AI Architect · Governance · Secure Infrastructure
I build AI products—and the governance and infrastructure that decide whether they're safe to trust once the demo is over. Four decades of running real systems is what I bring to that second part. I work as the architect: I make the design and engineering decisions and direct AI to write the code.
Building an internal AI business-intelligence platform—it consolidates company data and produces AI-generated reports that surface what actually needs attention, with role-based access over the output.
Authoring company policy and guidance for AI use, and designing how the organization accesses LLMs safely and cost-effectively—controlled proxying and vendor strategy instead of ungoverned tool sprawl.
The foundation under both—an AI system is only as trustworthy as the boundaries, access control, and observability around it.
Architect, not implementer: I make the design and engineering decisions and direct AI to write the code—grounded in decades as an applied programmer and systems administrator.
The foundation under the AI work—four decades building and securing real systems at national and multi-petabyte scale.
Designing and operating globally distributed systems. Multi-cloud environments, VPN/proxy infrastructure, high-availability with zero-downtime deployments.
Security Officer at Ukrainian Ministry of Justice—national-scale registries, information security policy. Network security architecture, access control, compliance.
Decades of authoritative and recursive DNS management at scale, with DoH/DoT/DNSSEC support and multi-layer DDoS protection.
20+ years managing email infrastructure—from UUCP era to modern systems. Deep protocol understanding, not just configuration copying.
Past work—the depth behind the architecture above, built and operated at scale.
Architected and managed distributed infrastructure serving tens of thousands of concurrent users. VPN (WireGuard, OpenVPN, IKEv2/IPsec), HTTP/HTTPS proxy systems, DNS filtering with 512K+ domains. Behavior scoring for bot detection, request coalescing, dynamic peer management.
High-performance DNS with modern protocol support. Multi-protocol (UDP/TCP, DoT, DoH), DNSSEC validation and signing, rate limiting, DNS tunneling detection, multi-layer DDoS protection.
Built OpenStack cloud infrastructure from ground up. Managed Swift storage cluster, complex network topology across 15 racks of physical and virtual servers. DDoS mitigation at scale.
Production services I designed and specified, implemented with AI—proof the method ships real systems. Ran on ~400 servers serving real traffic.
HTTP/HTTPS proxy with flexible routing—multiple upstreams, outgoing IP selection per request. Behavior scoring system for intelligent bot detection with heuristics based on connection patterns, request velocity, and TLS fingerprinting. Built-in Prometheus exporter, pluggable authentication (BasicAuth, REST API, RADIUS, ephemeral tokens), request coalescing to prevent thundering herd.
Two-component system replacing legacy PHP. bifrost-cm: Connection manager for WireGuard, OpenVPN, IKEv2/IPsec—authentication, session tracking, IP pool allocation, multi-IP SNAT for traffic balancing. bifrost-dns: DNS proxy with category-based filtering (512K+ domains, 12 categories) according to client profile/preferences, O(1) domain lookup, server-level policy overrides.
Backend API for managing distributed proxy servers. Server self-registration with approval workflow, configuration distribution (40+ parameters per server with hot-reload), port rotation with grace periods, ephemeral authentication tokens with TTL, audit trail for all changes.
Plus custom Prometheus exporters for infrastructure monitoring.
I believe AI-assisted development is the inevitable future of software engineering. Not "AI will replace programmers"—but architects and engineers who leverage AI will outperform those who don't.
My workflow: I design systems, make architecture decisions, write detailed specifications and task descriptions. Claude Code handles implementation. I review, iterate, and take responsibility for the result.
The track record: 17,000+ lines of production Rust—systems that replaced legacy PHP, handled 500K+ concurrent connections, filtered 512K+ domains. The same method now builds AI products and the governance around them.
I help teams put AI into production safely—and keep it there. Engagements are scoped per project; reach out with what you're trying to do.
Policies, guardrails, and a sane plan for how an organization adopts and accesses LLMs—proxying, vendor strategy, cost control—instead of ungoverned tool sprawl.
Designing AI systems that survive past the prototype: access control, failure modes, observability.
The foundation under it all—from someone who ran national-scale and multi-petabyte systems.
Decisions are mine; implementation is AI-accelerated—which is exactly why I can advise on doing it well.