Skip to content

Mission Critical Engineer · Security & Infrastructure · Product Engineering

Carlos Ulloque

Engineering for systems where downtime, data loss, and recovery time have real consequences. The work here covers operating Oracle infrastructure under pressure, designing for graceful degradation, and keeping trust and exposure deliberately small.

Read technical notes View projects
About Labs Uses

Focus areas

What the work focuses on

Practical engineering, shared without exposing private systems, clients, or personal data.

Focus

Mission Critical Systems

Continuity and recovery for systems that have to keep running. Designed around failure domains and the path back to service, not just the path that works.

Focus

Security & Infrastructure

Secure defaults, explicit trust boundaries, and a smaller blast radius. Access and privacy decided before they turn into incidents.

Focus

Product Engineering

Software built under real constraints. Controlled complexity, clear ownership, and behavior that stays predictable as it grows.

Recent notes

Field notes from operating real systems

Oracle infrastructure, recovery, and access control — written from incidents and operations, not theory.

Notes

Designing private routes with Zero Trust

What Cloudflare Access actually gates, where the bypass gaps are, and the misconfigurations that quietly leave a route open.

Notes

Cloudflare Access, Java, and JWT validation

Validating Access identity at the origin, with the origin locked down so the gate cannot be bypassed.

Notes

Client-side encrypted systems

Designing so the server holds ciphertext it cannot read — and being honest about the recovery tradeoffs that creates.

Featured projects

Projects built to reduce trust and exposure

Architecture concepts that keep central trust minimal and responsibilities isolated. Experiments stay separate, in labs.

Project

DontTell

Sharing where the key never reaches the server. Central trust stays minimal and stored data is short-lived by design.

Project

Vault

Storage where the provider cannot read the contents. Local ownership of keys, explicit recovery, and no hidden escrow.

Lab

Zero Trust access experiments

Comparing access models for private routes — where each one actually gates traffic, and where it only appears to.

Philosophy

Failure modes come first

Principles from operating systems where degradation and recovery have consequences.

Operating principles

  • Decide how it fails before deciding how it scales.
  • Keep controls simple enough to operate correctly at 3AM, under pressure.
  • Reduce surface area and complexity — smaller blast radius, fewer surprises.
  • Favor recovery and predictable behavior over theoretical completeness.