Currently an Experienced DevOps Engineer at Airties, where I build and maintain DevSecOps pipelines, integrate SAST, SCA, and DAST workflows across web, mobile, and embedded projects, and provision AWS infrastructure with CDK. Mostly Python, with a focus on making security part of the development process rather than an afterthought.
A small plugin for on-premise Gerrit that scans incoming code changes for things that look like exposed credentials. Findings either flag the review or block the merge, a quiet safety net so secrets don't end up on main.
A Python tool that takes the weekly SAST, SCA, and DAST scan output and turns it into a readable summary, grouped along OWASP Top 10 and CWE Top 25 lines.
The AWS footprint behind a handful of internal tools (EC2, ECS, S3, RDS, ALB, Route 53, VPC) defined in AWS CDK with Python. Mostly an exercise in turning a pile of click-ops decisions into something reviewable and reproducible.
An Ansible-driven Docker image caching setup across our deployment locations, so the same images don't get pulled across the world every time for each machine. Deployment time came down by about 75%, one of those changes that felt small until you measured it.
I started out in QA, writing tests by hand, then building the framework that wrote them. Over time that evolved into DevSecOps: integrating BlackDuck, Coverity, and Polaris into CI/CD pipelines, running daily DAST scans across web, mobile, and embedded projects, and writing the Python tooling that turns a week's worth of scan output into something a team can actually act on. At Airties I've also built a secrets-detection plugin for Gerrit, provisioned cloud infrastructure with AWS CDK, and optimised Jenkins pipelines that teams depend on every day.
The thread running through all of it is the same: automation should reduce friction, not create it, especially when security is involved. I'm a curious engineer by default, comfortable taking ownership of complex systems and operating across DevOps, application security, and software engineering. If you're building something in DevSecOps or platform engineering, I'd love to talk.