Pin-Feng (Bin) Hsu

Senior Software Architect

15 years across embedded Linux edge systems and AWS cloud infrastructure. End-to-end platform ownership spanning C/C++ devices deployed in 120+ countries to a multi-account AWS environment serving millions of requests per day.

Berlin, Germany · Open to Relocate Across Germany AWS Certified Solutions Architect — Professional (2026) Chancenkarte — In-Country Blue Card Conversion · Available Upon Contract
GitHub
Open-source & portfolio
Bin's Lab
Field reports & experiments
LinkedIn
Experience & connections
YouTube
BH Daily POV
Portfolio — Aegis Prompter

Stay composed when ambushed with surprise detail questions

A real-time prompting system for executives and speakers — transcribes the conversation live, retrieves the exact fact you need from your own knowledge base, and surfaces it on your screen within half a second so you respond calmly instead of freezing.

Aegis-Prompter — V1, LAN Shipped

Proof of concept built in 2 days. Zero-latency teleprompter on a single Mac. Apple Silicon NPU transcription, vector-semantic RAG (pure numpy, no external DB), and a multi-role web UI where staff inject tactical cues into the speaker's display in under 0.5s.

Python MLX-Whisper Sentence Transformers Streamlit Apple NPU

V2 — Four-tier multi-repo GitOps Near Production

Industry-aligned split across four tiers, each with its own repo and ownership boundary:

Repo Stack Industry name Tier
aegis-landing-zone-aws Organizations · OUs · SCPs · Identity Center · GitHub OIDC · security baseline Landing Zone (AWS Control Tower) Account fabric
aegis-platform-aws EKS + Karpenter · ArgoCD · observability (extracted from landing-zone per ADR-033) Platform engineering / paved road / IDP Platform
aegis-core C++ + whisper.cpp (gRPC) · Go BFF gateway · TypeScript React · dual-mode LAN/Cloud Application repo Workload — app
aegis-core-deploy K8s manifests for the application Config repo (two-repo GitOps, Weaveworks) Workload — deploy

End-to-end GitOps loop: CI in the app repo builds + pushes the image to ECR, commits the new tag cross-repo into the deploy repo, ArgoCD in the platform tier reconciles. Architecture Decision Records document every trade-off plus a running incident postmortem log.

AWS Organizations SCPs Identity Center EKS Karpenter ArgoCD Terraform C++ Go TypeScript Bazel gRPC whisper.cpp ADR-driven ISO 27001
Foundation — Secure-by-Default Template

Every new repo starts with the full DevSecOps harness wired

A reusable GitHub template implementing the Harness Engineering 7 security practices — least-privilege agent tool access, secrets-residue scanning, a destructive-action red line (preview → confirm → log), and a production-grade tool registry. The friction differential does the work, not a checklist nobody reads.

aegis-template — Rule → Execution → Verification GitHub Template

"Use this template" copies a clean scaffold: CLAUDE.md / AGENTS.md agent rules, pre-commit secret-blocking hooks, semgrep promoted-review rules, a tool registry with timeout / approval gates, and CI that runs them all on every push.

CLAUDE.md / AGENTS.md semgrep pre-commit hooks GitHub Actions Tool registry STRIDE-lite DevSecOps
Tools — Small, Sharp Utilities

Single-purpose utilities, built to remove my own friction

Small command-line tools that solve one real problem cleanly — cross-platform, run locally, tested. Built when an existing tool didn't fit, and shared so a fork is one clone away.

Repo Stack Description
aegis-yt-transcriber Python · yt-dlp · faster-whisper / mlx-whisper · uv · pytest (BVA) · GitHub Actions (3-OS matrix) Turn a YouTube URL into a transcript locally — even when captions are disabled. Cross-platform (macOS / Linux / Windows); the audio never leaves your machine.
© 2026 Pin-Feng (Bin) Hsu · Berlin, Germany