I build production-realistic infrastructure and Kubernetes-native platforms โ with security baked in from day one, not bolted on afterward.
- Platform Engineering โ designing Kubernetes platforms that other engineers can actually build on top of (GitOps, self-service, sane defaults)
- DevSecOps โ shift-left scanning, admission control, and runtime security as a standard part of every deployment pipeline, not an afterthought
- Infrastructure as Code โ Terraform-first, cost-conscious, reproducible environments
- Cloud-native Architecture โ event-driven systems, autoscaling, and observability on Kubernetes
- Software Supply Chain Security โ SBOM generation, image signing, and artifact verification with Syft & Cosign
I learn best by building real, end-to-end systems rather than isolated tutorials โ every repo below runs on a live cloud environment, gets destroyed and rebuilt, and is intentionally over-engineered on the security side because that's the part most portfolios skip.
| Project | What it demonstrates |
|---|---|
| kafka-and-security-lab | Event-driven architecture (Kafka + KEDA) on AKS with a full DevSecOps pipeline: Trivy, Checkov, Kyverno, Falco, Velero, GitOps via ArgoCD |
| k8s-gitops-lab | GitOps workflow with Helm & ArgoCD on Kubernetes |
| k8s-operator-lab | Production-style Kubernetes Operator: CRD, reconciliation loop, OwnerReferences |
| vault-cicd-lab | HashiCorp Vault + GitHub Actions โ secrets management and CI/CD integration on Kubernetes |
| observability-lab | Terraform + Ansible provisioned k3s with Prometheus, Grafana, Loki, and SLI/SLO/SLA implementation |
| terraform-lab | Azure infrastructure as code with Terraform, PostgreSQL |
Languages & OS
Cloud
Containers & Orchestration
CI/CD & GitOps
IaC & Configuration Management
Observability
Security & Compliance
Data & Messaging
Backup & DR
B.Sc. Computer Science โ University of Messina ๐ฎ๐น







