Work With Me

I take on a small number of consulting engagements each quarter. If your team is dealing with infrastructure security, cloud architecture, or DevOps challenges that need an experienced practitioner — not a slide deck — read on.

What I Help With

Cloud Security Architecture

Designing and reviewing IAM, network security, and access control across AWS, GCP, and Azure. This means: threat-modelling your IAM setup, finding the privilege escalation paths before an attacker does, designing least-privilege policies that are actually maintainable, and building the documentation your team needs to audit and rotate access without causing outages.

Common triggers: a cloud security audit found gaps, a new compliance requirement (SOC 2, ISO 27001, PCI), a post-incident review that traced back to a misconfigured role, or simply a cluster that’s grown faster than the security model that governs it.

Kubernetes and Container Security

Security architecture for Kubernetes environments: RBAC design, network policy, pod security, workload identity, runtime monitoring with eBPF-based tools (Tetragon, Falco, Cilium). Both EKS and GKE environments, on-premises clusters, and hybrid setups.

This isn’t a checkbox exercise. I look at what your workloads actually do, what they need, and what they shouldn’t be able to do — then build the controls that enforce that boundary.

DevOps and Infrastructure Hardening

CI/CD pipeline security, infrastructure-as-code review, secrets management, image hardening, and supply chain security. If your team ships fast and security is an afterthought bolted on at the end, I can help build it into the pipeline instead.

IT Security Architecture

Security architecture for internal IT infrastructure: zero trust network access, identity federation, endpoint security, and the controls that sit between your internal systems and the cloud accounts your engineers use every day.

Who This Is For

Engineering teams scaling their infrastructure and hitting security gaps they don’t have the internal depth to address
Security teams that need a practitioner who can work at the code and configuration level, not just produce reports
Startups approaching a compliance milestone (SOC 2, ISO 27001) who need architecture guidance, not just a compliance checklist
Teams evaluating eBPF-based observability or security tooling and needing help with architecture and deployment

How I Work

Assessment — a structured review of your current state: IAM configuration, RBAC setup, network boundaries, secrets hygiene, monitoring coverage. Deliverable: a prioritised findings report with specific remediation steps, not generic recommendations.

Architecture — designing the target state: IAM model, network policy, access control architecture, workload identity setup. Deliverable: architecture documentation and configuration your team can implement and maintain.

Implementation support — working alongside your team to build and review the implementation. Code reviews, configuration reviews, pairing on specific problems.

Ongoing advisory — a retainer for teams that need a security practitioner available for reviews, questions, and architecture decisions as the system evolves.

Open Source

I also contribute to and collaborate on open-source infrastructure security tooling. If you’re building something in this space and want an experienced collaborator, reach out.

Get in Touch

The fastest way is a direct message on LinkedIn. Describe what you’re working on and what you need — I’ll respond within 24 hours.