Dustin Winkler

• Built AI-powered Rubrik observability platform monitoring 3,000+ weekly backup jobs across five global sites (Israel, Poland, Costa Rica, Mexico, US). Three-phase serverless framework on Azure Functions using a two-consecutive-failures algorithm to filter transient from persistent failures. 1,000+ lines of Python, seven Azure objects in IaC, dedicated Azure OpenAI instance for internal data compliance, ServiceNow integration for automated ticket creation. Six weeks of development.
• Architected Claude Code Azure deployment wizard accelerating internal Terraform adoption. Drives six validated Microsoft Azure Verified Modules across Dev/Staging/Production with nightly CI/CD drift detection. 31 commits, 14 full destroy/redeploy cycles, 24 hours of autonomous testing. Zero test failures at completion. Built in one week.
• Internal AI enablement speaker (Feb 2026) to 200+ attendees, Senior VP to engineers. Sessions: Not a Developer, Not a Problem and Parenting Young Sheldon: All Knowledge, No Context.
• Established FinOps governance across AWS and Azure. Identified and eliminated storage tier waste; implemented Azure Policy guardrails for tagging, allowed resources, and external access controls. Developed CIS-aligned Azure risk register and JavaScript IaC creation utility.
• Led Rubrik global rollout across five sites. Migrated petabyte-scale workloads from Commvault with zero data loss; deprovisioned Commvault and established global data protection SLA and naming standards.
• Headed global hardware refresh using Dell Blades and NetApp storage across three global sites. Defined network mapping requirements (trunk, VLAN, bonding) and led chassis configuration and VMware installation.

• Architected data protection solutions across dedicated, hybrid, private, and public cloud using Commvault, Veeam, and Avamar
• Built global solution protecting 1,200+ endpoints across remote retail locations
• Migrated 13 public cloud data centers from Veeam to Commvault
• Designed multi-tenant managed backup product offering; deployed to production and transitioned to service delivery
• Developed O365 data protection standard using multi-tenant Commvault architecture
• Built compliant private cloud for state agency requiring airgap separation
• Configured VMware NSX for public-facing solutions; coordinated trunking, VLAN, and storage connectivity

Customer-facing technical lead across Commvault, Veeam, Avamar, Backup Exec, and Data Domain platforms. Technical lead for largest customer environments; point of escalation for the team. Trained and mentored junior engineers; created the Level I/II/III promotional path framework. Built automated billing reports using SQL.

Architected and deployed the infrastructure refresh for Raleigh/Wake 911 and Raleigh Police Department, migrating from 10 physical servers to 200+ VMs on SAN via ESX 3.5. Stood up the DR 911 center and established annual failover procedures. Technical consultant for Raleigh Police, Fire, and EMS departments.

• GPS-based emergency services routing recommendations
• Computer voice dispatch for Fire/EMS with standardized radio formatting
• Read-only E911 CAD consoles in all Wake County Fire/EMS stations (pre-dispatch alerting reduced en-route response times)
• Single in-car MDC software unifying Police, EMS, and Fire field communications without dispatcher relay

Production AI operations methodology for enterprise and regulated infrastructure. Live system at awacs.ai: 62 Class A knowledge base entries across five domains, 80 gate decisions on record, 31 automated checks enforced per session, 7/7 hard rules blocked by exit(2). Four public repositories on GitHub.

Embedded in an enterprise environment running a 4-node Azure Local cluster hardened with Windows Defender Application Control in enforced mode. Only remote access path: Azure Arc SSH tunneled through the Azure control plane. The backup vendor's own documentation prescribed the wrong tool (CiTool.exe), which the HCI Orchestrator silently reverts every 90 minutes. AI cross-referenced Microsoft's platform documentation, identified the conflict, resolved it correctly using Add-ASWDACSupplementalPolicy, and encoded the finding to persistent memory. Solved a novel file transfer problem (31 MB MSI, no SCP, no PSSession, no shared file system) by discovering base64 stdin pipe through the Arc SSH tunnel was the only working path. Delivered a 7-phase deployment plan with rollback at every phase, working agent installation, validated WDAC policy cluster-wide, and a repeatable runbook for remaining nodes.

• Knowledge Trust Pipeline: Three-tier knowledge architecture: Class A (execution-validated), Class B (primary-source vendor docs), Class C (community-sourced). Every fact must pass an execution chain producing measurable output before earning trust. A graveyard log captures demoted knowledge for drift detection.
• PreToolUse vs PostToolUse Enforcement: Empirically proven across 256 assertions and three intentional violations: PostToolUse hooks detect after the write completes; PreToolUse hooks prevent the write from happening at all. Exit code 2 blocks the operation entirely.
• Governance Stack: Five-layer enforcement architecture: infrastructure, CLAUDE.md advisory rules, PreToolUse hooks as deterministic enforcement, trust-tiered knowledge as validation backbone, and graveyard/drift detection. Advisory guidance alone is not governance.
• Compounding Session Arc: Session 1: no access, no documentation, no working knowledge. Session 8: live VM restores with validated rollback. Each session's safety rules and findings encoded into configuration before the next session starts.
• Build, Validate, Explain: Custom AI tooling for specific environments. Pre-deploy test suites that catch silent failures before production. A knowledge layer that accumulates intelligence instead of losing it when people leave.

Analyzer and Librarian agents operate with distinct roles. The Analyzer classifies knowledge candidates and recommends trust tiers. The Librarian runs a 5-question admission gate on every candidate before Class A admission. Both agents reason independently; disagreements are recorded verbatim in append-only JSONL. The brake system fires exit(2) before destructive commands execute with SHA-256 tamper-evident event logging. The brake blocked its own commit message when the message body contained a matched destructive pattern.

Python/Flask system integrating Claude API to infer hidden supplier relationships across three supply chain tiers. Seven-stage pipeline with ERP data ingestion, AI-powered T1/T2/T3 supplier inference, financial impact calculations, and scored mitigation strategies. Approximately 11,000 lines of Python, 12 API endpoints, executive dashboards with Plotly network visualizations, multi-company support.

AI systems for federal GOVCON and regulated environments. GovCON AI-powered shredder and contract proposal writer providing BID/NO-BID decision support with Shipley-method proposal creation and review. SAM.GOV integration for opportunity analysis. Zero-fabrication architecture with human-in-the-loop validation. Multi-agent system for document analysis and risk assessment. 200+ hours of development; production deployment.