25+ years in IT, from pulling cable to architecting cloud. these days i work independently: cloud infrastructure, security, and fractional IT leadership for teams that need senior help without a full-time hire.
cloud is the through-line. AWS first, Azure when the project calls for it. security is the next chapter: i finished a BS in cloud computing this year and start an MS in cybersecurity and information assurance in the fall. the certifications along the way (AWS, CompTIA, and a few others) came from enjoying the material as much as needing the letters.
before going independent, i spent over a decade running IT and operations for a cloud-based IoT company: infrastructure, security, and compliance through a lot of growth, a full transition to remote work, and more platform migrations than i can count.
off the clock, the same curiosity points at different things. a proxmox homelab behind OPNsense, local LLMs, electronic music in ableton, and a garden that gets more attention than it strictly needs.
i'm open to contract, part-time, and fractional work across cloud infrastructure, IT leadership, and infrastructure security. if something here looks like a fit, i'd be glad to hear from you: hello@sobotrobot.com
mostly things built to answer a question: can this work? how does it actually behave under the hood? what happens if i wire these two together?
tiered AI terminal. the chat on this page, you're using it right now. a local pattern matcher answers common questions instantly, a small LLM can run entirely in your browser if you opt in (type local), and a cloud model handles everything else. built to understand the real tradeoffs of each layer instead of just picking one. type status to see which engine is answering you.
AWS multi-account landing zone. built and deployed a zero-standing-cost landing zone: AWS organizations with structured OUs, IAM identity center for SSO, service control policies, and organization-wide cloudtrail logging to a centralized, access-controlled S3 audit bucket. originally stood up during SAA prep and kept around because it costs nothing and stays useful.
knowledge router. a multi-stage LLM retrieval pipeline for cross-domain research. a claude haiku stage extracts and embeds query signatures with cosine-similarity matching, then a claude sonnet stage applies qualification rubrics and produces structured match reports. validated end to end on a 45-query evaluation run. the goal: surface solved problems in one field that another field doesn't know exist.
network security monitoring lab. security onion (suricata IDS, zeek, elastic stack) watching a segmented multi-VLAN homelab: proxmox virtualization, OPNsense at the edge, PKI-backed self-hosted services, pi-hole, and a honeynet VLAN to give the sensors something to chew on. a learning environment by design.
health dashboard. four-plus years of apple watch data, roughly 1,500 daily records across 50+ metrics, running through a next.js and supabase stack with claude handling differential analysis and anomaly detection. 18 active health formulas (RMSSD, VO2 max, TRIMP, readiness, Z-score anomaly flags), siri voice logging, and temperature-based illness prediction. runs at about $40 a year in API costs against an industry equivalent north of $500, mostly through aggressive caching and differential-only analysis.
microrhizal (in progress). hybrid cloud-burst architecture: a small proxmox footprint on-prem that bursts to AWS when demand outgrows it. the design is sketched out and the build is underway on the homelab.
spacetime coordinates. a javascript adventure in how "when is this?" gets harder the further out you zoom. compact readout of cosmic age, CMB velocity, galactic coordinates, barycentric position, and local WGS84. run time detail in the terminal for the full frame.
weird homemade electronic music. ableton, custom VSTs, and a general disdain for four-on-the-floor. type scan to cycle through tracks.
passive radar + wifi CSI fusion. a long-running curiosity project: fuse two fundamentally different views of the same RF environment. passive radar listens for ambient signals reflecting off moving objects, while wifi CSI reads the channel-state data consumer routers already compute. one is coarse and long-range, the other fine and short-range, and almost nobody is fusing them at hobbyist scale. early days: currently collecting baseline data with ESP32-S3 boards and an RTL-SDR.
also: robocrates, an early experiment in socratic AI assessment (follow-up questions instead of scores), plus a handful of obsidian and chrome plugins built to fix annoyances in my own workflow.
25+ years across IT operations, cloud infrastructure, and security. current and past:
independent IT consultant. 2023–present. cloud architecture, infrastructure design, and systems administration for businesses moving into cloud environments. secure network builds (firewalls, VLAN segmentation, VPN, endpoint hardening), IT strategy work (vendor evaluation, technology roadmaps, FinOps-aligned cost optimization), and AWS deployments across EC2, S3, CloudFront, Route 53, IAM, and CloudFormation. security framework work includes SOC 2 readiness and CIS benchmark alignment.
director of IT & operations. 2012–2023. cloud-based IoT and microservices company, reporting to C-level. owned all internal IT, infrastructure, security, and compliance. architected and maintained production cloud across AWS and Azure with governance frameworks, health monitoring, and cost controls. solo-led the company's full transition to remote work, designing and deploying the network, collaboration, and security stack from the ground up. administered Office 365, Azure AD, and hundreds of third-party SaaS platforms. led large-scale service migrations (G Suite to Office 365, AWS to Azure, Slack to Teams, DNS, storage) with zero unplanned downtime. managed cross-functional teams and external vendors, and served as the primary liaison between technical and financial. contributed platform development in C# .NET and JavaScript when the work called for it.
project manager. 2010–2012. managed design and regulatory workflows for one of the largest corporate rebranding initiatives of its era. change control coordinator in a regulated engineering environment, with FDA-standard documentation and version control inside a product lifecycle management system. coordinated across legal, marketing, regulatory, and engineering.
SEO analyst & web developer. 2009–2010. SEO/SMO strategy, email campaigns, websites, and web applications for clients. agile project management and proposal writing.
IT manager / web developer. 2002–2009. network infrastructure, servers, phone systems, the full IT stack. CRM for a client database of 90,000+ records. CAN-SPAM compliant email campaigns with targeted segmentation. all web production, design, development, and project management.
lead research associate. 2000–2001. research methodologies for a technical recruiting firm. built and maintained internet and intranet sites. supervised and trained research associates.
education: BS in cloud computing, WGU, 2026. MS in cybersecurity and information assurance, WGU, starting september 2026.
certifications: AWS solutions architect associate, AWS cloudops engineer associate, AWS developer associate, CompTIA security+. in progress: CompTIA pentest+ and securityx. earlier and ongoing: AWS cloud practitioner, azure fundamentals, CompTIA cloud+/network+/A+/project+, ITIL 4 foundation, linux essentials.
