Dossier
Freelance Cloud Platform & Security Engineer, based in Casale Monferrato, Italy. I help teams and companies make their cloud infrastructure reliable and secure: automation, pipelines, hardening, internal tooling. I work alongside the client's team — pair programming, not black-box handovers — so they stay autonomous. Python is the main tool for automation, internal tooling and application security.
Security is not a final polish: secrets management, automated CI gates and a written threat model are part of the delivery, not of a later engagement. What's left at the end of a job is tests that run, documentation that reads, and a team able to work on it without me.
Services
Six ways to work together. Below, what each one includes; if your problem fits none of them, write to me anyway.
Security Audit
A repeatable inspection of the whole stack, from AI to OS: find the exposed tokens and weak configs before anyone else does.
Cloud & DevOps
Infrastructure that carries the weight — and the trust — of the people using it. Provisioning, pipelines and containers, with reliability as a requirement.
Pair & Advisory
The primary way of working: hands-on, at your side. No black box handed over — we build together and your team stays autonomous.
Web Development
Fast, polished sites, like the one for Vetreria Monferrina: Astro + CMS, Lighthouse 100, security and accessibility by default — with an AI agent for SEO/AEO if needed.
AI Automation
Custom AI solutions that remove repetitive work: agents, RAG and pipelines that run on their own — with human oversight where it matters.
AI & Agent Security
Putting AI agents into production without opening holes: human oversight is designed, autonomy is earned with caps and guardrails — never granted by default.
Not a shopping cart: a starting point. Select what you need, how and for how long — I generate a draft brief you can copy or email me in one click.
No published rates: every engagement is sized to the real problem, not to a one-size-fits-all price list. The first conversation is always free and no-strings — pair programming, not prompt-and-go.
Field Notes
One real case a month: problem, approach, result, lesson learned. No theory — only things that actually happened.
Redis refactor — production system
The system's critical query was slow under load: the Redis cache was invalidated far more often than needed, wasting most of the caching benefit.
Analysis of the real invalidation patterns, not assumed ones. A full refactor of the caching strategy, proposed and carried out independently, without stopping the system the team used every day.
Critical-query throughput taken to 41× the starting value, with zero downtime during rollout.
The costliest bug is often the most boring: no single invalidation was "wrong", the problem was the overall discipline in managing the cache.
Magazine
One real case a month of AI put to work: the problem, the call made, what changed. A pipeline writes it, checked against the sources. The first one is point zero: ideas get better as you go.
N.01JULY 2026 · insuranceInsurance under pressure: shared AI rules as adoption outpaces governance
READ
Insurance under pressure: shared AI rules as adoption outpaces governance
READIn 2023, US insurance regulators faced a concrete problem: insurers were increasingly deploying AI systems for underwriting, pricing and claims handling, but without shared standards to guard against inaccuracies, discriminatory bias and data vulnerabilities. The sector risked a patchwork of state-by-state expectations, with each insurance department potentially imposing different requirements on the same companies operating across multiple markets.
The NAIC (National Association of Insurance Commissioners) responded through collective drafting: its Innovation, Cybersecurity, and Technology Committee, made up of representatives from 15 states and chaired by Commissioner Kathleen Birrane, wrote a Model Bulletin in 2023 on the use of artificial intelligence systems by insurers. It is not a binding law or regulation, but a guiding document meant to bring uniformity to how state regulators approach responsible AI deployment in the industry.
NAIC members adopted the bulletin at the Fall National Meeting in December 2023, explicitly addressing the risks of inaccuracies, unfair bias leading to discrimination, and vulnerabilities in the data feeding these algorithms. The outcome is a common baseline that individual state departments can build their own regulatory expectations on, reducing the risk of an inconsistent patchwork for insurers operating across state lines.
When a regulated industry adopts AI faster than the rules governing it, preemptive standardization, even non binding, is worth more than after the fact correction: it gives companies a clear reference point before bias or accuracy problems turn into litigation or penalties.
