooling.
I led a distributed team of 4-7 engineers through an 18-month FedRAMP authorization while building structured knowledge-sharing sessions that took engineers from zero cloud security experience to independently deploying regulated infrastructure.
I built a PII-safe analytics pipeline replicating 25+ production tables with schema drift detection, eliminating direct production database access for analysts while keeping observability across all 40+ ECS tasks.
I built 16 Terraform modules composing a complete AI stack (Bedrock, SageMaker, pgvector) with production guardrails, delivering sub-second RAG search and multi-step AI flows under the same compliance controls as the core platform.
I implemented three MDM protocols (Apple, Windows SyncML, Android) at the wire level in a single Go binary (~60K lines), with a PostgreSQL event bus and HTMX dashboard proving enrollment burst handling at scale.
I built a Python pipeline that consolidates vulnerability data from 3 APIs into a unified dashboard with SLA tracking, validated by 28 property-based tests ensuring merge correctness across arbitrary inputs.