Services

Systems administration done right.

If it involves Linux servers, deployment, monitoring, security, or automation - especially when you're short on in-house time or specialist depth - it's my bread and butter.

Start a conversation See tools I build
Good fits
  • Stabilising production, reducing incidents, making changes safer
  • Turning "tribal knowledge" into runbooks and reproducible systems
  • Hardening and compliance uplift without slowing delivery
  • Building DR plans you can actually execute

Configuration & change management

Infrastructure as code, automated configuration, backups, and monitoring for repeatability and auditability.

  • Declarative server/app configuration (and a path out of snowflakes)
  • Backups you can restore, with recovery rehearsals
  • Alerting tuned for signal & ownership

Continuous integration & deployment

Build pipelines that test, ship, migrate, and roll back safely - with less manual button pushing.

  • Build/test automation, deploy previews, and release discipline
  • Safe migrations and reliable rollback paths
  • Secrets handling and "least privilege" in CI

Security hardening & compliance

Hardening, firewalling, encryption, MFA/OAuth, logging, and systems designed with ISO27001 in mind.

  • Baseline hardening, patching strategy, and audit-friendly change history
  • Identity, access, and secrets management
  • Threat modelling and pragmatic controls

High availability & disaster recovery

Design for failure: redundancy, replication, load balancing, and rehearsed recovery plans.

  • Design reviews and incremental HA improvements
  • Restore testing, runbooks, and DR exercises
  • Post-incident follow‑ups that actually prevent repeats

Incident response & "night shift" coverage

Hands-on debugging, mitigation, and follow‑through, with an eye toward making the next incident cheaper.

  • Production triage, temporary mitigations, and root-cause analysis
  • Monitoring and alerting improvements based on real incidents
  • UTC+10/11 availability that complements other teams

AI augmentation (self‑hosted)

Open-source AI where third-party tooling isn't safe or viable: analysis, retrieval, and enhanced workflows.

  • Private deployments and access control
  • RAG over internal docs/logs (where appropriate)
  • Clear guardrails and measurable outcomes
How engagements work

A predictable process, not a mystery box

Most work starts with a short discovery: what you have, what you need, and what's a priority. From there we agree on a plan that produces results.

  1. Discovery: inventory, risks, quick wins, and constraints
  2. Roadmap: priorities, timelines, and measurable outcomes
  3. Implementation: automation, hardening, monitoring, and documentation
  4. Handover: knowledge transfer, runbooks, and "what to do next"
What you typically get
  • A repo of infrastructure/config-as-code (with reviewable change history)
  • Monitoring dashboards and alert routing that matches your on-call reality
  • Runbooks: "how to deploy", "how to rollback", "how to restore"
  • Security notes: what's changed and why
  • A plan for the future: whether you have the know-how and resources in-house, or if you need ongoing support from me.
Discuss your situation