Projects Portfolio

End-to-end project management of an SLA monitoring platform for an external logistics client. Designed a PostgreSQL data warehouse schema for SLA metrics aggregation, built Power BI dashboards for real-time KPI tracking across P1-P4 priority tiers, coordinated security pentests and vulnerability management, and orchestrated pilot deployment across distributed infrastructure. Managing weekly technical and steering committee meetings with cross-functional teams spanning operations, security, and data engineering.

Leading the enterprise ISO 27001 certification initiative from foundation to audit readiness. Conducting risk analysis workshops and business impact assessments, implementing secrets management policies (A.5.17), hardening production access controls (A.8.32), and building the compliance documentation framework. Coordinating with stakeholders across infrastructure, development, and management to ensure organization-wide alignment on information security practices.

Steering the enterprise AI adoption strategy through a phased approach from experimentation to industrialization. Evaluating AI licensing models (frugal vs enterprise vendor), managing chatbot proof-of-concept pilots, conducting tool selection analysis, and building the decision framework for GO/NOGO gates. Coordinating with product, legal, and technical teams across a 4-phase roadmap spanning research, experimentation, validation, and deployment.

Multi-client SQL Server optimization program combining performance diagnostics and security hardening. Performance track: identifying bottlenecks, query tuning, and infrastructure right-sizing across production environments under load. Security track: automated certificate lifecycle management, connection string security scanning, and TLS enforcement. Developed PowerShell automation frameworks for repeatable diagnostics and remediation across 20+ server instances serving diverse client workloads.

Designing the target monitoring architecture for a multi-site server fleet. Evaluating monitoring platforms (Centreon), alert management hubs (Keep/keephq), and CMDB solutions (Jira Assets) through structured POC deployments. Conducting live gap verification audits against current monitoring coverage, producing architecture decision records, and planning phased rollouts. Ensuring full-stack observability across physical servers, virtual infrastructure, and application layers.

Building a zero-trust secrets management bridge between the Passbolt password manager and development toolchains. Rust-based CLI and MCP server with JWT authentication, OpenPGP decryption, and Aho-Corasick output scrubbing to prevent accidental secret leakage. Designed for seamless integration with AI coding assistants while enforcing strict secret isolation boundaries. Includes security hardening with zeroize memory handling, panic sanitization, and comprehensive test coverage.

Built a full-stack portfolio website in Rust as a learning project, deliberately choosing the hard road over Next.js. Features include a theme system with 3 visual themes and 2 color modes (6 combinations), a build-time bilingual blog engine with syntax highlighting, SSR with WASM hydration for fast loads and SEO, and a contact form with honeypot traps and IP hashing. Security hardening includes CSP with nonces, HSTS, container lockdown (non-root, read-only filesystem, dropped capabilities), and Kubernetes network policies. Scored Grade A on external penetration testing. Deployed on K3s with Traefik ingress and Let's Encrypt certificates.