Self-Service Cloud Platform
Provisioning time −80%Full Terraform modularisation of a GCP environment (Cloud Run, Cloud SQL, GCS, IAM) with golden-path workflows, guardrails and automated test gates. Provisioning time cut from ~4h to under 45min.
Bridging the gap between building fast and shipping safely.
Building secure applications from the ground up. DevSecOps practices, security audits, and robust protection against vulnerabilities baked into every stage.
Scalable full-stack applications with Python, Django, Go and modern frontend frameworks. Clean code, best practices, and cutting-edge technologies.
Streamlining deployment pipelines with containers and automated testing. Infrastructure as code for reliable, reproducible deployments.
Selected projects from my work as a DevSecOps Engineer and my own products.
Full Terraform modularisation of a GCP environment (Cloud Run, Cloud SQL, GCS, IAM) with golden-path workflows, guardrails and automated test gates. Provisioning time cut from ~4h to under 45min.
Secure runbook executor with a human-approval layer: an MCP-based remote server integrating GitHub, GCP Cloud Run/Logging and Terraform state. Every critical action is auditable, reversible and requires explicit approval.
SAST (Bandit, Semgrep) and DAST (OWASP ZAP) integrated into GitHub Actions with Docker image hardening before deployment. Automated rollback trigger on SLO breach cut the deployment error rate below 2%.
Provisioned isolated, production-like n8n automation sandboxes on AWS burstable EC2 (t3/t4g) with automated lifecycle management — giving 80+ trainees their own environment while keeping compute costs 50% below fixed-size instances.
Barrier-free Progressive Web App for assisted-living facilities. Residents track daily mood; staff monitor well-being trends and generate reports. Multi-tenant, Web-Push, containerised.
Production-ready, multi-tenant AI chatbot platform with appointment-booking. Configurable per client, embeddable widget, integrated into this site (bottom-right corner).
The tools I reach for across the software delivery lifecycle.
Products, containers, automation and security playgrounds.
AI trade-fair-stand designer SaaS for exhibition builders: prompt/RFQ → buildable, editable, quotable 3D booth. Parametric catalog core with diffusion hero-renders, RFQ → BOM → quote workflow.
Electron desktop app for screen recording built on the Loom Record SDK, with a custom drawing overlay and a lightweight local Express backend. Linux-first.
Versioned workspace for n8n automations — personal and per-client. Strict client separation via tags and name prefixes, secrets kept out of git, template-driven onboarding.
GitHub Actions pipeline that clones, builds Docker images and deploys via Docker Compose to a remote server — plus the Compose setup for an Angular frontend with a Django backend.
E-commerce store for customizable vinyl truck signs. Django + DRF backend, Stripe payments, Dockerised for deployment.
Django e-commerce store for baby tools, containerised with Docker and deployed to a VM.
Docker Compose setup for launching a WordPress instance backed by MariaDB — reproducible setup and maintenance.
Customizable Minecraft server via Docker Compose, deployable locally or to a VM with minimal effort.
Server hardening walkthrough: nginx, SSH key generation, disabling password auth, SSH aliases and managing multiple identities.
Pentesting tools in Python — network scanning, password cracking and exploitation scripts for ethical hacking and security testing.
Documented OWASP Juice Shop challenges — hands-on identification and mitigation of common web vulnerabilities in a safe environment.
Notes on DevSecOps, security and full-stack engineering.
Per-user n8n sandboxes on AWS burstable EC2 with automated lifecycle management — isolated environments at 50% lower compute cost.
Wiring Prometheus, Grafana and structured logging into the pipeline so an SLO breach triggers automatic rollback.
An MCP-based runbook executor: the agent gathers context and proposes, a human approves every critical action.