Consulting & advisory
Platform engineering
for teams running
serious GKE workloads.
Your team is running Kubernetes in production. But nobody truly owns the platform layer. IAM is sprawling, alert fatigue is real, Terraform state is a mess across three projects, and the deploy process relies on institutional knowledge that lives in one engineer's head.
I've spent the last decade building and operating GCP infrastructure and GKE clusters across enterprise environments — from IBM storage to healthcare to financial services. I work with engineering teams that need a senior platform engineer without a full-time headcount.
Is this your situation?
- You're on GKE and GCP but your cluster setup grew organically — no consistent approach to namespacing, RBAC, node pool sizing, or workload isolation.
- Your Terraform is working, but barely — monolithic state, manual applies, no clear ownership between teams, and upgrades that nobody wants to touch.
- Security is a shared assumption — IAM roles broader than they should be, secrets in environment variables, no systematic way to handle rotation or audit.
- Incidents take too long to diagnose — observability is patched together, runbooks are stale, and post-mortems don't stick.
- You need a senior infrastructure opinion on an architecture decision, a migration, or an incident — without waiting for a six-week procurement cycle.
How I work
Fixed scope
Platform audit
A structured review of your GKE setup, GCP IAM posture, Terraform organization, and CI/CD pipeline. You get a written findings doc and a prioritized remediation list.
2–3 weeks
Fixed price
Good first engagement
Project
Sprint embed
I join your team for 2–6 weeks to execute a specific infrastructure project — a migration, a security hardening push, a CI/CD rebuild, a DR implementation.
2–6 weeks
Weekly rate
Defined deliverable
Ongoing
Advisory retainer
Async access to a senior platform engineer. Architecture reviews, PR feedback, incident support, and a standing weekly or biweekly sync. No surprise scope creep.
Monthly retainer
Defined hours
Min. 3-month term
Recent work
Red Team Exercise: Unpatched Grafana to Cluster Takeover
Full attack chain from external access to cluster admin on a production GKE environment.
GCP IAM Hardening: What We Actually Did
Concrete steps from a real security hardening initiative — not theory, what we shipped.
Root Cause Analysis: WebSocket Errors During a Rainbow Deployment
Three symptoms, one root cause — tracing a production incident through deployment overlap.
Designing Disaster Recovery for GKE Workloads
What we actually built for multi-region DR on GKE — tooling, runbooks, failure modes.
Auto-Merging Terraform PRs with No-Op Plans
Clearing the Terraform PR queue by automating the safe subset of reviews.
I'm a platform engineer and DevOps practitioner based in Philadelphia. I've worked across GCP, AWS, and Azure, with the deepest production depth on GKE and GCP. My background spans enterprise environments at IBM and Equifax, healthcare infrastructure, and early-stage product teams.
I write about what I actually work on — production incidents, infrastructure migrations, security engineering, and platform design — at cloudista.org. The writing is the portfolio.
I'm a polyglot engineer. I default to Python and Go for infrastructure tooling, but I work in whatever the codebase requires. I'm not interested in rewriting your stack — I'm interested in making it operationally sound.
Get in touch
Tell me what you're working with. I'll respond within one business day. If it's not a fit, I'll say so directly and point you somewhere useful if I can.