I own platform and infrastructure strategy end-to-end. I architect systems, set technical direction, and ship the internal platforms that let engineering organisations scale safely. My scope spans platform engineering, infrastructure architecture, SRE, and security. 9 years across regulated enterprise, government, and high growth tech.
→ Full tooling breakdown available in CV
Inherited significant tech debt consisting of custom pipelines and 45 minute deploy cycles. Migrated to an OpenTofu monorepo with centralised constructs, embedded OPA policy enforcement, automated security scanning, and cost prediction. Non-compliant infrastructure is blocked at build time, not post deploy. Alongside the platform work, built a multi-tenant RAG solution on Amazon Q to reduce manual research time for underwriting and sales from hours to minutes, while enforcing strict data isolation."
Teams were batching 500+ changes over months due to shared QA environments and GitFlow. Implemented trunk-based development with per developer preview environments and blue/green production deploys with instant rollback capability.
Government client required sovereign, redundant operations across both clouds with no internet egress. Designed encrypted cross-cloud communication with security controls meeting ISO 27001 and SOC 2 compliance in a fully restricted network environment.
A breakdown of where Kubernetes implementations fail in practice. Networking assumptions, RBAC sprawl, poorly scoped workload identity, and abstraction layers that create more problems than they solve. Includes an opinionated production Kubernetes setup guide with real trade-off reasoning at each decision point.
A full architecture breakdown of Internal Developer Platform (IDP). Details the core components, rollout sequencing, and build vs buy trade offs, alongside the organisational dynamics and developer experience decisions that actually drive engineering adoption.