Scott Baker
Professional Summary
Freelance Rust and C systems engineer specializing in performance-critical infrastructure, post-quantum cryptography, and distributed systems. I solve the hard problems — the ones that require working at the metal level. No garbage collector. No runtime overhead. No abstraction tax.
Three production systems built from scratch, all benchmarked and deployed:
Private, air-gapped document intelligence for law firms and regulated enterprises. PQC vault encryption (ML-KEM-768 + ML-DSA-65, NIST FIPS 203/204). 1.7s query latency on A100. Zero external API calls. Built in Rust across 8 crates.
Masterless Kubernetes alternative in C23. 5 MB control plane. No Docker, no etcd, no YAML. PQC authenticated command mesh. HIPAA/PCI DSS compliant by design.
172M rows/sec on a single workstation. DuckDB C++ extension with PQC functions callable from SQL. Spark/Databricks migration with verified benchmarks. 80%+ cost reduction.
Former information security analyst. HIPAA compliance and HITRUST audit remediation experience. AWS Certified Solutions Architect. Databricks Certified Developer (Apache Spark, Scala). Available immediately. Remote only. Fixed-fee only — no hourly billing, no retainers.
Core Competencies
Rust · C23 · C++ · Scala · Python · SQL · Bash · Nix
ML-KEM-768 (Kyber) · ML-DSA-65 (Dilithium) · NIST FIPS 203/204 · AES-256-GCM · liboqs · RustCrypto
CUDA · ONNX Runtime (CUDA EP) · CUDA Graphs · HNSW Vector Search · BM25 · A100/H100 · sm_86 RTX
UDP Mesh · Masterless Coordination · mTLS · Ed25519 · Tokio async · Axum · WebSocket · HTTP/2
DuckDB · Apache Spark 3.5 (Scala) · Parquet · S3 httpfs · Databricks · Columnar Analytics · ETL
GCP · AWS · NixOS · Arch Linux · Bare-Metal Linux · Sole-Tenant Compute · cgroups v2 · Prometheus
HIPAA · HITRUST · Zero-Trust Architecture · CrowdStrike · CyberArk · Qualys · Vulnerability Mgmt
Leptos (WASM) · rig-core · ort · ml-kem · ml-dsa · aes-gcm · rcgen · rustls · object_store · tokio
Professional Experience
- Architected a complete private RAG pipeline in Rust: three-tier PDF extraction → legal-aware chunking at ARTICLE/SECTION/WHEREAS boundaries → CUDA embedding inference (ONNX Runtime) → hybrid HNSW+BM25 vector search → on-device LLM generation — zero external API calls
- Benchmarked on NVIDIA A100 80GB SXM: 1.7 second average query latency across a 150-document mixed-format legal corpus including handwritten deposition notes via OCR
- Implemented post-quantum vault encryption: AES-256-GCM shards, ML-KEM-768 key encapsulation, ML-DSA-65 signed append-only audit chain — NIST FIPS 203/204
- Built 8 purpose-built Rust crates: ra-rag, ra-gateway, ra-vault, ra-crypto, ra-audit, ra-ingest, ra-ui (Leptos WASM), ra-fabric (UDP mesh)
- Demonstrated 20/20 queries answered with verbatim source citations against NDAs, MSAs, depositions, settlements — zero hallucinations without explicit flagging
- Designed and built skr8tr in C23 — a sovereign masterless alternative to Kubernetes. 5 MB binary vs 600+ MB for Kubernetes. No etcd, no Helm, no YAML, no platform engineer required
- Masterless mesh: no leader election, no single point of failure — any node coordinates; mesh survives loss of any peer
- Post-quantum authenticated command propagation: every instruction signed with ML-DSA-65, verified on receipt — no unsigned command accepted by any node
- Built-in HTTP/2 ingress with TLS termination, Prometheus metrics on every node, cgroups v2 hard resource limits
- No Docker required — deploys native binaries, WASM, and VM workloads directly on infrastructure
- HIPAA / PCI DSS compliance posture built in from day one
- Benchmarked 172 million rows/second — 167M NYC Yellow Cab records, 48 Parquet files, 5 business queries, 971ms wall time. Single workstation. No cluster, no JVM, no Spark
- Authored a DuckDB C++ extension implementing ML-KEM-768 and ML-DSA-65 callable directly from SQL via liboqs 0.15.0 — every deliverable cryptographically signed
- Engineered Spark/Databricks → DuckDB migrations with verified before/after benchmarks: 5–25× performance gains, 80%+ cost reduction
- Built HazyNet: multi-node Apache Spark 3.5 cluster in pure functional Scala for deep benchmarking against DuckDB single-node
- Multi-cloud columnar pipeline design: AWS S3 httpfs, Azure Blob, GCP Cloud Storage — native Parquet, zero-copy reads, no ETL middleware
- Automated enterprise hardware deployments via MS SCCM image creation and push
- Administered Active Directory and Office 365 / Teams for a global user base
- Managed CrowdStrike endpoint protection and CyberArk privileged access management
- Governed VMware Horizon VMs and CCURE physical access control systems
- Restored mission-critical Store Down scenarios under pressure to ensure business continuity
- Supported virtual servers and in-store systems via VNC and Hyper-V remote control
- Engineered a HIPAA-compliant on-site medical records retrieval system with secure client portals
- Led HITRUST certification audit remediation and HIPAA compliance initiatives firm-wide
- Analyzed security posture using Qualys; led intrusion detection audits and firewall configuration
- Orchestrated vulnerability management and patch cycles across the full server fleet
- Advanced to Level 3 Linux support; configured VPS environments on PLESK for 120+ client accounts
- Managed WordPress architecture, security hardening, and VPS configuration at scale
Certifications
Education
Contract Engagement Terms
| Service | Engagement | Fee |
|---|---|---|
| Sovereign RAG / AI Platform (GCP) | Full build & handoff | $100,000 flat |
| Sovereign RAG / AI Platform (On-Prem) | Full build & handoff | $125,000 flat |
| skr8tr Web Orchestration | Project-scope deployment | Custom quote |
| Rust / C23 Systems Engineering | Scoped project, fixed deliverables | Custom quote |
| DuckDB — Data Lake Audit | 1 week, signed report | $2,500 flat |
| DuckDB — Pipeline Migration | 2–3 weeks | $5,000–$12,000 flat |