Executive Summary
This page is a guided path through the highlights. Each section links to deeper content in the garden if you want the full story.
At a Glance
I’m a software architect with over 25 years of experience, currently a Principal Software Engineer at Decian (an MSP), where I lead architecture and delivery across the full stack — from bare metal infrastructure through Kubernetes to client-facing applications. I design and build systems that scale without scaling operational complexity: multi-tenant platforms, on-prem infrastructure, security pipelines, and the observability that ties them together.
I’ve been working remotely across geographically distributed teams for over 15 years. In 2011 I joined a Hong Kong-based team as a remote developer in the US, collaborating daily across a 12-hour time zone gap. By 2014 I was managing direct reports in Hong Kong, and every role since has been fully remote. Remote work isn’t something I adapted to—it’s how I’ve built my career.
I’m hands-on. I write code, make architecture decisions, and own the outcomes. I also lead a team, which means balancing building things myself against enabling others to build well.
More about how I work and what drives me →
Technical Skills
A concise view of what I work with today. See Skills for depth, tradeoff analysis, and how each fits into my work.
Languages: Python, TypeScript/JavaScript, Go, Rust, Shell/Bash
Platform & Infrastructure: Kubernetes, Talos Linux, Proxmox, Ceph, Terraform, Ansible, ArgoCD, Cilium, cert-manager
Data & Pipelines: OpenSearch, Logstash, Kafka, InfluxDB
Security: Wazuh, IRIS, MISP
Observability: Prometheus, Grafana, Loki, Vector, Alertmanager
Networking: HAProxy, Nginx, Traefik, Keepalived (VRRP), WireGuard
Web: Next.js, React, Chakra UI, IndexedDB
Patterns: Event-driven pipelines, multi-tenant isolation, immutable infrastructure, local-first sync, GitOps delivery. Full pattern breakdown →
Career
| Period | Role | Company | Focus |
|---|---|---|---|
| 2020 – Present | Principal Software Engineer | Decian | Platform engineering, security operations, infrastructure, full-stack delivery (remote) |
| 2018 – 2020 | Principal Software Engineer | PeopleFluent | Enterprise LMS, SCORM modernization, legacy migration (remote) |
| 2011 – 2018 | Mobile Development Manager | NetDimensions | Cross-platform offline-first mobile apps; remote on Hong Kong-based team, managed HK direct reports from 2014 |
| 2003 – 2011 | Senior Software Engineer | BP-Tech | E-learning platforms for Fortune 100 clients, enterprise integrations |
| 1998 – 2001 | Web Developer | MossWarner | Web development, e-commerce, client delivery |
Key Projects
These are selected highlights from my portfolio. Each links to a full write-up with problem context, constraints, decisions, and outcomes.
-
Multi-Tenant SIEM Platform — Architected a shared Wazuh/OpenSearch security monitoring platform serving 1,000+ endpoints across tenants. Used Document-Level Security for strict data isolation without per-tenant index sprawl. Cross-WAN agent enrollment with replay-safe ingestion pipelines.
-
On-Premise Kubernetes Platform — Built a 21-node Kubernetes cluster on Talos Linux (456 vCPUs, 2.67 TB RAM) backed by 62 TiB Ceph distributed storage on commodity hardware. Immutable, API-driven — no SSH, rebuildable from scratch in hours via Terraform. Survived disk and full node failures without data loss.
-
Observability Platform — Built end-to-end pipeline observability (Prometheus, Grafana, Loki) with correlated dashboards across ingestion, processing, and storage stages. Cut incident triage from hours to under 5 minutes. Custom exporters where off-the-shelf instrumentation fell short.
-
Data Pipeline Accountability — Replaced manual spreadsheet-based billing reconciliation with automated same-day overuse detection. Go-based polling agents feeding disconnected CRM and backup systems into Kafka, with stream joins producing unified billing visibility.
-
Edge Proxy with HA Failover — High-availability routing layer with automatic failover within 3–5 seconds via VRRP. HTTPS-only ingress with SNI-based TCP routing — two open ports serving all web-facing services, no cloud load balancer dependencies.
-
“Mission Control” Training Operations Portal — Integrated HubSpot CRM, Airtable, a stateless Rust connector for real-time sync, and an offline-first PWA (Next.js) for field coordinators. Local-first architecture with IndexedDB as primary read source and queued mutations with retry on reconnect.
Leadership Approach
I think of technical leadership as owning decisions and their consequences — not just the diagrams. A few principles I’ve developed through experience:
- Own the architecture. Be accountable for the reasoning, the tradeoffs, and the outcomes. When decisions turn out to be wrong, revisit them openly.
- Reduce operational load. Design systems where the easy path is the right path. Automation, guardrails, and sensible defaults over documentation nobody reads.
- Make decisions measurable. Attach architectural decisions to concrete metrics so “I think this will work” becomes “we’ll know this works when X shows Y.”
- Security that ships. Build security into the platform as guardrails developers don’t have to think about, not as friction that creates workarounds.
Let’s Connect
If you’d like to discuss a role or learn more about my work, I’d welcome the conversation.