I build the infrastructure that makes AI possible — and the security that keeps it safe.
15+ years engineering production systems at scale. Custom Terraform provider author. HashiStack architect. Self-hosted AI/LLM infrastructure. Public speaker at Splunk .conf 2017 and Nutanix .NEXT 2018.
Open to the right opportunity — [email protected]
Self-hosted LLM inference with Ollama — air-gap capable, zero cloud vendor dependency. RAG pipeline architecture using ChromaDB vector databases and embedding models. MCP (Model Context Protocol) server development with FastMCP. Production AI systems with confidence-tiered response engines and hallucination mitigation. Local LLM deployments for security-sensitive environments with full data sovereignty.
15-agent orchestration architecture (FULCRUM). Cognitive profile-aware agent design. Claude API at depth — tool use, context management, multi-turn orchestration. Agent pipeline design for security, compliance, and infrastructure automation workflows.
HashiStack architect — not a user, a designer. All five tools in production at SOVEREIGN scale: Vault for zero-trust secrets management, Consul for service mesh and service discovery, Nomad for workload orchestration, Terraform for IaC, Packer for hardened image pipelines. Zero hardcoded credentials anywhere. Zero manual SSH steps from git push to running service.
Authored a custom Terraform provider for the Antsle hypervisor in Go using the Terraform Plugin SDK — 9 writable resource types, 15+ read-only data sources, full CRUD lifecycle. Beyond using Terraform — understands how it works at the plugin level. Also: Ansible for multi-machine orchestration, Packer for image hardening, Helm for Kubernetes workloads.
Internal developer platform design — git push to running production service with no manual steps. Service mesh (Consul), workload orchestration (Nomad), reverse proxy and TLS (Traefik), secrets management (Vault). Packer-based image hardening pipelines. Multi-machine Ansible deployment automation. MSP-scale platform delivery across dozens of enterprise client environments.
Security embedded in CI/CD — not bolted on after. Auto-healing security controls that self-correct on drift. Policy as code with OPA/Rego for behavioral baseline-driven enforcement. eBPF/Tetragon for kernel-level network observation and runtime security (INTERCEPT). PCI-DSS, HIPAA, SOX, SOC2 compliance automation — controls provisioned by Terraform, not manually configured.
Built four managed security service offerings from zero at C1: VMaaS (Vulnerability Management as a Service) on Tenable.io, AMaaS (Attack Surface Management as a Service) on Axonius, XDRaaS (Extended Detection and Response as a Service) on CrowdStrike and Cylance, SIEMaaS (SIEM as a Service) on Splunk. Owned platform onboarding, service delivery playbooks, detection tuning, and client relationships end-to-end.
SIEM architect — built enterprise Splunk solutions for 10,000+ customers at Genesys. Terraform and Splunk provider framework for automated SplunkCloud compliance deployments (PCI-DSS, HIPAA, SOX). Custom searches, correlation rules, dashboards, and automated response workflows. Invited speaker at Splunk .conf 2017.
AWS, Azure, and GCP simultaneously — not specialized in one, fluent across all three. Auto-healing security controls, threat hunting at 10,000+ customer scale, PCI pentests. IAM architecture, zero-trust design, cloud-native security tooling across all major providers.
Production Go development — not just familiarity, but shipped code. Custom Terraform provider (9 resource types, 15+ data sources, Terraform Plugin SDK). Concurrent systems, API clients, protocol bridges. Go as the language of infrastructure tooling.
Passive API traffic scanning and analysis. mitmproxy-based capture architecture. 24-rule behavioral detection engine (INTERCEPT). API threat modeling and vulnerability assessment. Security testing without disrupting production traffic.
Kernel-level network observation and runtime security enforcement using eBPF and Tetragon (INTERCEPT). Process-level visibility without agents. Policy-driven enforcement at the kernel layer. Rare practical skill — most security engineers have not deployed eBPF in production.
Policy as code using Open Policy Agent and Rego for behavioral baseline-driven enforcement. Automated compliance controls, admission policies, and infrastructure guardrails. Decoupled policy from application logic — policies that audit themselves.
Production Python across AI, security, and infrastructure tooling — Flask, FastAPI, async patterns. RAG systems (SPECTER), developer productivity platforms (ANCHOR), MCP servers (REMNANT), API security (INTERCEPT). uv for dependency management, RQ/Redis for task queues, SQLAlchemy for data layers.
Kubernetes in production — cloud migration, custom controllers, CRDs. Container security: multi-stage builds, runtime hardening, image scanning pipelines. Nomad as a Kubernetes alternative for workloads where simplicity beats complexity.
Full-stack telemetry design: Splunk, Grafana, Loki, Prometheus, Datadog, Sensu. Built the observability infrastructure Genesys’ 10,000+ customers depend on. MQTT for IoT and edge telemetry. Real-time alerting, dashboards, and automated response pipelines.
