In 2026, “moving to the cloud” is no longer the goal—governance and architectural integrity are. For Canadian and US-based SaaS companies, the challenge isn’t just about deployment; it’s about navigating data residency, eliminating security debt, and building a foundation that scales without tripling your operational toil.
As a Principal Architect, I provide the strategic oversight that mid-market firms and startups often lack. I don’t just “manage” your cloud; I engineer your “Paved Road” to production.
I founded Buoyant Cloud because I saw too many organizations struggling with “Day 2” operations—complex GKE clusters they couldn’t manage, sprawling IAM permissions, and rising costs from idle infrastructure.
With a background in Serverless Cloud Architecture, DevSecOps, I act as a fractional Principal Architect for my clients. I specialize in taking high-level business requirements and translating them into hardened, automated GCP environments. When you work with me, you aren’t getting a junior consultant following a checklist; you are getting direct architectural intervention.
I design your “Golden Gate”—a landing zone that is secure by default.
Data Residency: I enforce Organization Policies to lock resources to northamerica-northeast1 (Montreal) or us-central1 (Iowa) to meet PIPEDA or SOC2 requirements.
VPC Service Perimeters: I build virtual walls around your most sensitive data (BigQuery, Vertex AI) to prevent exfiltration.
Static Service Account keys are a liability I eliminate on Day 1.
Workload Identity Federation (WIF): I migrate your CI/CD pipelines (GitHub/GitLab) and GKE workloads to OIDC-based, keyless authentication.
Zero-Trust: Implementing Identity-Aware Proxy (IAP) to protect internal tools without the friction of a VPN.
I help you choose the right compute model for your 2026 roadmap.
Cloud Run: Architecting scale-to-zero microservices that minimize cost and maximize velocity.
GKE Autopilot: Hardening Kubernetes clusters with Binary Authorization and fine-grained Network Policies.
I navigate the nuances of the US CLOUD Act vs. Canadian Privacy Laws. I help you design architectures that satisfy local data residency mandates while maintaining global performance.
| Feature | Legacy Agencies | My 2026 Standard |
| Identity | Managed Service Keys | Keyless / WIF Only |
| Networking | Basic VPC Peering | Hub-and-Spoke / NCC |
| Provisioning | Manual “Click-ops” | 100% Terraform (IaC) |
| Security | Reactive Patching | Proactive Guardrails & Org Policy |
Building a SaaS platform on a fragile foundation is a long-term liability. I help Canadian and American engineering teams reclaim their GCP strategy, eliminate technical debt, and build for the next decade of scale.
Ready to start your GCP Cloud journey?
Schedule a 1:1 Architectural Review to identify gaps in your current Landing Zone or Security posture.
Yes. I specialize in configuring Google Cloud environments that meet strict Canadian data sovereignty requirements. I implement Resource Location Restrictions via Organization Policies to ensure your data stays within the Montreal (northamerica-northeast1) or Toronto (northamerica-northeast2) regions, helping you maintain compliance with PIPEDA and provincial regulations.
I focus on “Day 2” operational efficiency. By migrating legacy VM workloads to Cloud Run (Serverless) or GKE Autopilot, I help startups implement “scale-to-zero” architectures. This ensures you only pay for the compute power you actually use, often reducing monthly cloud spend by 30-50% while improving scalability.
While PIPEDA doesn’t strictly forbid data from leaving Canada, many of my clients—especially in Fintech and Healthcare—require strict data sovereignty to avoid the reach of foreign laws like the US CLOUD Act. I specialize in architecting “Sovereign-First” Landing Zones. By implementing GCP Organization Policy Constraints, I lock your resource deployment to Canadian regions (northamerica-northeast1 and northamerica-northeast2). This ensures that sensitive PII never leaves Canadian soil, satisfying both local compliance and enterprise procurement requirements.
I implement a “Shift-Left” DevSecOps approach using GitHub Actions and Google Artifact Registry. Instead of waiting for a manual security audit at the end of the month, every code commit undergoes automated Container Analysis. We scan for OS vulnerabilities and secret leaks (like API keys) before the image ever reaches Cloud Run. This ensures that only “verified-clean” code enters your production environment, reducing the risk of breaches while maintaining a high deployment velocity.
