Engineering · Platform
Platform engineering is the layer that sits between developers and raw infrastructure. Done well, it gives every team paved roads — opinionated IaC modules, service templates, CI/CD pipelines, and observability defaults that are the obvious first choice rather than the only one. The work I do here is shaped by that view: build the internal developer platform, instrument it, harden it, and treat the engineers consuming it as the actual customers — so onboarding takes minutes, environments are reproducible from a pull request, and the system warns you before users do.
At Periteleios I designed and managed Terraform modules for cross-platform AWS provisioning — reusable IaC with clean interface contracts that enforced consistency across every environment. Modules are versioned, reviewed, and tested the same way application code is, so the production environment is reasoned about from a pull request, not from someone’s laptop history.
At Lybertine I own CI/CD pipelines across GitHub Actions and GitLab CI, governing how code moves from development to production across microservices. GitOps tooling — Argo CD and Flux — keeps cluster state declarative and audit-able, and deployment standards live in version control alongside the templates that fan out to every team.
EKS and GKE for the workloads that warrant orchestration, Helm charts for the reusable deployment surface, and Docker Compose for the local-dev story. Containerised deployment workflows are part of the paved road, not a per-team reinvention.
At Upfirst I owned observability automation — built monitoring, alerting, and incident-detection infrastructure that surfaced issues to engineers before they reached customers, reducing MTTD on production incidents. Prometheus, Grafana, ELK, Datadog, and OpenTelemetry — the right tool for the workload, wired in from day one rather than retrofitted after the first outage.
Secure build pipelines, secrets management, least-privilege IAM, and Linux server hardening (UFW, Fail2ban, Nginx, TLS via Let’s Encrypt) — security treated as a default state of the platform rather than a feature added at the end of a roadmap. The platform should make the secure path the easy path.
Runbooks, onboarding materials, and internal documentation that compound — turning one engineer’s context into the team’s shared baseline. The platform earns its keep when a new team can ship to production in hours, not weeks, and when the questions that used to need a Slack ping have an answer in the docs.
The platform stack is opinionated where it matters and pragmatic everywhere else. Cloud-agnostic by design, GitOps-native, and observable end-to-end.
A platform earns its keep by giving teams paved roads — opinionated templates, IaC modules, and CI/CD pipelines that are the obvious default, not the only option. Lock-in breeds resentment; defaults that just work breed adoption.
If a developer has to file a ticket and wait, the platform has failed at its job. Onboarding time, environment lead time, and self-service completion rate are the metrics that matter — not how clever the underlying topology looks on a diagram.
Engineers are the customers. The backlog is sized by their pain, not by infrastructure purity. I track adoption, gather developer feedback, and prioritise the things that unblock teams — even when the unglamorous fix is the right one.