Enterprise networking foundations: BGP, DNS, VPNs, firewalls, load balancing. RS-485 serial protocol engineering and passive hardware tapping (FRAMEWORK). LoRa mesh networking (Meshtastic/MeshCore), RF propagation, antenna design. Licensed amateur radio operator (WA7ABU) — federal exam, RF fundamentals.
C1 is one of the largest IT solutions providers in North America — a Cisco Gold Partner and managed services organization delivering complex architecture across security, networking, collaboration, and cloud to enterprise clients.
C1 is one of the largest IT solutions providers in North America — a Cisco Gold Partner and managed services organization delivering complex architecture across security, networking, collaboration, and cloud to enterprise clients.
Genesys powers customer experience solutions for 10,000+ companies worldwide.
Genesys powers customer experience solutions for 10,000+ companies worldwide.
Genesys powers customer experience solutions for 10,000+ companies worldwide.
Leading the transformation of digital infrastructure in the automotive wholesale industry.
Managed mission-critical infrastructure for enterprise network operations.
nu11.info is a cybersecurity and automation knowledge-sharing hub focused on SIEM, cloud-native security, and best practices.
Architect & Developer · 2025 - Present
Self-hosted passive API intelligence and AI governance platform. Sits transparently on the network as a proxy — no code changes required. Learns the complete API surface from real observed traffic. Runs 24 security rules synchronously on every flow: secrets detection, JWT vulnerabilities, PII exposure, CORS misconfiguration, unauthenticated endpoints. Maps every AI service call across the network — detecting shadow AI usage, PII in model prompts, ungoverned model access, and token-volume exfiltration signals. eBPF/Tetragon provides kernel-level process attribution for every TCP connection. OPA/Rego policy engine enforces rules derived from observed behavioral baselines — policies that build themselves from real traffic.
Architect & Developer · 2024 - Present
Personal multi-agent orchestration system — 15 specialized AI agents functioning as an executive function layer. Each agent has a defined role, authority hierarchy, trigger conditions, and behavioral constraints. Deployed across two surfaces: Claude Skills (reactive, in-session) and Mattermost Bot via n8n (proactive, scheduled). Integrates REMNANT for persistent memory, ANCHOR for project state, Planka for task management. Cognitive profile-aware — agent behavior adapts to energy state and stress indicators.
Architect & Developer · 2024 - Present
Self-hosted AI-integrated developer productivity platform for the multi-project engineering workflow. Zero-friction idea capture, context restoration on every project open, git hook auto-logging across all machines, and dormant project alerts. AI Daily Brief and Weekly Retrospective via Claude API. Idea-to-repo pipeline: raw concept to scaffolded Gitea repository with CLAUDE.md generated for Claude Code. Stack: Python/Flask, PostgreSQL, Redis/RQ, Docker, Ansible multi-machine deployment.
Architect & Developer · 2023 - Present
Full infrastructure control plane on self-hosted Antsle hypervisor hardware. Packer builds hardened AlmaLinux 9 base images across a five-tier pipeline (base to hashicore to hashiclient to ollama-node to data-node). Custom Terraform provider provisions all infrastructure. Vault manages all secrets — zero hardcoded credentials anywhere. Consul handles service mesh and service discovery. Nomad orchestrates all workloads. Traefik handles reverse proxy and TLS. Result: git push to running production service with zero manual SSH steps.
Architect & Developer · 2024 - Present
RAG-based system for automating enterprise security compliance questionnaires. Stack: Flask, ChromaDB vector database, Ollama local LLM inference — no cloud API dependency. Confidence-tiered response engine: above 0.85 auto-fills, 0.65–0.84 queues for human review, below 0.65 escalates to SME. Achieves 85%+ automatic completion rate. Deployed for a VP of Security at a financial services enterprise. Air-gap capable — all inference runs on-premises with full data sovereignty.
Author · 2023 - Present
Full Terraform provider for the Antsle hypervisor platform — written in Go using the Terraform Plugin SDK. Nine writable resource types with full CRUD lifecycle, 15+ read-only data sources. Enables complete infrastructure-as-code for self-hosted, privacy-first environments with no cloud vendor dependency. Powers the entire SOVEREIGN infrastructure provisioning pipeline. Writing a provider validates deeper Terraform knowledge than any certification — it requires understanding how Terraform works at the plugin level.
Architect & Developer · 2025 - Present
Self-hosted knowledge graph that ingests AI conversation exports and engineering decision records. Hugo-based structured knowledge base with React Flow graph visualization. FastMCP server enables live semantic querying via Claude Code — AI assistant with persistent memory of everything ever built. Full data sovereignty. Nothing leaves the network.
Architect & Developer · 2022 - Present
Reusable Terraform and Splunk provider framework for enterprise SplunkCloud deployments across MSP client environments. Automated provisioning of compliance controls (PCI-DSS, HIPAA, SOX), dashboard templates, and client handoff documentation. Single framework — repeatable across dozens of client deployments.