Nrishinghananda Roy

Shipping software is straightforward until the infrastructure becomes a bottleneck. Deployments that break production. Staging environments that drift from reality. Systems that fail on a Friday night with no clear path to recovery. When reliability suffers, it becomes an expensive business problem.

I build and operate the highly reliable infrastructure that stops these problems from reaching your users.

By implementing Infrastructure as Code with Terraform and orchestrating container workloads through Kubernetes, I ensure your environments are immutable and reproducible. I also integrate zero-trust principles using HashiCorp Vault for secure secrets management, replacing static credentials with dynamic IAM roles.

This means your team ships faster and safer. I automate robust CI/CD pipelines using GitHub Actions and orchestrate GitOps workflows via ArgoCD, making deployments predictable and rollbacks instant.

I don't just string tools together. I write custom automation that eliminates manual toil, and I implement proactive observability with Prometheus and Grafana so I never have to wait for an outage to tell me something is wrong.

If your infrastructure is slowing your product cycle, or if you need a scalable cloud foundation built for absolute reliability from day one, that is exactly what I solve.

A 15x performance improvement on a live system.

At Codefy GmbH in Germany, a third-party Java microservice was adding over 3 seconds of latency to every API request. I read the codebase, understood exactly what it was doing, and rebuilt it from scratch in Rust (Axum) and PostgreSQL. Response times dropped to under 200 milliseconds under production load.

I also built automated document processing pipelines in Rust for their legal workflows, reducing significant manual effort. The harder part was understanding unfamiliar distributed systems well enough to replicate their behavior perfectly without breaking anything downstream.

Zero-trust architecture and scalable AWS environments.

At Dhiway in India, I provisioned and managed a highly available AWS infrastructure of over 60 EC2 instances utilizing Terraform. I implemented strict resource tagging and instance right-sizing to reduce monthly cloud compute expenditure by 28%.

Crucially, I engineered a zero-trust secrets management architecture using HashiCorp Vault, replacing static AWS credentials with dynamic, TTL-bound IAM roles to actively mitigate unauthorized access risks across the production environment.

Linux operations that kept an early platform running.

At Trustforum in France, I managed Linux servers for an early-stage community platform. I automated routine maintenance tasks, log rotation, and system backups using Bash shell scripting. The kind of work that is only noticed when it stops happening.

Most companies discover a security problem after it has already caused damage. A compromised environment, stolen credentials, a breach that nobody noticed for weeks.

I think about security before the breach, not after.

In early 2026 I received what looked like a standard coding task from a recruiter. It was a carefully constructed attack, designed to execute silently inside a developer machine and extract credentials without triggering any visible warning. Rather than running it, I spent days pulling it apart stage by stage until I understood exactly how it worked, how it evaded detection, and what it was built to steal.

That experience sits underneath everything I build now. When I set up a deployment pipeline, I think about what an attacker would do with access to that pipeline. When I configure a container environment, I think about what happens if one workload is compromised and what it can reach from there. When I handle secrets, I think about every place those secrets could leak and close those paths before they become a problem.

Security built into infrastructure from the beginning costs almost nothing. Security retrofitted after an incident costs significantly more than that.

Malware AnalysisJune 13, 2026

The Fake Interview Malware: Reverse Engineering a VS Code Exploit

A technical teardown of a developer supply chain attack. Learn how attackers use fake job interviews and VS Code tasks.json to deploy zero-c…

Read full research →

Rust Clippy

Clippy is the official Rust linter used across the entire Rust ecosystem. I contributed lints directly to the project, which required working through the compiler internals and the review process with the Rust team.

lsmdb

A persistent, crash-safe key-value storage engine built from scratch in Rust on an LSM-Tree architecture. Implements a Write-Ahead Log, Bloom Filters, LRU block cache, and a custom arena-allocated SkipList MemTable. Published on crates.io as a library and CLI binary.

I built this to understand how storage engines fail under pressure. That understanding directly informs how I reason about data tier architecture and I/O latency in production infrastructure.