Edicola · where the byline also runs
Projects
Turin, rush hour: where do you leave the car? An API that answers in real time, built security-first as if it had been in production for years — async FastAPI, PostGIS for geospatial, Redis with ETags. Next stop: the App Store.
Knowing in real time where there's a free spot in Turin meant jumping between different sources, with no single clean, fast API to query.
Security-first API: async FastAPI on Python 3.12, PostgreSQL 16 + PostGIS for geospatial, Redis 7 with compression and conditional ETag requests, HMAC-SHA256 on API keys (zero plaintext), multi-tier sliding-window rate limiting.
51 tests across unit, integration and e2e with testcontainers, CI/CD and a threat model documented in SECURITY.md. Next milestone: bringing it to the Apple App Store as a native app.
The job hunt with an AI brain: it reads listings, gives your CV a blunt fit score (0–100), tells you what's actually missing and writes the letters, follow-ups and interview questions. Validated the most honest way there is: on me.
Applications went out at random: the same CV for very different roles, with no honest way to measure which skills were actually missing for a given role.
Microservice architecture (FastAPI + Nginx + PostgreSQL + Redis, with an MCP server for the AI agent). Compatibility score, gap analysis with severity and action plans, recruiter CRM — no embellishment, not even on myself.
Full OWASP Top 10 audit, 342 tests, mypy strict at zero errors, deployed on Fly.io with an 8-stage CI/CD. The method generalises: it works on any CV.
The philosophical experiment of the lot: an Obsidian knowledge graph asking how memory and identity get built over time. Shelved as a product, irreplaceable as a thinking tool — and the RAG-powered SaaS idea is still on the table.
Scattered notes didn't talk to each other: ideas, readings and projects ended up isolated instead of connected.
A personal knowledge graph on Obsidian, meant not just as an archive but as an open question about how memory and identity are built over time.
Deprioritised as a product against JobSearch, but it remains the thinking tool I use most — and the idea of a SaaS version with RAG is still on the table.
Career
Full Stack & AI Engineer
A production site (Astro + Sanity) and an AI agent for SEO/AEO with RAG on Supabase and AI Act governance.
Full Stack Engineer
Full-stack work on an enterprise debt-collection platform: a Python back-end (Clean/DDD) on AWS serverless and a multi-role React/TypeScript SPA.
Software Engineer
Software for critical infrastructure: 24/7 video supervision for Rome Metro Line C and enterprise network diagnostics for Etihad Airways (Scapy).
Stack
Python & Backend
Home turf: back-ends and APIs built on Clean Architecture and DDD — FastAPI, Flask, Falcon.
Frontend
Astro and Vite — this site included; React and TypeScript when a SPA is called for.
Cloud & IaC
AWS (Lambda, SQS, S3, IAM, VPC), Kubernetes / K3s, Terraform, Cloudflare Tunnel.
Security
OWASP hardening, PII encryption (AES-256), CI security gates: Bandit, CodeQL, Gitleaks.
Database
PostgreSQL + PostGIS, Redis, MongoDB, SQLite FTS5 — geospatial and high-performance caching.
DevOps & Observability
Docker and K3s, CI/CD on GitHub Actions; Sentry, Langfuse, Prometheus and Grafana.
AI & Agents
Claude API, Model Context Protocol (MCP), Groq, HuggingFace Transformers.
Certifications · verifiable on Credly
Security
This page audits itself. The table below is not a claim — it is read live from the response headers your browser just received.
$ security headers served by this page
SOURCE: HEAD SELF · LIVEreading response headers…
Headers are applied at the edge (Cloudflare) and read live from this page’s response — locally they may show as missing.
Booking
Thirty minutes, free, no commitment. Time zone handled automatically, email confirmation — no back-and-forth to find a time. If we then work together, the first day is on me unless it convinces you.
CAL.EU — LOADED ON REQUEST
The calendar is served by Cal.eu, a third party. Nothing is loaded — and nothing leaves your browser — until you click.