Portfolio

Published platform engineering and application security work — the reference implementations and architecture write-ups behind the GenAI/AppSec advisory practice.

  • AppSec MCP server

    Reference implementation — 8 tools, 5 ordered guardrails, 3 pluggable LLM providers, end-to-end OpenTelemetry observability.

  • GitOps on AWS EKS

    Enterprise GitOps platform on EKS — multi-cluster DEV/PROD isolation, ArgoCD, and security controls.

  • GitOps platform architecture

    GitOps platform architecture suitable for high-volume financial services environments.

  • Backstage developer portal

    Backstage internal developer portal — self-service platform for a regulated enterprise.

  • Platform engineering evolution

    From reactive operations to self-service — Crossplane, Temporal, and AI-augmented developer experience.

  • QuestDB on Azure

    Tiered-storage architecture diagrams — QuestDB Enterprise feeding Azure Blob with declarative lifecycle management.

  • GitHub → GitLab migration

    Migration guide and approach for moving from GitHub to GitLab.

  • Architecture review

    Architecture review of the GitOps demo environment.

  • Enterprise observability

    OpenTelemetry metrics, traces, and logs unified in Grafana with Tempo and Loki backends. A parent span per request, child spans for each guardrail and downstream call, and a shared trace ID injected into every log line — one correlation ID ties spans, traces, and logs together.

  • Claude Skills & context engineering

    Field notes on progressive disclosure — how Claude Skills change the economics of agentic coding work.

  • Claude Code implementation field notes

    Part two — wiring the playbook across a polyglot platform: memory load order, path-scoped rules, conditional guards, and managing the live context budget.

  • Amazon Q Developer POC

    Structured 4-week proof of concept — org setup, repo-trained customizations, baseline metrics, and a go/no-go decision package.

  • AI coverage — tests only, production untouched

    91% SonarQube coverage using Claude Opus 4 + GitHub Copilot with three enforcement layers keeping production source frozen. Reference config kit included.

  • Copilot coverage workflow

    A Copilot-only, cost-aware workflow that raises Java test coverage to 91% — autonomous agent loop, defense-in-depth guardrails, and token engineering.

  • Token cost optimization

    Field notes on the economics of agentic AI: why token cost grows every turn, and the four levers that cut it — lean context, load-on-demand, compress inputs, keep tool output off the meter.

  • Lean ML/Ops starter

    A migration, guardrail, and AWS-baseline starter for a team standing up a new ML/Ops environment — built so enforcement doesn't depend on which AI tool an engineer picks.

  • Context & Token Cheat-Sheet

    GitHub Copilot vs Claude Code — how each tool builds context, what it ignores vs loads, and the levers that control token usage.

  • The Credit Fire — Copilot spend parable

    A Phoenix Project-style narrative on why token cost is a work-in-progress problem, not a model problem. Six levers for controlling Copilot spend, in order.

  • Two meters for your AI coding tools

    What your AI coding assistant costs vs whether the services are up — in plain terms, applied to Copilot and Claude.

  • GitLab Orbit & Agentic AI

    What Orbit's SDLC knowledge graph does for AI agents like Claude, where it helps, and the blind spot — the code it won't read — to plan around before you rely on it.

  • ML/AI Capability Roadmap

    From a single ad-hoc workload to a governed, enterprise-wide platform — five maturity levels, the enterprise value chain, and responsible AI built in from Level 3.

  • ML/MLOps Platform Advisory — Reference Architecture

    From legacy delivery to a team-owned, self-service platform — agentic-native and compliant by default. Layered architecture with phased migration path.

Want this kind of work for your team?

See GenAI & AppSec advisory