GET IN TOUCH:
FEATURED ON MY BLOG
- I Spent 3 Days Building a LinkedIn Scraper. Then I Found the Dataset Already Existed
- How I Scraped Modern, Protected Websites in Python Without Managing a Single Proxy
- GitHub Actions Was Free Until It Wasn’t. Here Is My Cost Breakdown.
- Someone Changed My IAM Policy Without Telling Me. Audit Logs Told Me First.
- Nobody Talks About How Expensive dbt Cloud Actually Gets
Portfolio
Cloud Architecture · DevSecOps & Security · LLM/AI in Production · FinOps · Compliance
Architectural Designs
I architect and deliver enterprise-grade platforms — scalable across regions, zero-trust secured, observable and cost-optimized.
Cloud Armor WAF for Kubernetes (GKE)
Layer-7 protection in front of GKE via External HTTP(S) Load Balancer: preconfigured WAF rules (OWASP CRS), rate limiting, geo/IP allow/deny, and bot management. Logs to Cloud Logging/BigQuery, SCC integration; IaC with Terraform and policy-as-code.
Multi-Region GKE Cluster with GitOps & Fleet
Highly available GKE deployment spanning multiple regions, managed with Google Fleet. Config Sync from Git ensures consistent deployments, centralized policy management and multi-region failover.
Enterprise-Grade Solutions
Professional work from automated DevOps and AI assistants to cost-efficient, scalable architectures built for long-term reliability.
FinOps Cost Optimization
Performed a comprehensive cost review across GCP/AWS/Azure: rightsizing, autoscaling policies, storage tiers and egress control. Achieved double-digit savings while keeping SLOs and performance intact.
Intelligent Search & Grounded RAG
Designed enterprise search on Vertex AI Search: secure data connectors (GCS/BigQuery/Docs), schema & relevance tuning, grounded answers for assistants, and observability & SLOs. Added PII filtering and access control to keep answers compliant and trustworthy.
AI Contact Center (Voice & Chat)
Built an AI contact center with Agentspace: voice/chat bots, smart routing and escalation, agent assist, and conversation analytics. Integrated with telephony/CRM; added quality management and GDPR/AI Act controls by design.
DevSecOps Hardening & Supply Chain
Built threat-aware CI/CD with SAST/DAST, SBOM, image signing and policy-as-code. Reduced critical findings prior to production and improved audit readiness.
AI Compliance Readiness
Conducted gap analysis vs AI Act / GDPR; data mapping, DPIA templates, vendor/model inventory and logging controls. Prepared audit artefacts for internal and external reviews.
LLM Guardrails & Evaluation
Implemented prompt guardrails, PII filtering and evals (toxicity, hallucinations, jailbreaks). Built dashboards for continuous quality and regression tracking.
RAG-Based Chatbot Data Uploader
Developed a sophisticated data uploader for RAG-based chatbots, supporting PDF document uploads and employing adaptive chunking strategies. The system autonomously evaluated and selected optimal chunking methods using LLMs, improving chatbot efficiency and response quality while reducing redundancies.
Software Development Quality Platform
Built an AI-powered platform using neural networks to analyze business requirements, user stories, and test cases. The system identified missing or redundant elements, estimated test coverage, and provided actionable insights, improving development efficiency and software quality.
GitLab CI/CD and Microservices Deployment
Developed robust GitLab CI/CD pipelines tailored for multiple environments, integrating ArgoCD for seamless microservices deployment. Designed and maintained Helm charts for deploying complex workloads, including StatefulSets and Deployments. Automated the creation and storage of container images in JFrog, enabling artifact-based reporting and audit trails.
Centralized Log Aggregation System
Enhanced a system to aggregate and structure logs from multiple sources, transforming raw data into actionable insights with real-time visual dashboards. Optimized processing workflows reduced latency by 50% and improved log query efficiency for enterprise monitoring.
ServiceNow Optimization and Customization
Optimized ServiceNow scripts and database queries, improving data validation and processing efficiency by 75%. Streamlined workflows enhanced ITSM performance and reduced system resource utilization.
Responsive and Scalable Web Application
Contributed to the development of an interactive e-commerce platform, focusing on optimizing the user interface to improve responsiveness and usability. Refactored page code to reduce load times and resource usage, resulting in smoother interactions and faster page performance.
Advanced Data Aggregation Optimization
Enhanced an existing real-time data aggregation and visualization system by optimizing ETL pipelines and restructuring code, improving processing speeds by 40%. Refined dashboard designs to deliver more actionable insights for enterprise decision-making.
My Projects
A selection of personal and collaborative projects applying cutting-edge tech to real-world problems.
Cloud Armor Security for GKE Ingress
Integrated Google Cloud Armor with external load balancer to protect Kubernetes applications from malicious traffic. Requests are analyzed against custom security rules (WAF, IP allow/deny lists, geo-based policies). Suspicious requests are blocked with 403 responses before reaching the cluster, while legitimate clients maintain seamless access. Hardened the ingress layer for App 1 and App 2 in Kubernetes.
Multi-Regional GKE Cluster with GitOps
Multi-regional Kubernetes deployment across West 3 and West 4 regions with GitLab Config Sync and Google Fleet. Ensures high availability by spreading workloads (App A, App B, App C) across zones (a, b, c). Unified GitOps delivery pipelines, consistent security policies, and cross-cluster management with Fleet.
Cross-Regional Internal Load Balancer for GKE
Implemented a cross-regional internal load balancer distributing traffic across multiple GKE clusters in regions West 3 and West 4. Traffic from developers is balanced across all zones (a, b, c) using a ROUND_ROBIN policy, with NEG backends per zone. Ensures fault tolerance, resilience, and seamless GitOps delivery via GitLab Config Sync and Google Fleet.
External Global HTTPS Load Balancer for GKE
Implemented an external global HTTPS load balancer for multi-region GKE backends with dual-stack IPv4/IPv6 entry points and EXTERNAL_MANAGED forwarding. Designed host- and path-based routing with URL map controls, custom error response handling, and a dedicated HTTP ACME flow for certificate validation. Hardened edge security with Cloud Armor policies, a restricted TLS 1.2+ SSL policy, managed certificate maps, HSTS response headers, and enriched client geo/request headers. Configured zonal NEG backends across two regions with tuned health checks, session affinity, connection draining, and per-endpoint rate controls for resilient, scalable traffic distribution.
Stock Predict Architecture
Implemented an ML platform on GCP for stock prediction and sentiment analysis. Data flows from Yahoo Finance and public APIs into CloudSQL (Postgres) as historical storage. Vertex AI handles sentiment analysis, while ARIMA models run in optimized GKE pods (8Gi RAM, 4 CPU). CI/CD pipelines with Cloud Build and Artifact Registry ensure fast delivery; GitHub sources are secured with signed images (Cosign), SBOMs (Syft) and secrets in Vault. Infrastructure is automated via Terraform with monitoring and logging integrated for observability.
Dev Env Diff & Flight Recorder
VS Code extension that kills 'works on my machine'. One click → snapshot of your dev environment (runtimes, Docker, ports, env vars, scripts, lockfiles, git, VS Code extensions, shell config, PATH) → diff it against a teammate's or a previous snapshot → Markdown report with concrete shell commands to fix the drift. 100% local, no telemetry, no network calls.
Cloud Armor Security for GKE Ingress
Integrated Google Cloud Armor with external load balancer to protect Kubernetes applications from malicious traffic. Requests are analyzed against custom security rules (WAF, IP allow/deny lists, geo-based policies). Suspicious requests are blocked with 403 responses before reaching the cluster, while legitimate clients maintain seamless access.