Decoupled web application UI rendering from heavy CPU-bound tasks by building an asynchronous message bus system. Web nodes drop JSON payloads into a Redis queue, which are consumed by stateless, highly isolated C++ compute nodes. Processing occurs entirely in-memory via Linux RAM-disks (/dev/shm) and integrates directly with MinIO object storage, ensuring maximum read/write speeds with zero SSD wear and tear.
Developed and deployed a full-stack web application for the Wanyamapori Sanctuary. Integrated responsive frontend UI components using HTML, CSS, and React with a backend Python/Flask architecture. Managed the deployment pipeline and version control entirely through GitHub, demonstrating end-to-end development capabilities.
+1
AZURE AD | INTUNE | FORTICLIENT | JIRA | LANSWEEPER
Coordinated large-scale enterprise infrastructure initiatives, including the deployment and troubleshooting of secure VPN architectures. Executed critical VLAN security enhancements and managed endpoint lifecycles using Microsoft Intune and Azure Active Directory. Handled systematic PC replacements and automated ticket resolution workflows using JIRA.
Conducted in-office testing of complex network topologies to develop customized client solutions. Spearheaded the implementation of VMware virtualized environments, backup systems, and rigorous VLAN configurations. Bridged the gap between theory and real-world application by hosting practical networking labs for peers. Managed IT asset deployment and inventory tracking to optimize hardware resource allocation.
Architected a continuous integration and deployment (CI/CD) factory utilizing Gitea and Docker runners to build and push images to a private registry. Engineered reproducible, isolated developer workspaces via Coder and Terraform, dynamically injecting ephemeral, cryptographically secure secrets. Automated the end-to-end build lifecycle utilizing Bash scripting and Linux server management, achieving near-zero downtime deployments for stateless containers.
Agentless infrastructure observer that monitors distributed nodes without installing software on target systems. Uses native protocols (SSH, SQL, Unix Sockets) plus lightweight HTTP agents for real-time health dashboards, one-click remediation, and immutable audit logging. Built to replace heavyweight monitoring stacks for small-to-medium deployments.
Content delivery API that separates application logic from storage infrastructure. Tiered caching (browser, CDN, application) reduces database queries by ~95%. Uploads queue to background workers for C++ image optimization and HLS video transcoding. Media streams directly from object storage — no intermediate disk writes.
Self-hosted CI/CD pipeline delivering push-to-deploy without external dependencies. Two-stage workflow: build on push (with BuildKit cache layers), deploy on version tag. Runners stay dormant until repos explicitly opt in. Production targets remain stateless — they pull containers, never hold source code.
Complete guide to building an isolated virtual lab with zero-trust remote access. Dedicated router VM handles firewall, DHCP, and NAT for a private virtual network. Encrypted mesh VPN for connectivity — no port forwarding, no dynamic DNS. Self-hosted remote desktop relay keeps all traffic off third-party servers.
Symmetric encryption utility for directory-level file protection. Toggle operation: run once to encrypt, run again to decrypt. Auto-generates keys, detects encryption state, and protects its own files from encryption. Built for quick field use on sensitive directories.
Distributed infrastructure defined as code. Four-layer architecture: gateway (reverse proxy + WAF), application (event-sourced CMS), data (relational DB + S3 object storage), and observability (centralized logging + metrics). Zero-trust access control via mesh VPN identity verification — no services exposed directly to the internet.
Can scarcity pressure reveal bots? A behavioral biometrics platform that studies how humans and automated agents behave differently under time-limited auction conditions.
Dutch Auction endpoints create artificial scarcity, inducing cognitive load that exposes behavioral differences between human users and bots. A Random Forest classifier trained on 47 behavioral signals (mouse dynamics, keystroke timing, scroll patterns, decision latency) distinguishes automated traffic from organic users. All data handling is FADP-compliant — behavioral signals are processed in-session and never stored as PII.
End-to-end music and events platform — from content creation through multi-region delivery, built on entirely self-hosted infrastructure.
redcup.net is a music/events platform (Next.js 16, TypeScript, Tailwind v4) running on self-hosted infrastructure across multiple regions. The stack includes a C++ media processing engine (libvips + FFmpeg), event-sourced CMS with webhook-driven cache invalidation, tiered Redis caching, and S3-compatible object storage. Dual-market geo-routing handles payment processing across jurisdictions. Entire platform deploys through a private GitOps pipeline — no external CI/CD dependencies.
How small businesses can own their entire software delivery pipeline — from source control to production — without third-party dependencies.
Most SMEs rely on GitHub Actions, Vercel, or Netlify for deployment — creating vendor lock-in and exposing source code to external systems. This case study documents a fully self-hosted alternative: private source control, private container registry, host-mode CI/CD runners, and SSH-based zero-downtime deployment. Production servers remain stateless — they pull containers but never hold source code. The entire pipeline costs less than a single SaaS CI/CD subscription.
