cloud security · agent tools · operational boundaries
I work where cloud security, networks, and agent tools meet: permissions, state, logs, evidence, rollback, and the handoff to people who have to operate the thing after the demo.
Concrete help with systems that are already messy or about to become that way. The output should be something your team can use.
A practical review of account structure, network paths, IAM blast radius, logging, detection, migration guardrails, and rollback paths.
Typical output: prioritized findings with risk, evidence, and concrete remediation steps
Design and build an MCP or agent-facing integration with read-only defaults, clear tool scope, authentication handling, pagination, rate limits, tests, and handoff notes.
Typical output: working MCP server or integration with explicit tool schemas
Turn a proposed AI workflow into an implementable design with identity, tool boundaries, review loops, evidence, fallback paths, and explicit non-goals.
Typical output: workflow architecture with trust boundaries and tool permissions
Build or review automation that turns cloud-security decisions into repeatable checks, runbooks, scripts, Terraform patterns, or operational dashboards.
Typical output: automation backlog split by risk and execution cost
A few proof points for the way I work: bounded tools, operational judgment, and preparation that reduces surprise.
Built a read-only MCP server that lets AI agents query Cisco Firepower Management Center without handing them unsafe write paths.
Proof: Public GitHub repository; designed around Cisco FMC API realities like short-lived tokens and refresh limits.
Worked close to large production cloud environments, support paths, migrations, managed-service behavior, and customer-facing operating constraints.
Proof: Practical work across VPCs, load balancing, DNS, private connectivity, streaming/search services, operational reviews, incident preparation, and migration planning.
Pre-simulated a redundant Point of Presence from Cape Town using GNS3 and VMware, then deployed it in a mobile-network data center in 72 hours with no prior physical access.
Proof: Redundant PoP delivered in three days after remote simulation.
I started with systems where bad assumptions have weight. That still shapes how I look at infrastructure.
The hard parts are rarely the diagram. They are identity, network paths, managed-service behavior, quotas, logs, and rollback.
I build AI workflows with explicit tool scope, safe defaults, review loops, and evidence a human can check.