Now: Exploring secure orchestration for Agentic AI workflows

I build infrastructure for AI agents.
Then I write about why it breaks.

Staff engineer specializing in identity systems, agentic AI workflows, and Kubernetes platforms that scale without the chaos.

See my work Read the blog

Interactive Architecture

Autonomous Agent Sandbox Execution Flow

Autonomous Agent n8n / LangChain

Boundary

Policy Check

Zanzibar / OpenFGA

K8s Pod

Execution Sandbox EKS / Firecracker

Sandbox Logs READY

01. About

I'm a Staff Software Engineer focused on platform and identity systems — the infrastructure that lets engineering teams ship fast without breaking security or each other.

I've spent years running multi-tenant Kubernetes platforms across AWS and GCP, replacing managed identity services with open-source IAM, and making GitOps actually work beyond 5 teams.

I write about what I learn, because building it is only half the battle.

02. Core Expertise

AI Infrastructure & Orchestration

Securing LLM pipelines, managing GPU workloads on K8s, and establishing identity boundaries for autonomous workflow agents (Open Claw, n8n).

Cloud Platforms

AWS EKS, GKE, multi-cloud strategies, and highly available multi-region footprints designed for operational resilience.

Identity & IAM

Open-source identity stacks (ORY Hydra/Kratos/Keto), OAuth2 token flows, zero-trust architectures, and multi-tenant auth borders.

GitOps & Delivery

Normalizing app delivery with ArgoCD, Kustomize, and Helm. Building golden paths and embedding policy-as-code.

Observability & Ops

OpenSearch, Elastic, Dynatrace, New Relic. Meaningful SLOs, actionable alerting, and prioritizing incident learning over finger-pointing.

03. Featured Work

View all work →

Platform Engineering

GitOps-first multi-cloud platform

Normalized app delivery across clouds with tenant-aware namespaces, promotion pipelines, and SLOs baked into templates.

ArgoCD Kustomize Helm EKS/GKE

"Blast radius alignment is a delivery problem, not just a security one."

Identity & Tenancy

Open-source IAM replacing AWS Cognito

Replaced managed identity with open-source IAM — auth boundaries that survive org growth, audits, and SSO complexity.

ORY Hydra Kratos Keto OAuth2

"Cost and lock-in tradeoffs should be made explicit before you're three years in."

Reliability & Operations

Platform reliability guardrails

Paved-road patterns and pre-flight checks so platform changes ship fast without breaking security or compliance.

SLOs OPA Runbooks GitOps

"Guardrails beat gates. Teams self-serve when the path is obvious."

View all work →

Latest Deep Dive

Why AI Agents Will Break Your Identity Platform

A deep dive into the architectural gap between traditional human-in-the-loop OAuth2 and the reality of autonomous machine-to-machine AI behaviors. If your IAM isn't ready, your AI is a massive compliance risk.

Read the full analysis →

Subscribe to the deep dives

Join engineering leaders getting the latest architectural breakdowns on Agentic AI Infrastructure, Identity Boundaries, and Platform Engineering.

No spam. Unsubscribe anytime.

Want to work together?

I'm available for consulting, conference talks, and podcasts.
Topics: Architecting secure execution sandboxes for Agentic AI, M2M Identity at scale (Zanzibar/OAuth2), and breaking Kubernetes vendor monoliths.

GitHub Profile Get in touch

I build infrastructure for AI agents. Then I write about why it breaks.