HomeServicesCase StudiesInsightsAboutBook a free review

Home / Case Studies

Case studies

Things I've actually done.

All of this comes from my years as a sole platform engineer. I've left company names out for the usual professional reasons, but I'm happy to provide references if you want to check any of it.

FinOps · AWS Cost Optimisation01 / 05−27% AWS spend

Cutting an Australian SaaS company's AWS bill by 27%

Challenge

Five years of ship-it-now growth had turned the account into a landfill: no tagging, no cost allocation, no owner. EC2 fleets ran 24/7 for workloads that only saw traffic in business hours, RDS was sized for peaks that happened twice a year, and a large slice of EBS was billing away attached to nothing. Nobody could answer the only question that mattered — “what does a customer actually cost us?”

Approach

Pulled twelve months of CUR data into Athena and rebuilt spend bottom-up by service and tag. Then a staged programme, safest first: instance right-sizing and scheduling, gp2→gp3, idle-resource cleanup — then the architectural work, batch onto Spot and cold data tiered to S3 Intelligent-Tiering. Savings Plans and RIs came last, deliberately. I don't lock in a commitment until the architecture underneath it has stopped moving.

Result

27% off the annual bill, sustained — not a one-month dip. Every change shipped as Terraform with zero customer-facing downtime, and the team still runs the monthly cost review I set up. Cost-per-customer went from a shrug to a number they can quote.

EC2RDSS3 Intelligent-TieringSpotSavings PlansCUR + AthenaTerraform
ISO 27001:2022 · ISMS02 / 05Passed no major NCs

Zero to certified: an ISMS through a passed external audit

Challenge

A SaaS business was losing enterprise deals at the security-questionnaire stage. They needed ISO 27001:2022 but had no ISMS, no policies and no evidence trail — and no appetite to grind engineering to a halt for a year of compliance theatre.

Approach

Scoped the ISMS to what actually mattered, ran the risk assessment, and wrote a Statement of Applicability against the 93 Annex A controls — justifying every include and exclude. Controls were built into how the team already worked: branch protection and mandatory review as change management, IaC as the config baseline, GuardDuty and CloudTrail as detective controls. I ran the pen-test programme end to end and collected evidence as a by-product of normal work, not a fire-drill the week before the audit.

Result

Passed Stage 1 and Stage 2 with no major non-conformities. The security questionnaire stopped being a deal-blocker — and because the ISMS maps cleanly onto SOC 2, none of the work is wasted if a buyer asks for that instead.

ISO 27001:2022Annex A controlsRisk assessmentGuardDutyCloudTrailPen-test programme
SaaS Governance · Vendor Lifecycle03 / 05$72k /yr back

Taming a 60-application SaaS estate — $72k/year back

Challenge

Sixty-plus SaaS subscriptions had accreted over the years with no owner and no lifecycle. Duplicate tools doing the same job, seats billed for people who'd left, auto-renewals nobody tracked — and, worse, leavers who still had live logins, which the ISO 27001 audit flagged as an access-control finding.

Approach

Full inventory first — every contract, renewal date, owner and monthly cost in one register, reconciled against the SSO logs and the actual bank statements. Then I rationalised: killed the duplicates, reclaimed dormant seats, put a business owner on every surviving tool, and wired SSO deprovisioning into the HR leaver process as a hard step rather than a courtesy.

Result

$72,000/year in SaaS spend eliminated and every audit-flagged offboarding gap closed. Renewals now land on a calendar with an owner attached, instead of ambushing someone on the invoice.

SSO / IdPAccess reviewsRenewal registerOffboarding automation
Platform · Serverless Migration04 / 05Minutes to onboard

Replacing legacy on-prem file transfer with serverless AWS

Challenge

Enterprise partners exchanged files over an ageing on-prem SFTP box — a single point of failure, a patching liability, and the one server nobody wanted to be on call for. One failed disk away from a very awkward round of partner phone calls.

Approach

Rebuilt it on AWS Transfer Family fronting S3, with per-partner IAM isolation so no partner could ever reach another's prefix. File arrival fires an S3 event into Lambda for validation and downstream processing, with a dead-letter queue for anything malformed. All of it in Terraform — so onboarding a new partner is a merge request, not a ticket and a lost afternoon.

Result

Legacy servers decommissioned, the on-call surface shrunk, and a pay-per-use platform that scales with partner volume instead of a fixed box we had to over-provision “just in case.” Partner onboarding went from days to minutes.

AWS Transfer FamilyS3LambdaEventBridgeIAM per-tenantTerraform
CI/CD · Zero-downtime Migration05 / 050 releases missed

Migrating CI/CD off a legacy platform without missing a release

Challenge

Builds and deploys ran through a self-hosted CI server that was well overdue for retirement — flaky, licence-heavy, and dependent on hand-maintained build agents only one person fully understood. Retiring it without dropping a release was the whole game.

Approach

Rebuilt the pipelines on Bitbucket Pipelines with AWS CodeDeploy and S3 for artifacts. Migrated service by service, running old and new in parallel and cutting each over only once its new pipeline had proven green on real deploys. Rollbacks were made boring — versioned artifacts and a one-command revert — so a bad deploy became a non-event.

Result

Simpler, more reliable pipelines, licence costs gone, build agents retired — and not a single release missed across the entire migration. The bus-factor-of-one problem left with the old server.

Bitbucket PipelinesAWS CodeDeployS3 artifactsBlue/greenAutomated rollback

All results delivered personally, as the sole platform engineer responsible · anonymised out of professional confidentiality

Want results like these?

It starts with a free half-hour cost review. I’ll tell you what I’d expect to find in your account before you spend a dollar.

Book a free cost review