I build the infrastructure that lets startups ship fast without breaking trust.
Most seed-to-Series A companies hit the same wall: they've moved fast, won customers, raised money โ and now those enterprise buyers are asking for SOC2 Type II, HIPAA evidence, PCI-DSS controls, or a Kubernetes architecture that doesn't collapse under load.
That's where I come in.
I'm a Senior Platform Engineer and FinOps specialist who sits at the intersection of three disciplines that most engineers treat as separate jobs: cloud infrastructure, security compliance, and cloud cost engineering. My thesis is simple โ infrastructure built for speed is not built for trust, and you can't bolt trust on after the fact.
I work with EU and US companies at the seed-to-Series A inflection point through my consultancy Cloudfrugal, and I'm selectively available for founding engineer engagements where the infrastructure layer is a strategic bet, not an afterthought.
github.com/aayostem/financial-rag-agent
A production-grade multi-agent financial intelligence system built end-to-end โ from SEC EDGAR ingestion to LLM-powered Q&A โ across 14 architectural layers with 106 passing tests.
What makes it production-grade, not a demo:
| Layer | Technology |
|---|---|
| Vector search | PostgreSQL + pgvector |
| Caching | Redis |
| LLM compatibility | OpenAI ยท Groq ยท Azure (swappable) |
| API | FastAPI |
| Migrations | Alembic |
| Observability | Prometheus + Grafana |
| Security scanning | Trivy ยท gitleaks ยท pip-audit |
| CI/CD | GitHub Actions (multi-stage) |
| Containers | Docker multi-stage builds |
| Orchestration | EKS on Terragrunt-wrapped Terraform |
| Networking | Cilium CNI |
| Secrets | HCP Vault + Agent Injector |
| Autoscaling | Karpenter |
| Service mesh | Istio |
| GitOps | ArgoCD ApplicationSets |
The full 7-phase Kubernetes production deployment spans 6 Terragrunt modules across 3 environments. The staging cluster (financial-rag-staging-cluster, us-east-1) reached Helm revision 7 with the complete LGTM observability stack, Falco runtime security, and OPA/Gatekeeper policy enforcement.
Companion projects in the same mono-repo infrastructure:
- Drift Sentinel โ ML model drift detection with automated alerting pipelines
- RiskOracle โ Quantitative risk analytics for financial institutions
All three share a Transit Gateway-compatible CIDR allocation strategy for future inter-VPC routing.
Platform Engineering EKS ยท Karpenter ยท Cilium ยท Istio ยท ArgoCD ยท Helm ยท Terragrunt/Terraform
Security & Compliance SOC2 Type II ยท HIPAA ยท PCI-DSS ยท HCP Vault ยท Falco ยท OPA/Gatekeeper
FinOps Cloud cost attribution ยท Kubernetes cost-per-workload ยท Spot/on-demand strategy
Observability Prometheus ยท Grafana ยท Loki ยท Tempo (LGTM stack) ยท OpenTelemetry
Post-Quantum Crypto ML-DSA-65 (FIPS 204) ยท ML-KEM-768 (FIPS 203) ยท Hybrid ECDSA/X25519
Data PostgreSQL + pgvector ยท Redis ยท Alembic ยท SEC EDGAR ingestion pipelines
Languages Python ยท Bash ยท HCL ยท YAML ยท SQL
Alva (post-quantum transaction identity) โ Designed the full hybrid PQC architecture for a transaction identity startup building on ML-DSA-65 (FIPS 204) + ECDSA for signatures and ML-KEM-768 (FIPS 203) + X25519 for key encapsulation. Produced the 8-week MVP scope, infra cost model (~$224โ384/mo), and the founding engineer engagement structure.
LexClaro โ Identified three critical compliance gaps (PII scrubbing for GDPR Art.25, customer-managed KMS, document-level audit trail) after reviewing their AWS architecture. Proposed a targeted Gap Sprint to remediate before enterprise client onboarding.
For sub-10 companies (pre-product-market-fit, pre-SOC2):
- On-Call CTO ยท Pre-Launch Audit ยท Gap Sprint ยท First Hire Infrastructure Review
For 10+ companies (post-Series A, scaling platform):
- FinOps Principal ยท Platform Engineering Lead ยท SOC2 Type II Program Lead ยท Fractional CTO
Geography: Lagos, Nigeria โ serving EU and US clients via Deel / Payoneer / Remote.com
I write about the intersection of platform engineering, SOC2, and FinOps as one unified discipline โ not three separate jobs.
- dev.to/aayostem โ Long-form technical breakdowns
- hashnode/aayostem โ technical breakdowns
- Medium/@aayostem โ Architecture patterns for seed-to-Series A infra
Five-course portfolio in development:
- Financial RAG Agent (26h) โ Production ML system on EKS
- SOC2 Type II Engineering (20h) โ Evidence pipelines, not paperwork
- FinOps + IDP Engineering (20h) โ Cost attribution at Kubernetes granularity
- ML Drift Detection: Drift Sentinel (16h)
- Enterprise ML Risk: RiskOracle (18h)
Consulting: Cloudfrugal Email: aayo.software@gmail.com Available for: Founding engineer roles ยท Fractional CTO ยท SOC2 retainers ยท FinOps audits
If your infrastructure can't pass a vendor security questionnaire, you're leaving enterprise revenue on the table. Let's fix that.