Technology
The tools behind the work
A working list of what I use, grouped by category and tagged by how close I am to each. Core means I run it daily. Fluent means I’ll pick it up without ceremony. Familiar means I read it well and have shipped with it, but it’s not where I’d default.
cloud platforms
Cloud Platforms
Most of my work lives on AWS, with regular GCP engagements and occasional Azure. I pick the cloud that fits the customer, not the one I prefer.
AWS
Primary cloud for the majority of my engagements; deep on EKS, networking, IAM, and FinOps.
GCP
Strong on GKE, Workload Identity, and BigQuery-adjacent platforms.
Azure
AKS, Azure DevOps, and Entra ID; less frequent but well-trodden.
containers orchestration
Container & Orchestration
Kubernetes is the substrate I spend the most time on. Production-grade clusters, GitOps deploys, autoscaling, and the operational maturity to run them without drama.
Kubernetes
Production clusters, multi-tenancy, upgrade discipline, security baseline.
EKS
GKE
AKS
Docker
Image hardening, multi-stage builds, distroless bases.
Helm
Chart authoring and library charts; opinionated about when not to use it.
ArgoCD
App-of-apps, ApplicationSets, sync waves, drift detection.
Flux
Karpenter
Pool design, disruption budgets, consolidation tuning.
infrastructure as code
Infrastructure as Code
Terraform is the default; OpenTofu for new work where that fits the customer. Pulumi when the team has a strong reason to write infra in TypeScript or Go.
Terraform
Module catalogues, workspace strategy, policy as code, drift detection.
OpenTofu
Pulumi
Used selectively where TypeScript/Go infra is the right fit.
I read it; I don't recommend new work in it.
Crossplane
Self-service infrastructure compositions for platform teams.
ci cd
CI/CD
Pipelines that are fast, deterministic, and trustworthy. I have no religion about CI tools; I pick what fits the team.
GitHub Actions
Default for most teams; reusable workflows, layered caching, OIDC into cloud.
GitLab CI
Buildkite
Strong choice for heavy integration tests or self-hosted runners.
CircleCI
Argo Rollouts
Canary and blue-green progressive delivery on Kubernetes.
Flagger
observability
Observability
SLOs grounded in user journeys, alerting that pages people only when it matters, distributed tracing across services, and logs as a managed product rather than a dumping ground.
Prometheus
Metrics, alerting rules, recording rules, federation for multi-cluster.
Grafana
Dashboards designed to answer questions, not to look impressive.
Datadog
Used heavily; opinionated about how to keep the bill from running away.
Honeycomb
Strong choice for trace-driven debugging cultures.
OpenTelemetry
Instrumentation standard; collectors, sampling strategy, exporters.
Loki
Tempo
New Relic
databases
Databases & Streaming
The boring half of reliability. Backup and restore that's tested, migrations that don't lock, replication that doesn't lag, and event pipelines that don't fall over at peak.
PostgreSQL
HA topology, logical replication, online schema change with pgroll, performance tuning.
MySQL
gh-ost for online schema changes; ProxySQL for connection management.
Redis
Caching strategy, sentinel/cluster, eviction policies tuned to workload.
MongoDB
Kafka
Topic design, consumer group strategy, lag monitoring, schema discipline.
RabbitMQ
languages
Languages
Languages I write in regularly for tooling, automation, and platform code. I don't write product code in any of them as part of an engagement.
Python
Most of my automation and tooling; data work and ML platform integration.
Go
Operators, controllers, CLI tooling, performance-sensitive platform code.
TypeScript
Full-stack apps, internal tools, Pulumi programs, AI/agent code.
JavaScript
Bash
Where the right answer is genuinely a shell script.
I read it and contribute to it; not my primary language for new tooling.
frontend fullstack
Frontend & Full-stack
The stack I use for building product apps, marketing sites, internal tools, and admin dashboards.
Next.js
App Router, server components, server actions, edge + Node runtimes.
React
Server and client components; React 19 with concurrent rendering.
TypeScript
Strict mode end-to-end across UI, API, and infrastructure.
Tailwind CSS
v4 with CSS-variable design tokens.
Node.js
API routes, background workers, MCP servers.
Vercel
Edge deployment, ISR, OG image generation, env management.
Cloudflare
Workers, R2, D1, Pages, and Zero Trust.
Stripe
Subscriptions, metered billing, Tax, customer portal.
Resend
Transactional email + inbound parsing.
ai stack
AI & Agents
Tooling for production AI features — RAG, agents, evals, and the orchestration that keeps them honest.
OpenAI
GPT-4 / GPT-4o family, function calling, structured outputs.
Anthropic
Claude 4 / 3.5 Sonnet for reasoning-heavy and coding workloads.
Gemini
Long-context retrieval and Vertex AI agent builds.
MCP
Model Context Protocol servers exposing data to AI clients.
LangChain
Used selectively when the orchestration earns its weight.
pgvector
Postgres-native embeddings; default RAG store for most teams.
Pinecone
Managed vector store at scale.
Ollama
Local model evals and dev workflows.
Hugging Face
vcs collab
VCS & Collaboration
Where the code lives and how the work gets coordinated.
Git
Worktrees, rebase discipline, monorepo with sparse checkout when sensible.
GitHub
Actions, Codespaces, branch policies, CODEOWNERS.
GitLab
Linear
Notion
Slack
security
Security
Security baked into the pipeline. Threat modelling, supply chain integrity, secrets discipline, and runtime defence — without slowing engineers down or generating dashboards nobody reads.
HashiCorp Vault
Dynamic secrets, PKI, transit, integration with Kubernetes auth.
Trivy
Container, IaC, and filesystem scanning in the pipeline.
Snyk
Cosign
Image signing and verification, SLSA provenance, keyless with OIDC.
OPA
Policy as code for IaC, admission control, and authorisation.
Falco
Runtime threat detection on Kubernetes.
Don’t see your stack?
These are the tools I lean on most. The work itself rarely depends on a specific tool — if your stack looks different, it’s usually fine.