~/cobos.io — zsh — 120×40 session · 0.0s
rendering portfolio · v3.0

cobos::cloud_architect
+ devsecops

Legacy → cloud-native migrations, Kubernetes in regulated sectors, multi-cloud, DevSecOps and FinOps. I build platforms as a product.

eks-prod · eu-west-1argo cd: syncedp95 118ms● healthy
cobos::en //online./contact
01  ·  about
cat ./about.md
Ernesto Cobos
name: ernesto cobos
role: cloud architect · devsecops
loc: mx · utc-6
since: 2017
status: ● online

The platform is the product. Everything else is code looking for a host.

Almost a decade moving critical systems to cloud-native environments. I treat infra as an internal product: SLOs, golden paths, measurable DX.

Today: regulated Kubernetes, end-to-end GitOps, multi-cloud (AWS · GCP · Azure), DevSecOps, AI-ready and FinOps. I build EnkiFlow and GetDecant — SaaS in production.

02  ·  stack
ls -la ./tools | wc -l → 38
COBOS::stack28 TOOLSCloudAWSGCPAzureCloudflarePlatformKubernetesArgo CDFluxTerraformPulumiRuntimeDockerIstioLinkerdEnvoyCodeNext.jsVue/NuxtTypeScriptLaravelDjangoSecurityOPATrivyFalcoVaultSOPSObservabilityPrometheusGrafanaOTelLokiTempo
03  ·  infrastructure
watch -n1 ./status
us-east-1 · multi-tenant SaaS · cellular isolation
topology · aws reference
AWS · us-east-1 · vpc-saas-prod · 10.40.0.0/16EDGEINGRESSPLATFORM · ECS · FARGATEDATASECURITY · ZERO-TRUSTOBSERVABILITYUsers · web/mobileglobal · per-tenantUSERCloudFrontCDN · WAF · ShieldCDNRoute 53DNS · health-checksDNSALBhost-based routingALBAPI Gatewaythrottle · authzAPIGCognitoOIDC · user poolsCOGECS · cell-aFargate · ARM64FAR1ECS · cell-bFargate · ARM64FAR2EventBridgebus · SQS DLQSQSCodeDeployblue/green · canaryCDAurora Serverlessv2 · per-tenant poolPGDynamoDBsession · tenant cfgDDBS3 · per-tenantlake · KMSS3ElastiCacheredis · 3 shardsREDISecrets Mgrrotation · KMSSEC1Shield AdvancedDDoS · responseSEC2CloudWatch · X-Raylogs · tracesOBSLIVE · TRAFFIC1240 rpsp95 122ms · err 0.04%
AWS · us-east-1 · vpc-saas-prod · 10.40.0.0/16
cpu38.0%
memory68.2%
net rps1240
events · last 60s
+12sCodeDeploy · canary api-gateway@v2.41 → green
+24sCognito · MFA enrollment for tenant_842
+47sAurora · scale 8→12 ACU (tenant_217 burst)
+58sWAF · 412 reqs blocked (rate-limit · /v2/auth)
04  ·  showcase · projects
./projects.list (4)

What I'm building right now.

Two SaaS in production and two open-source repos that hold the operation together. Four active fronts.

SaaS · AI time tracking

EnkiFlow

www.enkiflow.com

AI-focused time tracker for builders: analyzes pages, captures context via voice or video, and syncs work across web, desktop, Chrome Extension, and VS Code.

Visit site
SaaS · scent retail

GetDecant

www.getdecant.com

Premium SaaS for perfume retail: touch POS, milliliter-level inventory, per-presentation pricing, and multi-store operation with roles, transfers, and super-admin.

Visit site
OSS · Terraform platform

Infrastructure

github.com/ErnestoCobos/Infrastructure

Local-first IaC repo with official Terraform, Cloudflare DNS, HCP Terraform, Vercel, Supabase, and secrets via 1Password — powering cobos.io, enkiflow, and getdecant.

View repo
OSS · operator console

cobos.io · portfolio

github.com/ErnestoCobos/Portfolio

This very site: single-page portfolio with operator-console aesthetic, Next.js 16, React 19, Tailwind v4, and a dev terminal that mutates the DOM live.

View repo
05  ·  experience
git log --oneline
20162017201820192020202120222023202420252026NOWFull-stack Engineer@agenciesDevOps LeadSenior Cloud ArchitectFounder · Platform@enkiflowCloud Platform Eng.
06  ·  certifications · roadmap
ls ./certs --status

Proof for the work I already ship.

Industry certifications mapped to the platform work I do daily — Kubernetes, multi-cloud, IaC. A roadmap, tracked in the open.

recertifyingCKA

Certified Kubernetes Administrator

Cloud Native Computing Foundationcncf
target · 2026 Q3

Production cluster operations — backs the regulated EKS work I already ship.

prep75%
recertifyingSAP-C02

AWS Solutions Architect — Professional

Amazon Web Servicesaws
target · 2026 Q3

Architect-level credential for the legacy → EKS migrations I lead.

prep60%
recertifyingCKS

Certified Kubernetes Security Specialist

Cloud Native Computing Foundationcncf
target · 2026 Q4

Supply-chain, runtime, OPA/Falco — the DevSecOps angle, signed.

prep40%
recertifyingPCA

Professional Cloud Architect

Google Cloudgcp
target · 2027 Q1

Multi-cloud parity for the AWS+GCP work in flight.

prep25%
08  ·  notes
tail -n 4 ./blog
read more(4 posts)
09  ·  my approach
man cobos

How I work when I take on a project.

pending
01

Diagnostic

Mapping the current system, real debt, and real constraints — not the ones in the wiki.

$ ./diagnose --depth=full
pending
02

Target architecture

Platform design with SLOs, cost, security, and developer experience from day one.

$ ./design --slo --finops
pending
03

Layered migration

Strangler fig pattern, end-to-end GitOps, observability before features.

$ ./migrate --layered
pending
04

Operation and improvement

Runbooks as code, chaos drills, monthly FinOps. The platform evolves — it doesn't freeze.

$ ./operate --improve
method: iterative · evidence-first · slo-bounddeliverables: architecture · IaC · runbooks · DX
010  ·  contact
ssh hola@cobos.io

open
connection.

Audits, target architectures, migrations, internal platforms, FinOps. If the problem is infra and it hurts, drop me a line.

email ernesto@cobos.io
github github.com/ErnestoCobos
li linkedin.com/in/ernestocobos
blog cobos.io/blog
./new-message.sh
● connection alivecobos.io / v3.0 · console$ exit 0 · © 2026 ernesto cobos
enes