How this site was built
This site is itself a work sample. It was designed and built through a structured, secure-by-design process — and it runs on infrastructure I stand up and operate myself.
The process
Every decision — auth, data boundaries, hosting, the standing self-audit — was made through a Build Interview: one decision at a time, each with an explicit security review, each producing testable Ideal State Criteria (ISCs). Those ISCs aren't decoration; an AI agent checks changes against them, so the site can evolve without quietly breaking a control (like the wall that keeps private data off the public site).
The stack
- Static public site, served from a container I control, HTTPS via Cloudflare.
- Gated private cockpit — password + TOTP MFA, hashed credentials, rate-limiting, session timeout.
- Flat-file data pipelines — collection and processing kept strictly separate; a failed run is visible, never silent.
- One-command deploy with git-based rollback; no secret ever committed.
- Monthly self-audit — automated control checks plus a human checklist, producing a dated pass/fail record.
The point: I don't just advise on security operations — I operate a small one, in public, to my own standard.