Available · Booking Q3
I'm Mat Strommen — an independent platform & AI engineer. I put AI agents into your dev workflow without the chaos, cut what you're overpaying for cloud, and leave behind infrastructure your team can still read six months from now.
20–30% cloud spend cut 60–70% faster CI +50% team velocity with AI
Claude and GPT agents wired into CI and code review without the YouTube-tutorial energy. Scoped autonomy, regex guardrails before LLM judgment, eval harnesses, and trace coverage so cost and drift don't surprise you. Up to +50% team velocity, no new headcount.
FinOps that pays for the rest of the work. Right-sizing, savings plans, ephemeral CI workers, and LLM spend controls baked into the platform so cost discipline is enforced, not hoped for. Typically 20–30% off the monthly cloud bill.
k8s/k3s and EKS clusters, Terraform that converges, GitOps delivery,
and pipelines that finish in minutes — deterministic guardrails,
no allow_failure: true hiding broken tests.
The foundation the AI layer runs on. HIPAA/NIST-ready when the
vertical needs it.
Sometimes the right answer is a half-day conversation, not a three-month engagement. Architecture reviews, AI-adoption strategy, cost audits, on-call paging sanity checks — billed by the hour, no retainer.
Not a team of strangers cycling through Slack. You get the engineer who reads your code, writes the manifests, and is on the call when it deploys.
Terraform plans you can read, Ansible that converges, kubectl-applied manifests checked into git, secrets in a vault. Reproducibility is the only useful definition of "done."
Regex catches DROP TABLE. Prompts don't.
Probabilistic safety is fine for suggestions, never for actions
that touch production data.
Type checks, manifest validation, no deleted tests, no skipped CVEs. The pipeline says no before main does.
Read-only → draft PRs → fix-on-command → auto-merge for patches. Agents climb the ladder by being right, not by being promised. They get demoted on the first incident.
Every engagement ends with a runbook, a diagram, and a person on your team who can keep going. The goal is for you to stop needing me.
IaC repo Everything that touches production is committed first. Terraform plans, Ansible roles, Kustomize overlays. If it's not in this repo, it doesn't ship.
CI gate
Deterministic checks before anything else. Regex catches DROP TABLE, manifest validation catches typos, tests run on MRs not after merge.
Cluster Manifests applied by a GitOps controller. State is reproducible from this branch — no clickops, no out-of-band changes.
Agent loop LLM agents climb an autonomy ladder: read-only → draft MRs → fix-on-command → auto-merge. Demoted on the first incident. Every step traced.
Me, briefly I set this up so it keeps working without me. Every engagement ends with a runbook, a diagram, and a person on your team who can keep going.
Tell me what you're working on. I read every message; if it's a fit I'll reply within two business days with either a yes, a no, or a useful pointer if I'm not the right person.
Smallest engagement: a single half-day advisory call. Largest: roughly three months of focused platform work. No retainers, no agencies-of-record.
hello@strommen.systems