Building secure, understandable, and operable infrastructure.

I'm an experienced cloud and security architect with a strong focus on building resilient, secure, and operable infrastructure platforms. My work centers on systems that are designed to run in real production environments, not just proofs of concept.

I work extensively with hardened Linux and BSD systems and have a deep operational understanding of frontline production workloads. This includes system hardening aligned with NIST and KRITIS principles, kernel-level security controls, SELinux and AppArmor policies, network isolation, and protection against a wide range of attack vectors. Reliability and defensive depth are always treated as first-class design goals.

Over the years, I've designed and operated Kubernetes platforms across multiple distributions, including k3s, upstream Kubernetes, and RKE2, in data center, hybrid, and edge environments. I am a strong advocate of infrastructure as code, primarily using Ansible and OpenTofu, to create reproducible, auditable, and maintainable systems.

As co-founder of MPOWR-IT, my work has focused heavily on regulated and security-sensitive industries, particularly energy systems, industrial telemetry, and data processing in the automotive and aviation sectors. This includes secure data ingestion pipelines, air-gapped and segmented environments, bastion and SPA-based access patterns, and network designs built for long-term operability.

Beyond customer projects, I enjoy designing CLI-driven platforms and internal tooling, experimenting with system-level extensions such as Thalos Linux, and exploring reverse engineering as a technical hobby. I value clarity over complexity, automation over manual processes, and documentation as an integral part of any deliverable.

Above all, I believe systems should be understandable by the engineers who operate them next.