About
I'm a strategic infrastructure leader based in Torrance, California, currently serving as Supervisor of Systems Administration at Hypermedia Systems. I specialize in modernizing legacy environments into cloud-native, containerized infrastructure that scales.
My work spans the full infrastructure stack — from bare-metal Proxmox clusters and VMware virtualization to multi-cloud Terraform deployments, end-to-end observability with the LGTM stack, and zero-trust network security with Palo Alto and Cloudflare WAF.
I also build and ship my own products — most recently SafeScribe, a privacy-first report drafting app that runs LLM inference entirely in the browser — and I integrate generative AI tooling (Claude Code, MCP servers) into SRE workflows to accelerate root-cause analysis and automation.
Skills
Cloud & IaC
- Terraform
- Ansible / Semaphore
- AWS (VPC, EC2, IAM)
- GCP
- n8n workflow automation
- Cloudflare Workers / Wrangler
Containers & Orchestration
- Docker / Docker Compose / Swarm
- Kubernetes (k3s / Rancher)
- Container image builds & registries
- Proxmox + Ceph
- VMware / vSphere (~200 VMs)
- OpenVZ / LXC
CI/CD & GitOps
- GitHub Actions
- ArgoCD / GitOps
- Helm charts
- HashiCorp Vault
- cert-manager
- Multi-arch image builds / GHCR
Observability
- Grafana / Loki / Tempo / Mimir
- Prometheus / OpenTelemetry
- Self-hosted Dynatrace
- Wazuh SIEM
- Nagios / ElasticSearch
Security & Networking
- Citrix ADC load balancers
- Cloudflare WAF / CDN / DNS
- Palo Alto Firewalls
- PKI (StepCA / cfssl)
- Infoblox DNS / IPAM
- Certbot / Let's Encrypt
Streaming & Services
- WebRTC / Wowza Streaming Engine
- NGINX / Apache
- Node.js / PM2
- MySQL / NetApp ONTAP
- Redis / GitLab (self-hosted)
Leadership & AI
- SRE team supervision
- Sprint planning & mentorship
- Claude Code / Claude API
- Gemini API / MCP servers
- GenAI workflow integration
Projects
SafeScribe
safescribe.mai.style ↗Local-first, privacy-focused report drafting tool for school psychologists, medical, and legal professionals. Client records live in an in-browser PostgreSQL database and AI drafting runs entirely on-device via WebGPU — sensitive data never touches a server.
Kubernetes GitOps Platform
Self-managed k3s platform running ArgoCD, HashiCorp Vault, cert-manager, and Cloudflare Tunnel — all deployed and reconciled from Git. GitHub Actions pipelines build multi-arch container images to GHCR; ArgoCD promotes them through staging → production environments via GitOps.
rchurro.com
www.rchurro.com ↗This site — hand-built with zero frameworks and served from Cloudflare Workers through a staging → production branch pipeline. Hardened with strict Content Security Policy headers, with DNS, TLS, and Zero Trust access all managed in Cloudflare.
Experience
Supervisor of Systems Administration
- Leading migration of production services from Docker Swarm to HA Kubernetes (k3s/Rancher) with Ceph distributed storage
- Architected multi-cloud (AWS/GCP) environments with Terraform, managing VPC peering, subnets, and security groups
- Coordinating multi-cluster Citrix ADC load balancer migrations (cadc100/130/200/230) with zero-downtime content switching
- Deployed full LGTM stack (Loki, Grafana, Tempo, Mimir) as centralized observability platform; authored custom dashboards for golden signals and web logs
- Built internal PKI with StepCA, automating SSL/TLS renewals via Certbot, Kubernetes cronjobs, and Terraform across Citrix ADC clusters
- Managed 190+ Cloudflare DNS records, WAF rules, and managed rulesets across multiple brand zones
- Automated whitelabel site provisioning (DNS, Cloudflare zones, content switching) via Terraform
- Deployed Wazuh SIEM and managed Palo Alto Firewalls; patched production CVEs across app server fleet
- Managed hybrid virtualization: VMware/vSphere (~200 VMs) and Proxmox cluster with Ceph
- Integrated Claude Code, Claude API, and MCP servers into SRE workflows for root-cause analysis and automation
- Modernized production streaming from legacy Flash to WebRTC using Wowza Streaming Engine
Manager of System Administration → Senior SysAdmin → Support Engineer
- Managed global Proxmox virtualization clusters with NetApp SAN, Ceph storage, and OpenVZ/LXC
- Directed production release cycles with twice-weekly deployments across multi-tenant VoIP/SaaS environments
- Engineered HA storage with dual-controller NetApp SAN shelves
- Administered Asterisk configurations, SIP proxies, and VPN tunnels for multi-tenant VoIP infrastructure
IT Consultant
- Managed Microsoft server environments (AD, DNS, DHCP, Exchange, Forefront TMG) and SMB firewalls
- Supported remote users and administered backup and endpoint protection solutions
Certifications
Contact
Open to platform engineering, SRE, and infrastructure leadership opportunities.