Professional Summary
Independent technologist offering three distinct flat-fee service lines:
Design and deployment of private, air-gapped document intelligence systems for law firms, financial institutions, and regulated enterprises. No cloud APIs, no shared infrastructure, no data egress. Post-quantum vault encryption (NIST FIPS 203/204). Full build and handoff.
Flat-fee deployment of skr8tr, a sovereign, masterless alternative to Kubernetes for web development teams. 5 MB control plane, no Docker required, post-quantum authenticated mesh. Priced by project scope.
DuckDB pipeline design, Spark/Databricks migration, and S3 data lake architecture for teams overpaying for cluster compute. Benchmarked at 172M rows/second on a single node — no cluster, no JVM. Fixed-scope engagements with signed deliverables.
Former information security analyst with HIPAA compliance and HITRUST audit remediation experience. AWS Certified Solutions Architect. Databricks Certified Developer (Apache Spark, Scala). Available immediately. Remote only. All engagements are flat-fee, scope-defined — no hourly billing, no retainers.
Core Competencies
AI & RAG Architecture
Retrieval-Augmented Generation · LLM · Private AI Deployment · Air-Gapped AI · Legal Document Intelligence · Vector Search · Hybrid BM25/HNSW · Semantic Embeddings · ONNX Runtime · GPU Inference · CUDA · Prompt Engineering · OCR · PDF Processing
Security & Compliance
Post-Quantum Cryptography (ML-KEM, ML-DSA — NIST FIPS 203/204) · AES-256-GCM · Attorney-Client Privilege Architecture · Zero-Trust AI · HIPAA · HITRUST · CrowdStrike · CyberArk · Qualys · Vulnerability Management · Data Sovereignty
Cloud & Infrastructure
AWS (EC2, S3, Glue, Athena) · GCP · Azure · Sole-Tenant Compute · GPU Quota Management · Bare-Metal Linux · NixOS · Arch Linux · Kubernetes · Distributed Systems · Workload Orchestration · VPS Administration
Data Engineering
Apache Spark 3.5 (Scala) · Functional Programming · Databricks · DuckDB · Parquet · Columnar Analytics · Multi-Cloud Data Pipelines · ETL Architecture · Distributed Processing
Languages & Frameworks
Rust · C / C23 · Python · Scala · SQL · Bash · Nix
Professional Experience
- Architected a complete private RAG pipeline: three-tier PDF extraction (native text, layout parsing, OCR) → legal-aware document chunking at section boundaries → high-dimensional semantic embeddings (ONNX Runtime, CUDA) → hybrid vector search (HNSW + BM25) → on-device LLM generation — zero external API calls, zero data egress
- Deployed and benchmarked on NVIDIA A100 80GB SXM: 1.7 second average query latency across a 150-document mixed-format legal corpus (PDF, DOCX, PNG, TIFF including handwritten deposition notes via OCR)
- Implemented post-quantum vault encryption: AES-256-GCM document shards with ML-KEM-768 (Kyber) key encapsulation and ML-DSA-65 signed, append-only audit chain — every access event cryptographically verifiable
- Engineered legal-aware chunking that splits at ARTICLE / SECTION / WHEREAS boundaries rather than arbitrary character counts, preserving clause context for accurate retrieval
- Demonstrated against 150-document corpus: NDAs, MSAs, depositions, settlements, IP assignments, handwritten notes — 20/20 queries answered with verbatim source citations; zero hallucinations without explicit flagging
- Full-stack ownership: Rust (ra-rag, ra-gateway, ra-vault, ra-crypto, ra-audit, ra-ingest crates) + Leptos WASM frontend + GCP sole-tenant infrastructure
- Designed and built skr8tr — a sovereign web microservices orchestration platform targeting web development teams who need production-grade deployment without Kubernetes complexity
- 5 MB control plane vs. Kubernetes 600+ MB — no etcd, no Helm charts, no YAML manifests, no platform engineer required
- No Docker/containers required — deploys native binaries, WASM, and full VM workloads directly on GCP infrastructure
- Post-quantum authenticated command propagation: every instruction signed with ML-DSA-65 on transmission, verified on receipt — no unsigned command accepted
- Masterless mesh: no leader election, no single point of failure — any node can coordinate; mesh survives loss of any peer
- Built-in HTTP/2 ingress with TLS termination, Prometheus metrics on every node, and cgroups v2 hard resource enforcement
- Compliance-ready by design: HIPAA / PCI DSS posture built in from day one. Built in C23
- Benchmarked 172 million rows/second — 167 million NYC Yellow Cab records across 48 Parquet files, 5 business queries, wall time 971ms on a single workstation — no cluster, no JVM, no Spark
- Engineered Spark/Databricks → DuckDB migrations with verified before/after benchmarks; documented 5–25× performance gains and 80%+ cost reduction
- Designed multi-cloud columnar pipelines: AWS S3 httpfs, Azure Blob Storage, GCP Cloud Storage — native Parquet, zero-copy reads, no ETL middleware
- Authored a DuckDB C++ extension implementing post-quantum cryptography functions (ML-KEM-768, ML-DSA-65) callable directly from SQL via liboqs 0.15.0 — every deliverable ML-DSA-65 signed for provable chain-of-custody
- Built HazyNet: multi-node Apache Spark 3.5 cluster (Scala, pure functional programming patterns) — deep benchmarking against DuckDB single-node
- Earned Databricks Certified Associate Developer for Apache Spark (Scala) and AWS Certified Solutions Architect (Associate) — both backed by production code
- Automated enterprise hardware deployments via MS SCCM image creation and push
- Administered Active Directory and Office 365 / Teams for a global user base
- Managed CrowdStrike endpoint protection and CyberArk privileged access management
- Governed VMware Horizon VMs and CCURE physical access control systems
- Restored mission-critical Store Down scenarios under pressure to ensure business continuity across retail infrastructure
- Supported virtual servers and in-store systems via VNC and Hyper-V remote control
- Engineered a HIPAA-compliant on-site medical records retrieval system with secure client portals
- Led HITRUST certification audit remediation and HIPAA compliance initiatives firm-wide
- Analyzed security posture using Qualys; led intrusion detection audits and firewall security configuration
- Orchestrated vulnerability management and patch cycles across the full server fleet
- Advanced to Level 3 Linux support; configured VPS environments on PLESK and managed high-traffic Linux servers for 120+ client accounts
- Managed WordPress architecture, security hardening, and VPS configuration at scale
Certifications
Databricks Certified Associate Developer for Apache Spark
Databricks · Scala track
Verify Credential ↗
Education
Western Governors University
Information Technology · 2008–2011 · 3 years completed
Contract Engagement Terms
| Service |
Engagement |
Fee |
| Sovereign RAG / AI Platform (GCP) |
Full build & handoff |
$100,000 flat |
| Sovereign RAG / AI Platform (On-Prem) |
Full build & handoff |
$125,000 flat |
| skr8tr Web Orchestration |
Project-scope deployment |
Custom quote |
| DuckDB — S3 Data Lake Audit |
1 week, signed report |
$2,500 flat |
| DuckDB — Data Lake Architecture Review |
1 week, signed report |
$4,000 flat |
| DuckDB — Pipeline Migration (single pipeline) |
2–3 weeks |
$5,000–$12,000 flat |