Services¶
Engineering teams waste a remarkable amount of time on infrastructure that should just work. Debugging pipelines that break on Friday afternoons. Waiting for environments that take three people and a Jira ticket to provision. Stitching together observability tooling that doesn't quite talk to each other.
I've spent the last decade solving exactly this — at Lloyds Banking Group, the Home Office, Barclays, and Fujitsu. Environments where reliability isn't optional and the operational surface is large. Here's what that work looks like.
Most engagements start with a short conversation about where the pain is. No RFP, no 40-slide deck. surj@polarpoint.io
Cloud Platform Engineering¶
Most cloud environments grow organically. That's fine up to a point, then it stops being fine. Security posture gets fuzzy, costs drift, and new engineers can't reason about what exists or why.
I design AWS and multi-cloud environments from scratch or rationalise what's already there — landing zones, network architecture, multi-account structures, and the Infrastructure as Code that makes all of it reproducible. Everything through Terraform or Crossplane so there's no magic, just version-controlled configuration that a new engineer can read on day one.
GitOps and Continuous Delivery¶
The fastest CI/CD pipeline is one that developers trust. If they're manually approving stages, bypassing checks, or doing Friday afternoon deploys without it — something in the pipeline isn't working.
I implement GitOps end-to-end: Git as the single source of truth, ArgoCD for cluster-state reconciliation, and pipelines that do the security and quality work automatically so engineers don't have to think about it. Kubernetes clusters bootstrapped from code, not click-ops. Promotions that are pull requests, not Slack messages.
Security and Secrets Management¶
Security that lives in a separate team's backlog is security that doesn't ship. I build it into the platform layer so it's automatic rather than aspirational.
External Secrets Operator for Kubernetes secrets management. Trivy for container scanning. Mutual TLS and admission controllers. Zero Trust network policy. Compliance frameworks that give you the audit trail you need without the manual overhead. I've done this in financial services and UK government — the kind of environments where the audit trail isn't optional.
Monitoring and Observability¶
You can't fix what you can't see, and dashboards nobody reads aren't observability. Real observability means the right people get alerted on the right signals, can trace a request through a distributed system, and can answer "what changed?" in under two minutes.
I've built global monitoring platforms on Prometheus and Thanos for organisations running hundreds of clusters. I instrument with OpenTelemetry, build Grafana dashboards teams actually use, and centralise logs so they're searchable rather than just stored. The goal is always the same: on-call engineers who can diagnose a problem without a war room.
AI and Platform Automation¶
AI tools are genuinely useful for platform engineering — if they're wired in properly. Most teams have GitHub Copilot and a few n8n workflows. Few have thought through the context layer that makes AI actually reliable at engineering tasks.
I build and connect MCP (Model Context Protocol) servers that give AI agents grounded access to your systems — cluster state, runbooks, service catalogue, deployment history. I implement n8n workflow automation for the operational work that shouldn't need a human in the loop. And I apply AI to incident triage, access request workflows, and documentation generation in ways that hold up in production, not just in demos.
Consulting and Technical Leadership¶
Sometimes the problem isn't the tooling, it's the team's ability to move forward confidently with it. I work embedded with engineering teams — not delivering reports from a distance.
Technology assessment and honest recommendations. Migration planning that accounts for the complexity you're actually dealing with. Mentoring that transfers knowledge rather than creating a dependency. If you need someone who's done this before to work alongside your team until they don't need them anymore, that's the engagement.
Who I've worked with¶
Platform engineering and GitOps in a regulated financial services environment. Kubernetes at scale, automated compliance scanning, secrets management built into the delivery pipeline.
Cloud infrastructure and DevOps for UK government systems. Security-first architecture, audit-ready environments, and the operational processes to keep them that way.
Cloud architecture and delivery automation in a high-compliance environment.
Multi-cloud architecture and infrastructure automation across enterprise environments.
I'm also an active open source contributor. The External Secrets Operator and Thanos projects have had my fingerprints on them — which means the tools I recommend are tools I've actually shaped.