01
Golang
High-throughput services, API development, and the kind of plumbing that must run quietly for years. Strong typing, simple deployment, honest performance.
— 01
Studio
A software engineer with roughly a decade of professional experience — designing backends, shipping production systems, and keeping software quietly working over time.
Working primarily in Golang, Ruby, and PHP, with an ongoing research interest in information security.
— 02
About
Ten years of writing software for a living — backends mostly, but with frequent detours into infrastructure, tooling, and the quiet corners where systems fail.
I try to write code that the next person — including future me — can read, reason about, and trust. Clarity over cleverness; honest seams over hidden magic.
Outside of product work, I spend time on information security: reading research, tearing apart how things work, and thinking about the threat models that real users actually face.
— 03
Stack
High-throughput services, API development, and the kind of plumbing that must run quietly for years. Strong typing, simple deployment, honest performance.
Rails apps, internal tools, and quick iterations on product ideas. Expressive code, a mature ecosystem, and a community that takes craft seriously.
Modern PHP — Laravel, typed code, decent tooling. Still powers a huge slice of the web, and still a pragmatic choice for many real problems.
— 04
Platform
Beyond writing code, I work across the platform layer — building on AWS with serverless services, shipping video and audio streaming pipelines, tuning CDNs from the edge to the origin, and integrating AI into products in a way that earns its keep.
Designing systems on AWS using Lambda, API Gateway, SQS, DynamoDB, S3, and friends. Event-driven architectures that scale to zero when idle and absorb traffic when it counts.
Building delivery pipelines for live and on-demand media — transcoding, adaptive bitrate (HLS / DASH), packaging, and playback that survives the messy realities of real networks.
Integrating CloudFront and other edge networks — cache strategy, signed URLs, origin shielding, and the small configuration details that quietly decide cost and latency.
Bringing LLMs and generative AI into real products — prompt design, tool-using agents, and the practical integration work that turns model APIs into features users can rely on.
— 05
Focus
Security isn't a checklist I bolt on at the end — it's a way of reading code. I read up on web application security, supply-chain risks, authentication design, and the steady stream of vulnerabilities that shape how modern software gets attacked.
i.
Web application security & OWASP-style review
ii.
Authentication & session design
iii.
Supply-chain & dependency hygiene
iv.
Reading CVEs, advisories & research
— 06
Contact
Got an interesting problem, a security question, or just want to chat about code? I'm happy to hear from you.
hello@gtc.studio