Index / 01 — 04

SELECTED ENGINEERING WORK

Systems designed across backend engineering, cloud infrastructure, institutional digitization, esports, and security.

01Cloud-Native Platform Engineering

OpenHost

A Node.js and TypeScript control plane for provisioning tenant-scoped applications through asynchronous workers, GitOps, FluxCD, and Kubernetes.

Role — Founder & Platform Engineer
Technology
Node.js
TypeScript
Express.js
MongoDB
Redis
BullMQ
Socket.IO
Docker
Kubernetes
FluxCD
GitOps
Key Engineering Areas
Tenant-scoped application provisioning
Asynchronous deployment workflows
Desired-state management
Kubernetes manifest generation
GitOps reconciliation
Background job visibility
Real-time deployment status
Explore Architecture
System.Flow
CLIENT
NODE.JS API
MONGODB STATE
REDIS / BULLMQ
PROVISIONING WORKER
GITOPS → FLUXCD → K8S
02Institutional Workflow Engineering

University Transcript Digitization

Transforming manual university transcript processes into structured digital workflows for applicants and administrators.

2,000+ student transcript records digitized and uploaded.
Engineering Responsibilities
Workflow architecture
Backend APIs
Authentication
Database workflows
Request status management
Payment-related processes
Administrative integrations
Deployment support
Read Case Study
Before → After
APPLICANT PORTAL
REQUEST API
WORKFLOW STATE
ADMINISTRATIVE PORTAL
DIGITAL SIGNING
COMPLETION
03Real-Time Backend Systems

Legacy Tournament Manager

Backend architecture for structured esports tournament management, including player qualification, matchmaking, match reporting, disputes, standings, and real-time updates.

Technology
Node.js
TypeScript
Express.js
MongoDB
Redis
BullMQ
Socket.IO
Systems
Player registration and qualification
Tournament seasons and competition cycles
Groups and matchmaking
Match reporting and result confirmation
Evidence submission and dispute resolution
Administrative review
Standings
Explore System Design
System.Flow
SEASON
CYCLE → GROUPS
PLAYERS → MATCHMAKING
MATCH SUBMISSION
ACCEPT OR DISPUTE
ADMIN REVIEW → STANDINGS
04Cloud Infrastructure Security

Reducing Public Infrastructure Exposure

A security hardening initiative using Tailscale private access, Wazuh SIEM monitoring, and Tetragon eBPF runtime visibility.

Authentication-related alerts reduced from 55,000+ observed to approximately 3–4 per day after access hardening.
Technology
Tailscale
Wazuh
Tetragon
eBPF
Kubernetes
K3s
Linux
Nginx
TLS
Security Areas
Private administrative access
Authentication monitoring
Scanning activity detection
Kubernetes runtime visibility
Process execution & lineage monitoring
Privilege behaviour
Filesystem and network activity
Read Security Case Study
Before → After
ENGINEER
TAILSCALE IDENTITY LAYER
PRIVATE NETWORK
PRODUCTION SERVERS
K3S WORKLOADS
WAZUH + TETRAGON