I am a hands-on CTO and Principal Software Architect with over 12 years of experience building security-critical fintech and identity platforms, often under strict regulatory, scale, and delivery constraints. My work sits at the intersection of modern platform engineering, advanced cryptography, and enterprise AI.
Platform & Architecture Leadership
I specialize in systems where failure is not an option. Over the past decade, I have designed, built, and operated multiple fintech platforms from the ground up across Asia. My architectural work spans high-throughput digital payments, distributed ledger technologies, and national-scale identity systems.
I focus on bridging the gap between legacy banking constraints—such as ensuring flawless operation on older mobile operating systems—and bleeding-edge architectural patterns. My technical foundation is built on modern Java, Spring Boot, and GraalVM. I have engineered standardized core frameworks that power PCI-aligned enterprise microservices, backed by robust cloud-native infrastructure using Kubernetes and Ansible.
Security as a Platform Problem
I approach identity and security as platform-level problems that must align with regulation, audits, and operational reality. Security is not a feature; it is the fundamental architecture.
In a world of increasing credential theft, I advocate for cryptographic intent verification and phishing-resistant authentication. Having independently designed and certified a full FIDO2/WebAuthn server with a 100% functional pass rate, I focus on delivering bank-grade MFA and secure transaction approval flows that are genuinely resilient.
Building for the Future
My current focus is divided into two forward-looking architectural challenges. First, I am deep into the practicalities of Post-Quantum Cryptography (PQC) transition planning, deploying hybrid cryptographic schemes (ML-KEM/ML-DSA alongside RSA/ECC) to protect long-lived financial data against future quantum threats.
Second, I am actively designing on-premise, privacy-first Retrieval-Augmented Generation (RAG) services. By utilizing local high-parameter AI models, I apply AI to enterprise and compliance-heavy workflows securely, augmenting developer productivity without exposing proprietary data to external APIs.