Technical Architect and DevOps Lead
Jul 2020 · Apr 2026UK Government Department
About
I'm Lukasz. Independent technical architect.
Started writing code for money at 15. Have been shipping infrastructure for organisations that can't afford downtime ever since — government, defence, finance, and the occasional startup that made it past Series A.
Day-to-day is mostly Go, Kubernetes, and being the person who says no to half-baked ideas politely but firmly. I measure success in quiet on-call rotations, short post-mortems, and the absence of Slack alerts past 6pm.
In the last two years the work has moved toward the operational layer underneath production LLM systems — agents, MCP servers, retrieval pipelines, eval harnesses, and the boring-but-necessary plumbing that keeps them from becoming tomorrow's P1.
Outside work: FPV drones, a standing firearms qualification, a pile of open-source repos, and a coffee habit that London makes expensive.
- British and EU citizen
- ·
- SC / DV clearance eligible
- ·
- London-based, works across UK and EU
Six opinions I won't compromise on.
Understand before building
No non-trivial system I've shipped started from someone else's diagram. I'd rather spend a day in the blast radius than a week rebuilding the same mistake.
Ship the smallest useful thing
Reliability is an accumulation, not a deliverable. Each iteration removes a failure mode. No grand rewrites, no frozen milestone plans.
Data closes the argument
Instinct opens the conversation. The opinion that doesn't survive a metric is wrong, by definition.
The cheapest component is the one you don't build
Fewer services, shorter cognitive distance, and ruthless pruning of what no longer earns its keep.
Leave it cleaner than you found it
Cleanup is part of the deliverable. If the next engineer inherits less debt and better documentation, the engagement worked.
Documentation is not optional
Diagrams, ADRs, and runbooks ship with the code. A design that lives only in one head hasn't happened yet.
Chronological.
Consulting and full-time. Technologies listed where relevant; full stack per engagement on request.
SRE Team Lead
May 2019 · Jun 2020Department for Work and Pensions (DWP)
Head of DevOps Profession
Feb 2015 · Jun 2019Ministry of Justice (MoJ) UK
Senior Systems Administrator / DevOps Engineer / SRE
Aug 2012 · Oct 2014Hailo Networks Ltd
Senior Systems Administrator
Mar 2012 · Aug 2012MarkcoMedia Ltd.
Senior Systems Administrator
Jan 2011 · Mar 2012Zugo Services Ltd
Various roles ( Poland )
2007 · Dec 2010Available upon request
Patches, features, and bug analyses.
Things I've landed in third-party open-source projects. Each link goes to the merge request or issue.
Linux kernel — net/macb: silent TX stall fix on BCM2712 / RP1
2026Identified, reproduced and patched a silent TX stall in the Cadence MACB Ethernet driver on Raspberry Pi 5 (BCM2712 / RP1) under sustained Kubernetes networking load. Surfaced through Talos Linux running Cilium in eBPF mode, isolated to the kernel networking layer rather than CNI or userspace, then submitted candidate fixes to netdev for mainline review with backports landing in the Talos and Raspberry Pi kernels.
pending · lore.kernel.org netdev — mainline submission merged · raspberrypi/linux#7340 merged · siderolabs/pkgs#1526 open · raspberrypi/linux#7339 (issue) open · siderolabs/sbc-raspberrypi#91 (issue) open · cilium/cilium#43198 (issue)
BCM2712CCadence MACBKubernetesLinux KernelNetworkingRP1TaloseBPF
IBM/mcp-context-forge — SSO team mapping bug analysis
2026Filed a detailed bug report with root-cause analysis: _apply_team_mapping() only adds users to teams when their OIDC groups match a mapping entry, but never removes them when the upstream group is revoked. Memberships persist indefinitely, breaking least-privilege and Layer 1 data-visibility scoping. Contrasted against the correct grant/revoke pattern already used by _sync_user_roles() in the same file.
IBMKeycloakMCPOIDCPythonRBAC
project-zot/zot — per-architecture image sync
2025Feature contribution to the zot OCI registry adding the ability to mirror only selected architectures, instead of pulling tens of GB of unused images for every supported platform. Substantial change (+3.3k LoC) covering config schema, sync pipeline and the manifest-walking logic.
Container RegistryGolangOCIzot
spegel-org/spegel — struct memory layout optimisation
2024Realigned struct fields across the Spegel pull-through cache codebase to reduce pointer padding and the overall memory footprint of long-running registry mirror pods.
Container RegistryGolangMemory layoutPerformance
micro/go-micro — struct field alignment
2023Memory-layout optimisation across the go-micro microservices framework: sorted struct fields to minimise padding (+678 / -621 LoC), reducing the runtime memory footprint for every downstream service built on the library.
GolangMemory layoutMicroservicesPerformance
What the credentials vouch for.
Grouped by domain. IDs and expiry dates on LinkedIn.
AI & Emerging Tech
- Issued Apr 2026
AI Fluency Framework & Foundations
Anthropic · ID sh8p7x6yn9ve
- Issued Apr 2026
Model Context Protocol: Advanced Topics
Anthropic · ID crtxcx2w2qu7
- Issued Apr 2026
Introduction to Model Context Protocol
Anthropic · ID r8roq2ccjma5
- Issued Apr 2026
Introduction to subagents
Anthropic · ID 5hi4se9m87yk
Aviation
- Issued Aug 2020 · Expires Aug 2028
Drones Remote Pilot
Civil Aviation Authority · ID GBR-RP-Z467RFFTSL6M
Security & Close Protection
- Issued Mar 2017
Level 3 Award in Firearms Training (9mm) — hostile environment close protection
Highfield · ID END1288087
- Issued Feb 2017
Level 3 Award in Firearms Training (5.56/7.62mm) — hostile environment close protection
Highfield · ID END1307869
- Issued Feb 2017
Private Military Contractor
European Security Academy
- Issued Jan 2017
Combined Firearms
European Security Academy