:>
Practice · EST. 1997 · Infrastructure ops

Production that shows up when the need does. :>

Keeping production up — bare metal through cloud-native, and every platform shift in between. We build it, break it, and operate it.

Book a consultView runbook
chris@pitzilabs.dev
~/pitzi-labs/runbook.md
build it · break it · operate it
LIVE
icecreamtofightwith.com200 OK · 142ms
ECS Fargate · foundry2/2 healthy
RDS · postgresCPU 73%
terraform apply2h ago · 0 drift
pager0 open
◆ Services

What we'll do for you.

Four things, done well. No frameworks, no decks, no "digital transformation." Just infrastructure you can read, run, and hand off.

01 / PLATFORM

Platform engineering

Greenfield AWS / GCP / Azure builds. Terraform-managed, multi-AZ, least-privilege, observable from day one. Not a single-app deployment — a platform.

TerraformECS FargateOIDCWAFv2
02 / AUDIT

Cost & posture audits

Find the NAT gateway eating your budget. Find the IAM role nobody owns. Find the S3 bucket with 40 TB of forgotten logs. One-page report, no theatre.

AWSIAMCURTrusted Advisor
03 / ONCALL

Incident & on-call

Runbooks, alarms, and rotations that humans can actually live with. Pager hygiene included. SLOs that reflect reality, not aspiration.

PagerDutyCloudWatchSLOsRunbooks
04 / CI/CD

CI/CD & supply chain

OIDC, signed images, plan-on-PR, apply-on-merge. No long-lived credentials anywhere. The blast radius of a compromised pipeline is limited to its scope.

GitHub ActionsOIDCCosignSBOM
◆ Selected work · 2025

Ice Cream to Fight With.

A live production deployment — recipe site for home cooks, built on the Foundry Platform. Not a portfolio piece. A real app, under real load, paying real AWS bills.

Terraform-managed from the root module down. Plan-on-PR, apply-on-merge via OIDC. The blast radius of a compromised pipeline is limited to its scope. Runs on personal money.

icecreamtofightwith.com github.com/PitziLabs
icecreamtofightwith.com/brown-butter
A FUCKING ORDEAL · TIER 3

Brown butter, bourbon, pecan.

A high-wire act of cultural translation. You absolute lunatic. We love you for it.

45 MINCHURNSTOVEPATIENCE
Monthly run cost
$130
multi-env, managed
Cold-start to prod
< 9 min
terraform apply
Uptime (90d)
99.98%
0 paged incidents
IAM blast radius
scoped
OIDC-only, no keys
◆ Operating principles

How we think about production.

The full runbook is longer, drier, and in the repo. These are the six we'd bring into a room on day one.

01

Build it, break it, operate it.

The person who designs the system is the person who carries the pager for it. Otherwise the design is a suggestion, not a commitment.

02

Blast radius over blast capacity.

Least-privilege isn't a checkbox — it's the default. If a compromised pipeline can reach production, the problem is the pipeline, not the compromise.

03

Runbooks beat heroics.

An incident handled by a sleepy engineer following the runbook is better than a hero who remembers. Write the doc. Update it when it lies.

04

Observable from day one.

You cannot operate what you cannot see. Logs, metrics, traces, and a single dashboard a human actually opens. No 'we'll add it later.'

05

Plan on PR. Apply on merge.

Infrastructure changes are code review. OIDC, no long-lived credentials, signed artifacts. The pipeline is the contract.

06

Cost is a posture.

A NAT gateway you forgot about is a security problem. A forgotten log bucket is a compliance problem. Run the audit monthly, not yearly.

◆ About

Twenty-five years carrying the pager.

Built by an infrastructure operations professional with 25+ years of production experience — bare-metal data centers, 24×7 ops, single-homed environments where every decision had physical consequences.

Based: New England, US
Working: remote · async-friendly
Booking: Q2 2026 forward
2023 —PRESENT

Cloud-native bridge

AWS / Terraform / ECS Fargate. Foundry Platform. Moving the discipline without losing the rigor.

2015 — 2023SR. OPS

Production infrastructure lead

24×7 ops. On-call rotations. Incident command. Migrated a regulated workload through three datacenter transitions without a customer-visible outage.

2005 — 2015OPS

Datacenter operations

Bare-metal. Single-homed environments. Every change had physical consequences. Learned what 'production' actually means.

1997 — 2005JR. OPS

Started the pager

First rotation. First outage I caused. First runbook I wrote. Everything since is a refinement.

◆ Contact · POST /consult

Queue's open.

Short engagements, long ones, and one-off audits. If you know what you need, send the repo. If you don't, send the symptoms.

Emailchris@pitzilabs.dev
GitHubgithub.com/PitziLabs
Signalavailable on request
Response< 24h on weekdays
~/consult.sh
<pl:> ./new-consult --your=
<pl:> --email=
<pl:> --scope=
<pl:> --symptoms <<EOF