FLIPPING THROUGH…
VOL. 01 — NO. 07CASALE MONFERRATO, IT · --:--:--
ENIT
↓ CV
CLOUD & SECURITY EDITION

MarcoBellingeri

CLOUD PLATFORM & SECURITY ENGINEERSECURITY HEADERSA+verify it yourself ↗

I make cloud infrastructure reliable and secure for teams that already run a system in production and cannot afford to stop it — AI agents included.

BOOK 30 MINUTES — FREE, NO COMMITMENT
“We can only see a short distance ahead, but we can see plenty there that needs to be done.”
Alan Turing — Computing Machinery and Intelligence, 1950

← scroll to see all sections →

01

Dossier

Freelance Cloud Platform & Security Engineer, based in Casale Monferrato, Italy. I help teams and companies make their cloud infrastructure reliable and secure: automation, pipelines, hardening, internal tooling. I work alongside the client's team — pair programming, not black-box handovers — so they stay autonomous. Python is the main tool for automation, internal tooling and application security.

Security is not a final polish: secrets management, automated CI gates and a written threat model are part of the delivery, not of a later engagement. What's left at the end of a job is tests that run, documentation that reads, and a team able to work on it without me.

02

Services

Six ways to work together. Below, what each one includes; if your problem fits none of them, write to me anyway.

ORDER FORM — FILL IN & SEND

Not a shopping cart: a starting point. Select what you need, how and for how long — I generate a draft brief you can copy or email me in one click.

01 — WHAT YOU NEED
02 — MODE
03 — ESTIMATED DURATION
DRAFT BRIEF

No published rates: every engagement is sized to the real problem, not to a one-size-fits-all price list. The first conversation is always free and no-strings — pair programming, not prompt-and-go.

03

Field Notes

One real case a month: problem, approach, result, lesson learned. No theory — only things that actually happened.

CASE STUDY — JULY 2026

Redis refactor — production system

PROBLEM

The system's critical query was slow under load: the Redis cache was invalidated far more often than needed, wasting most of the caching benefit.

APPROACH

Analysis of the real invalidation patterns, not assumed ones. A full refactor of the caching strategy, proposed and carried out independently, without stopping the system the team used every day.

RESULT

Critical-query throughput taken to 41× the starting value, with zero downtime during rollout.

LESSON LEARNED

The costliest bug is often the most boring: no single invalidation was "wrong", the problem was the overall discipline in managing the cache.

04

Magazine

One real case a month of AI put to work: the problem, the call made, what changed. A pipeline writes it, checked against the sources. The first one is point zero: ideas get better as you go.

N.01
JULY 2026 · insurance

Insurance under pressure: shared AI rules as adoption outpaces governance

READ
PROBLEM

In 2023, US insurance regulators faced a concrete problem: insurers were increasingly deploying AI systems for underwriting, pricing and claims handling, but without shared standards to guard against inaccuracies, discriminatory bias and data vulnerabilities. The sector risked a patchwork of state-by-state expectations, with each insurance department potentially imposing different requirements on the same companies operating across multiple markets.

APPROACH

The NAIC (National Association of Insurance Commissioners) responded through collective drafting: its Innovation, Cybersecurity, and Technology Committee, made up of representatives from 15 states and chaired by Commissioner Kathleen Birrane, wrote a Model Bulletin in 2023 on the use of artificial intelligence systems by insurers. It is not a binding law or regulation, but a guiding document meant to bring uniformity to how state regulators approach responsible AI deployment in the industry.

RESULT

NAIC members adopted the bulletin at the Fall National Meeting in December 2023, explicitly addressing the risks of inaccuracies, unfair bias leading to discrimination, and vulnerabilities in the data feeding these algorithms. The outcome is a common baseline that individual state departments can build their own regulatory expectations on, reducing the risk of an inconsistent patchwork for insurers operating across state lines.

LESSON LEARNED

When a regulated industry adopts AI faster than the rules governing it, preemptive standardization, even non binding, is worth more than after the fact correction: it gives companies a clear reference point before bias or accuracy problems turn into litigation or penalties.

Open the page →
In the talent networkDevpunks
05

Projects

Turin, rush hour: where do you leave the car? An API that answers in real time, built security-first as if it had been in production for years — async FastAPI, PostGIS for geospatial, Redis with ETags. Next stop: the App Store.

