Infrastructure Architect · SRE · Security
40 years building and securing infrastructure at scale. From national security systems to global VPN networks. Now pioneering AI-assisted infrastructure development—architecting systems, writing specifications, shipping production code with LLMs.
Designing and operating globally distributed systems. Multi-cloud environments, VPN/proxy infrastructure, high-availability with zero-downtime deployments.
Security Officer at Ukrainian Ministry of Justice—national-scale registries, information security policy. Network security architecture, access control, compliance.
Decades of authoritative DNS management. Currently designing enterprise DNS infrastructure with DoH/DoT/DNSSEC support targeting 10-20K QPS with multi-layer DDoS protection.
20+ years managing email infrastructure—from UUCP era to modern systems. Deep protocol understanding, not just configuration copying.
Architecting and managing distributed infrastructure serving tens of thousands of concurrent users. VPN (WireGuard, OpenVPN, IKEv2/IPsec), HTTP/HTTPS proxy systems, DNS filtering with 512K+ domains. Behavior scoring for bot detection, request coalescing, dynamic peer management.
High-performance DNS with modern protocol support. Multi-protocol (UDP/TCP, DoT, DoH), DNSSEC validation and signing, rate limiting, DNS tunneling detection, multi-layer DDoS protection.
Built OpenStack cloud infrastructure from ground up. Managed Swift storage cluster, complex network topology across 15 racks of physical and virtual servers. DDoS mitigation at scale.
Designed and specified production infrastructure services, implemented using AI-assisted development. Running on ~400 servers, serving real traffic.
HTTP/HTTPS proxy with flexible routing—multiple upstreams, outgoing IP selection per request. Behavior scoring system for intelligent bot detection with heuristics based on connection patterns, request velocity, and TLS fingerprinting. Built-in Prometheus exporter, pluggable authentication (BasicAuth, REST API, RADIUS, ephemeral tokens), request coalescing to prevent thundering herd.
Two-component system replacing legacy PHP. bifrost-cm: Connection manager for WireGuard, OpenVPN, IKEv2/IPsec—authentication, session tracking, IP pool allocation, multi-IP SNAT for traffic balancing. bifrost-dns: DNS proxy with category-based filtering (512K+ domains, 12 categories) according to client profile/preferences, O(1) domain lookup, server-level policy overrides.
Backend API for managing distributed proxy servers. Server self-registration with approval workflow, configuration distribution (40+ parameters per server with hot-reload), port rotation with grace periods, ephemeral authentication tokens with TTL, audit trail for all changes.
Plus custom Prometheus exporters for infrastructure monitoring.
I believe AI-assisted development is the inevitable future of software engineering. Not "AI will replace programmers"—but architects and engineers who leverage AI will outperform those who don't.
My workflow: I design systems, make architecture decisions, write detailed specifications and task descriptions. Claude Code handles implementation. I review, iterate, and take responsibility for the result.
The results speak for themselves: 17,000+ lines of production Rust code running on ~400 servers, serving real users. Systems that replaced legacy PHP, handle 500K+ concurrent connections, filter 512K+ domains.