Build production systems in C++ for event-driven services, protocol handling, performance-sensitive backend components, and low-level debugging on Linux.
Write C for kernel-adjacent work, systems tooling, memory-sensitive code paths, and close-to-the-metal experimentation with Linux internals.
Focus on concurrency, throughput, latency visibility, and failure isolation in distributed systems handling large-scale telemetry and streaming workloads.
Built systems supporting internet-scale collection workloads scanning ~4.4B IPv4 per cycle and ingesting 1.5TB+/day, with strong emphasis on reliability and backpressure control.
Improved ingestion reliability through idempotency, retry isolation, buffering, and better operational observability, reducing failures from ~30% to <5%.
Built distributed observability using tracing, metrics, and logs to diagnose latency and correctness issues across services and network boundaries.
Comfortable with gdb, perf, strace, Linux debugging, and production investigation across system and application layers.
Interested in modern C++, low-latency systems, protocol design, and Linux systems programming.
Linux staging driver cleanup (rtl8723bs) — patch series improving code quality, readability, and maintainability in drivers/staging/rtl8723bs. [C, Linux kernel]
RTC subsystem study — explored sysfs ABI, wake alarms, driver registration paths, and user-space validation of Linux RTC behavior. [C, Linux kernel, RTC]
Lock-free ring buffer — bounded queue using C11 atomics with SPSC/MPMC variants, contention analysis, and microbenchmarking. [C11, atomics, concurrency]
C++ distributed tracing client — implemented trace-context propagation across TCP/UDP/HTTP and custom transports for low-overhead observability in distributed systems. [C++17, networking, tracing]
High-scale telemetry ingestion platform — designed reliability-focused collection and ingestion paths for internet-scale telemetry workloads, with strong emphasis on buffering, retries, and failure isolation. [C++/Python, Kafka, Linux]
Internet-wide scanning platform — distributed collectors scanning ~4.4B IPv4 with ingestion exceeding 1.5TB+/day; focused on throughput, resilience, and operational visibility. [Linux, distributed systems]
Global honeypots network — operated a 500+ node sensor fleet producing detection feeds and high-volume telemetry for downstream analysis pipelines. [Linux, Terraform, Suricata]
Threat actor attribution — built clustering and enrichment pipelines using infra/TTP relationships, PassiveDNS signals, and automated analysis workflows. [Python, data analysis]
Analytics dashboard backend — real-time ingestion, rolling aggregates, RBAC APIs, and backend data workflows supporting operational visibility. [Postgres, Redis, Django]
Breach analysis platform — reviewer workflows, auditability, exports, and asynchronous backend processing for security operations use cases. [Django, Celery, Postgres]
Linux fleet management — safe orchestration of SSH actions, health checks, and controlled execution across 500+ Linux hosts. [Linux, automation, operations]
Domain squatting detection — large-scale signal processing over CT logs and DNS telemetry with automated workflow support. [Python, Kafka]
TOR exit relay monitoring — opt-in traffic observation and signal extraction to surface organization-level risk patterns. [Linux, Suricata, Zeek]
Master’s thesis — stacked denoising autoencoder for real-estate price prediction. [Python, TensorFlow]