Low-latency Global Serverless App
Multi-region, low-latency serverless logic with access to the same dataset, also at low latency. Stateful data is replicated cross-region using ElastiCache replica sets. Highly secure and DDoS-resiliant solution.
Building secure, resilient and observable infrastructure at scale. Security isn’t a layer — it’s the foundation.
I’m a DevSecOps engineer focused on shipping infrastructure that is secure by design, not security-patched after the fact.
Over the past seven years I’ve architected and operated production workloads on AWS, led the adoption of GitOps and Infrastructure-as-Code practices across engineering teams, and built security pipelines that catch misconfigurations before they ever reach a cloud provider.
My philosophy: threat-model first, automate everything, and treat your security posture as code — versioned, reviewed, and tested.
Interactive infrastructure diagram. Click any resource to explore its configuration and security properties.
Multi-region, low-latency serverless logic with access to the same dataset, also at low latency. Stateful data is replicated cross-region using ElastiCache replica sets. Highly secure and DDoS-resiliant solution.
Practical write-ups on DevSecOps — infrastructure security, IaC patterns, and operational lessons learned the hard way.
Most IAM policies I’ve reviewed violate least privilege in subtle ways — wildcard actions, missing condition keys, over-broad resource ARNs. Here’s the audit checklist I use and how to fix the most common issues.
Read more →Getting a perfect score on SecurityHeaders.com isn’t just copying header strings from Stack Overflow. Understanding what each directive blocks — and why — is the difference between a real policy and a false sense of security.
Read more →
Shifting security left means catching misconfigurations before
terraform apply runs. Here’s the CI pipeline I wire into
every IaC project — tfsec, Checkov, OPA policies — and how each layer
catches a different class of mistakes.