PROBLEM

Knowing in real time where there's a free spot in Turin meant jumping between different sources, with no single clean, fast API to query.

APPROACH

Security-first API: async FastAPI on Python 3.12, PostgreSQL 16 + PostGIS for geospatial, Redis 7 with compression and conditional ETag requests, HMAC-SHA256 on API keys (zero plaintext), multi-tier sliding-window rate limiting.

RESULT

51 tests across unit, integration and e2e with testcontainers, CI/CD and a threat model documented in SECURITY.md. Next milestone: bringing it to the Apple App Store as a native app.

The job hunt with an AI brain: it reads listings, gives your CV a blunt fit score (0–100), tells you what's actually missing and writes the letters, follow-ups and interview questions. Validated the most honest way there is: on me.

PROBLEM

Applications went out at random: the same CV for very different roles, with no honest way to measure which skills were actually missing for a given role.

APPROACH

Microservice architecture (FastAPI + Nginx + PostgreSQL + Redis, with an MCP server for the AI agent). Compatibility score, gap analysis with severity and action plans, recruiter CRM — no embellishment, not even on myself.

RESULT

Full OWASP Top 10 audit, 342 tests, mypy strict at zero errors, deployed on Fly.io with an 8-stage CI/CD. The method generalises: it works on any CV.

The philosophical experiment of the lot: an Obsidian knowledge graph asking how memory and identity get built over time. Shelved as a product, irreplaceable as a thinking tool — and the RAG-powered SaaS idea is still on the table.

PROBLEM

Scattered notes didn't talk to each other: ideas, readings and projects ended up isolated instead of connected.

APPROACH

A personal knowledge graph on Obsidian, meant not just as an archive but as an open question about how memory and identity are built over time.

RESULT

Deprioritised as a product against JobSearch, but it remains the thinking tool I use most — and the idea of a SaaS version with RAG is still on the table.

06

Career

2026 — presentVETRERIA MONFERRINA · REMOTE

Full Stack & AI Engineer

A production site (Astro + Sanity) and an AI agent for SEO/AEO with RAG on Supabase and AI Act governance.

AstroSupabase + pgvectorAI Act
2025 — 2026FAIRFIELD S.p.A. — Figline e Incisa Valdarno (FI), Remote

Full Stack Engineer

Full-stack work on an enterprise debt-collection platform: a Python back-end (Clean/DDD) on AWS serverless and a multi-role React/TypeScript SPA.

REDIS REFACTORAWSReact / TS
2025GECO S.R.L. · GALLIATE (NO)

Software Engineer

Software for critical infrastructure: 24/7 video supervision for Rome Metro Line C and enterprise network diagnostics for Etihad Airways (Scapy).

PythonScapy
07

Stack

Python & Backend

Home turf: back-ends and APIs built on Clean Architecture and DDD — FastAPI, Flask, Falcon.

Frontend

Astro and Vite — this site included; React and TypeScript when a SPA is called for.

Cloud & IaC

AWS (Lambda, SQS, S3, IAM, VPC), Kubernetes / K3s, Terraform, Cloudflare Tunnel.

Security

OWASP hardening, PII encryption (AES-256), CI security gates: Bandit, CodeQL, Gitleaks.

Database

PostgreSQL + PostGIS, Redis, MongoDB, SQLite FTS5 — geospatial and high-performance caching.

DevOps & Observability

Docker and K3s, CI/CD on GitHub Actions; Sentry, Langfuse, Prometheus and Grafana.

AI & Agents

Claude API, Model Context Protocol (MCP), Groq, HuggingFace Transformers.

08

Security

This page audits itself. The table below is not a claim — it is read live from the response headers your browser just received.

$ security headers served by this page

SOURCE: HEAD SELF · LIVE

reading response headers…

Headers are applied at the edge (Cloudflare) and read live from this page’s response — locally they may show as missing.

09

Booking

Thirty minutes, free, no commitment. Time zone handled automatically, email confirmation — no back-and-forth to find a time. If we then work together, the first day is on me unless it convinces you.

CAL.EU — LOADED ON REQUEST

The calendar is served by Cal.eu, a third party. Nothing is loaded — and nothing leaves your browser — until you click.

guest@bellingeri:~$
↑↓ NAVIGATE · ENTER OPENESC CLOSE