Envoy Gateway authz service
A sub-millisecond JWT extraction layer that turned anonymous request flows into account-attributed ones. Changed what we could see during incidents.
Showcase
Work, selected.
A handful of initiatives I've led or built. Most of this lives inside companies and can't be linked to directly — the summaries here are what I can share publicly. Reach out if you want to go deeper on any of them.
OpenTelemetry standardization
Cross-team initiative to make observability a default, not a per-service lift. Pulled a sprawl of tools into a single pipeline on Alloy.
EKS upgrade path
Collapsed cluster count, leaned into managed features, and took upgrade effort from multi-week-with-a-team to one-week-with-one-person.
Karpenter + Graviton rollout
Replaced managed ASGs with Karpenter, unlocking Graviton without making teams think about node pools. Meaningful cost-per-task reductions.
Company-wide SLA program
Built the underlying data pipeline and calculation methodology for customer-facing SLAs — a prerequisite for enterprise contracts.
Postgres query optimization at scale
Took 30-second full-table scans on large enterprise tenants and brought them under a second without denormalizing the schema.