Selected Work

A decade of keeping large Linux fleets honest.

A working summary of the infrastructure and reliability problems I've owned, at scale, under production constraints, and usually during the kind of migration that has to coexist with the old system.

Case study 01

Configuration delivery for a 500K-host Linux fleet

Senior SRE · control plane, convergence, rollout safety

The constraint

Desired state had to converge across more than 500,000 production hosts, heterogeneous populations, and unreliable network segments. That meant drift detection, convergence scheduling, and rate-limiting across host groups that didn't behave the same way twice.

The work

The interesting work was the parts that don't show up in an architecture diagram, multi-day rollout windows, configuration graph validation, and giving operators bounded change, observable progress, and a clear way to stop before a partial failure became a fleet event.

What mattered

The system had to be safe enough that an on-call engineer could understand what it was doing, intervene without guessing, and let routine maintenance stay routine, even on a Sunday morning.

Scale
500K+ production hosts
System
Linux configuration control plane
Focus
Convergence, safety, ops discipline

Case notes 02–05

More selected work

Deployment safety and rollout governance

Case 02 · rollout governance

The safety layer around fleet-wide configuration and software rollouts, canary stages, blast-radius controls, automated rollback triggers, and moratorium enforcement during freeze windows. The point was to make safe deployment the default path, not something that required heroics from the on-call.

Progressive rollout gates, automated health-check integration, fast detection of bad config, and post-rollout validation that runs without human intervention.

Observability and incident response

Case 03 · on-call and reliability practice

Built and operated observability pipelines across OpenTelemetry, Grafana, Splunk, and KQL-based investigation tooling. Defined SLOs and error budgets for critical services, shifting the reliability conversation from subjective “is it healthy” to measured trade-off decisions.

Ran incident response for fleet-scale Linux operations, on-call triage, postmortem culture, and turning every meaningful incident into a systemic improvement. Particular focus on postmortems that produce durable defaults instead of paperwork.

Stateless modernization and Kubernetes readiness

Case 04 · state decoupling

Led infrastructure modernization to remove node-local state from services, enabling migration toward containerized and Kubernetes-based platforms. Designed self-rehydrating service patterns and recovery-oriented defaults so services could restart on any available host without data loss.

Modernization without state decoupling is just re-platforming a problem. The hard work is designing for recovery from the start, not bolting on reliability after the migration is done.

AI-assisted configuration impact analysis

Case 05 · configuration impact analysis

Experimental tooling that applies LLM-assisted analysis to configuration dependency graphs, helping engineers understand the downstream impact of a proposed config change before it ships. The goal is operational decision support, not automation for its own sake.

Practical applications include configuration conflict detection, rollout impact previews, and debugging assistance that reasons across the full configuration graph rather than treating changes in isolation.

Earlier work

Before the current role, Linux system administration and web hosting early on, then years running fleet patch management, HAProxy/Keepalived load balancing, and OpenStack provisioning for enterprise Linux environments, then SRE-style on-call ownership for a production dispatch platform. Different scale each time, same operational instincts.

Full resume  ·  LinkedIn