Things I’ve actually shipped.

Hand-rolling signature, attestation, and encryption for every contract is slow, error-prone, and impossible to scale across an enterprise team.

• Built contract-go, a Go SDK that handles signing, attestation, and encryption end-to-end.
• Wrote contract-cli on top of it so platform teams can generate contracts without touching the cryptography.
• Redesigned the Terraform provider against the SDK and the latest Terraform plugin framework.
• Took the lead on contract-go, contract-cli, and terraform-provider-hpcr across the open source roadmap.

• Adopted across every IBM Confidential Computing product line.
• Recognised as IBM TCAP Significant Contributor in 2025.
• Recognised as IBM TCAP Leader in 2026.

Most engineers either skip a portfolio or rent one from a template host. I wanted something I could fully own — code, infrastructure, certificates, and all.

• Built the portfolio app in Python and packaged it for Docker Compose.
• Wrote Terraform and Ansible to provision AWS, issue SSL certificates, and deploy the stack reproducibly.

A fully self-hosted, open source portfolio that I can rebuild from scratch with a single pipeline run.

The default Pi images carry far more than most embedded use-cases need — slower boots, bigger images, more attack surface.

• Stripped the base image down to the kernel modules and userland the target hardware actually uses.
• Compiled a custom kernel and verified boot reliability across Pi 4 revisions.

A small, fast-booting OS — and a much sharper mental model of Linux from the bootloader up.

Off-the-shelf dev boards are great for prototyping, but they're not laid out for a real production run.

• Designed the schematic and PCB layout in EDA, optimised for SMD assembly.
• Brought up the first batch by hand and validated it against the reference design.

A clean, manufacturable board — and a first-hand walk through the full path from idea to physical hardware.