Technologies and expertise

What we work with

A practical list of technologies and the services we deliver around them. We reference client names only when it’s explicitly safe to do so (permission/NDA).

See services Ask a question by email

Cloud & Infrastructure

Foundations, automation, and operational ownership.

Cloud foundations (AWS/Azure/Google Cloud)

  • Account/org/subscription structure and baseline guardrails
  • IAM/SSO patterns (roles, MFA, least privilege)
  • Networking foundations and DNS strategy
  • Cost controls (tagging, budgets, alerts)

Infrastructure as Code

  • Repo structure, module patterns, environment layout
  • CI plan/apply workflows with approvals and audit trail
  • Drift detection and safe remediation
  • Cloud-native patterns (CloudFormation/CDK, Bicep/ARM)

Linux + containers

  • Docker/Compose patterns and lifecycle automation
  • “Boring reliability” defaults: health checks, restarts, rollbacks
  • Monitoring/logging baselines and alert hygiene
  • Incident-ready docs and recovery steps

Virtualization and lab environments

  • QEMU lab setups for testing upgrades and network changes
  • Reproducible dev/test environments that mirror production constraints
  • Documentation and automation for handoff

HA patterns

  • HAProxy and keepalived (health checks, failover behavior)
  • TLS termination patterns and hardening
  • Operational observability

DNS, email, and trust

Stability, deliverability, and a change process you can rely on.

DNS and domains

  • Cloudflare, Route 53, registrar best practices
  • Inventory and cleanup to reduce risk
  • Change control: review, staging, monitoring, documentation

Email deliverability

  • SPF/DKIM/DMARC rollout (monitor → enforce)
  • Deliverability diagnostics and remediation
  • Ongoing monitoring recommendations

Certificates and rotation

  • Certificate inventory and cleanup
  • Rotation playbooks and zero-downtime patterns
  • mTLS trust model design where appropriate

Vault (secrets + PKI)

  • Architecture and bootstrap (HA, TLS, unseal strategy)
  • PKI setup (intermediate CAs, roles, issuance workflows)
  • Operational runbooks (backup/restore, upgrades)

Identity & access

Operationally sound authentication and authorization patterns.

Samba Active Directory

  • Domain design (naming, DNS, replication, join strategy)
  • Hardening and lifecycle documentation
  • TLS strategy and client trust

SSO patterns

  • Google Workspace and other provider integration patterns
  • Least privilege and audit-friendly workflows
  • Safe onboarding/offboarding processes

Software development & automation

Maintainable tooling that survives operational reality.

C++ / Python / Tcl

  • Custom tooling for validation, migration, and integration work
  • Automation and “glue code” (APIs, CLIs, pipelines, adapters)
  • Performance-focused utilities when scripting hits limits

Open-source examples

Applied AI & ML

Linux-first, practical deployments with privacy and reliability guardrails.

Local LLM stacks

  • Ollama + Open WebUI deployments and operations
  • Model hosting, versioning, and resource controls
  • Secure access patterns and logging

ComfyUI workflows

  • Installation, GPU stability, upgrades, backups
  • Workflow hardening and reproducibility
  • Operational docs and handoff

PyTorch support

  • Prototyping assistance and packaging guidance
  • Production-ish runtime considerations
  • Guardrails for privacy, IP, and data residency

Agentic AIOps

Anomaly detection, triage automation, and runbook generation with humans in control.

Anomaly detection

  • Signals, baselines, and alert quality improvements
  • Log/metric/event anomaly pipelines
  • Integration with existing observability stacks

Agentic triage workflows

  • Incident summaries and timeline building
  • Hypothesis generation and suggested next steps
  • Approval gates and audit trails

Runbook generation

  • Draft and update runbooks with human review
  • Ticketing and workflow automation
  • Clear boundaries on what automation can change
Tooling comfort: Modern LLMs including Codex, Grok, and Qwen, selected to fit privacy and deployment constraints.

Embedded & microcontrollers

Firmware and embedded software for constrained systems.

Firmware development

  • Bring-up support and test tooling
  • Hardware/software integration patterns
  • Documentation and handoff for maintenance

Example project

Selected certifications

Starter list; public verification links can be added as desired.

AWS / cloud foundations (Coursera)

  • AWS Fundamentals Specialization
  • AWS Fundamentals: Migrating to the Cloud
  • AWS Fundamentals: Building Serverless Applications
  • AWS Fundamentals: Going Cloud-Native
  • AWS Fundamentals: Addressing Security Risk

Engineering discipline (Coursera)

  • Machine Learning (Stanford University)
  • Machine Learning in Production (DeepLearning.AI)
  • Deep Learning Specialization (DeepLearning.AI)
  • Convolutional Neural Networks (DeepLearning.AI)
  • Sequence Models (DeepLearning.AI)