About
I’m Roel de Cort, a Senior DevOps consultant and engineer based in the Netherlands.
I work mostly with platform engineering, infrastructure automation, Kubernetes, GitLab, Terraform/OpenTofu, Vault/OpenBao, observability, and infrastructure security. In a consultancy context that means a mix of architecture, implementation, technical review, documentation, and security-focused design work for customer teams.
A lot of my work starts with a fairly simple question: how will this behave once people actually have to run it?
That question pulls the rest in pretty quickly: where the trust boundaries are, which failure modes nobody has thought through yet, and which parts an auditor or platform team will push back on six months in. Most of my design and review work is built around answering those, not around best-practice lists or vendor checkboxes.
Where I have the choice, I lean toward open-source tooling. Behaviour is easier to reason about when the code is readable, and platforms tend to age better when they are not tied to a single vendor’s roadmap.
What I Work On
- GitLab CI/CD, RBAC, custom roles, and compliance automation at scale
- Terraform and OpenTofu workflows for infrastructure and platform code
- Kubernetes platforms, controllers, and operators, including the OpenBao Operator
- OpenBao and Vault patterns: least privilege, short-lived identities, fail-closed defaults, explicit trust boundaries
- Infrastructure security review and architecture validation
- Observability and operational feedback loops
- Virtualization platforms, including Harvester and SUSE Virtualization
- Platform engineering and internal developer platforms
What I Write About
This site is where I keep technical notes that turn out to be useful beyond a single customer engagement. A lot of them are design writeups or threat-model notes. The rest tends to be implementation observations or research on something I am working through in more depth.
What ties most of it together is the gap between “this works” and “this is something a team can safely depend on.” I try to write for the operator who has to keep it running, the security reviewer who has to defend it, and the platform team that has to make it scale across many users without losing track of what is happening inside.