heyvaldemar/heyvaldemar

### What I Do Every architecture recommendation backed by production experience. 20+ years designing and delivering cloud infrastructure at Amazon, IBM, Thales, and a Series D data platform serving Fortune 500 clients. I design scalable systems and publish what I learn — reference architectures for container security, AI governance, and platform engineering used by practitioners worldwide. ### Recognition *Docker CEO on my contributions to the ecosystem* ### Published Work *Selected publications on vendor platforms* - **Docker Official Blog:** [The Untrusted Autonomous Workload: How AI Coding Agents Reshape What Isolation Has to Do](https://www.docker.com/blog/untrusted-autonomous-workload-ai-sandboxes/) - **Docker Official Blog:** [How to Build, Run, and Package AI Models Locally with Docker Model Runner](https://www.docker.com/blog/how-to-build-run-and-package-ai-models-locally-with-docker-model-runner/) - **Docker Official Blog:** [Testcontainers Cloud vs Docker-in-Docker for Testing Scenarios](https://www.docker.com/blog/testcontainers-cloud-vs-docker-in-docker-for-testing-scenarios/) - **Docker Official Blog:** [Master Docker and VS Code: Supercharge Your Dev Workflow](https://www.docker.com/blog/master-docker-vs-code-supercharge-your-dev-workflow/) - **Docker Official Blog:** [Mastering Docker and Jenkins: Build Robust CI/CD Pipelines](https://www.docker.com/blog/docker-and-jenkins-build-robust-ci-cd-pipelines/) - **Docker Official Blog:** [How to Dockerize a React App](https://www.docker.com/blog/how-to-dockerize-a-react-app/) - **Docker Official Blog:** [Dockerize WordPress: Simplify Your Site's Setup and Deployment](https://www.docker.com/blog/dockerize-wordpress-simplify-your-sites-setup-and-deployment/) - **Docker Official Blog:** [8 Top Docker Tips & Tricks](https://www.docker.com/blog/8-top-docker-tips-tricks-for-2024/) - **Docker Enterprise Case Study:** [Accelerating AI Infrastructure at Ataccama](https://www.docker.com/customer-stories/ataccama) - **Docker Enterprise Case Study:** [25% Cost Savings via Container-First Strategy](https://www.docker.com/customer-stories/beauty-giant) - **Docker YouTube:** [Why 'latest' Broke Our Staging](https://www.youtube.com/shorts/8I3eRoc6exA) · [Use Docker Scout to Catch Prod Bugs](https://www.youtube.com/shorts/DDDwoIhHRxs) - **Cypress Blog:** [Cypress in the Age of AI Agents](https://dev.to/cypress/cypress-in-the-age-of-ai-agents-orchestration-trust-and-the-tests-that-run-themselves-43go) - **Cypress Blog:** [Docker + Cypress: Perfecting E2E Testing](https://dev.to/cypress/docker-cypress-in-2025-how-ive-perfected-my-e2e-testing-setup-4f7j) - **Cypress Blog:** [Cypress Test Replay: The Ultimate Guide to Time-Travel Debugging](https://dev.to/cypress/cypress-test-replay-in-2025-the-ultimate-guide-to-time-travel-debugging-4kk7) - **Book:** [Technical Editor — "Docker and Kubernetes Security"](https://www.dockersecurity.io/) - **Open Source:** [50+ production-grade Docker Compose blueprints](https://github.com/heyvaldemar) · [500,000+ Docker Hub pulls](https://hub.docker.com/u/heyvaldemar) ### Engineering Standard *Formalized supply-chain hardening program for public deployment-template repositories* **[Self-Host Repo Hardening Runbook](https://github.com/heyvaldemar/self-host-repo-hardening-runbook)** — a 7-phase program that brings deployment-template repositories to a supply-chain-hardened baseline: commit-SHA-pinned GitHub Actions with per-job permissions, digest-pinned upstream images with Dependabot auto-bumps, OpenSSF Scorecard, CI linting, Trivy upstream scanning. **Reference implementations — two repository shapes, one hardening rigor:** | Repository | Shape | Supply-chain surface | | :--- | :--- | :--- | | [aws-kubectl-docker](https://github.com/heyvaldemar/aws-kubectl-docker) | Image-publishing | Cosign keyless signing · SBOM (SPDX) · SLSA build provenance · Trivy SARIF · digest-pinned base · OpenSSF Scorecard | | [keycloak-traefik-letsencrypt-docker-compose](https://github.com/heyvaldemar/keycloak-traefik-letsencrypt-docker-compose) | Deployment template | Digest-pinned upstream images · Dependabot auto-bumps · CI weekly deployment smoke · lint + Trivy scan · OpenSSF Scorecard | Same hardening rigor rolling out across remaining deployment-template repositories — rollout status tracked in the [runbook README](https://github.com/heyvaldemar/self-host-repo-hardening-runbook). ### Production Background *20+ years of enterprise infrastructure architecture across 3 countries* Sole architect and technology leader for North American operations at a Series D enterprise serving Fortune 500 clients. Designing scalable cloud architecture on AWS for enterprise accounts: container orchestration, zero trust governance, AI-augmented platforms, multi-region infrastructure. Previously: Amazon, IBM, Thales. Designed disaster recovery architecture at scale, distributed systems across continents, reliability engineering for deployments processing millions of requests per minute. Every architecture decision I publish is backed by production experience.