Available now · Senior / Staff IC · Remote preferred

Hire the engineer who built all of this.

35+ years in production · 8 years leading middleware & observability at RGA · now building PQ Crypta & PQ PDF

Senior Systems Engineer & Architect with 35+ years building and operating large-scale infrastructure across insurance, finance and healthcare.

I investigate where machines disagree about reality — from PDFs that mean different things to different parsers to QUIC connections browsers barely explain.

Then I trace each failure to the layer where truth diverges from assumption — and build the systems that expose, measure and explain it.

I'm Allan Riddel. PQ Crypta, PQ PDF and stlweb.dev are mine end-to-end: the Rust, the servers they run on, the monitoring that catches the 2 a.m. failures, and the front ends people actually use. Fated LLC is the company behind them.

35+ Years Building Systems
500+ Live API Endpoints
24,824 PDFs Analyzed
20+ Yrs Escalation & Root-Cause

Search engines, AI pipelines, compliance systems, browsers and security products all assume machines agree on reality. Often they don't.

The gap between what systems show and what they do

In documents, protocols and AI pipelines — I find where systems quietly diverge from what's actually true, then build the tooling that exposes and fixes it.

AI / RAG ingestion corruption

PDFs that parse differently to every reader silently poison retrieval and training data. I detect the divergence before it reaches the model.

Protocol correctness

QUIC, HTTP/3 and WebTransport deployments that are misconfigured or silently degraded — found, graded and explained.

Document integrity

Value-vs-appearance drift, parser disagreement and post-signature tampering that break compliance and e-discovery.

Threat detection & abuse prevention

Bot and attack traffic that slips past signature-based defenses — caught with WAF rules, JA3/JA4 fingerprinting and ML classification.

2 a.m. distributed failures

Systems that break with no obvious cause. I trace the fault through every layer — app, DB, middleware, network — to the real root.

Post-quantum migration

Moving real TLS and data-at-rest onto NIST PQC (ML-KEM, ML-DSA, SLH-DSA) without breaking what already works.

When identical bytes produce different outcomes

Across documents, protocols and AI pipelines, the same pattern appears: what users see and what machines process are often not the same thing. I've measured that gap across 24,824 PDFs and live transport analysis.

1 in 3

PDFs don't have one meaning

502 of 1,572 PDFs produced materially different results across parsers; 43 of 44 IRS tax forms exhibit semantic drift.

How we measured it →
18.6%

Humans and machines read different PDFs

Of the 16,971-PDF DOJ Epstein release, 18.6% differed between rendered content and machine extraction. AI and RAG pipelines typically ingest extracted text; humans read the rendered page.

Explore semantic drift →
~1 in 4

The browser isn't the network

Of sites whose servers support HTTP/3, roughly one in four are misconfigured — browsers can't discover it and silently fall back to HTTP/2. The transport tells a different story than the UI.

Analyze your connection →

One engineer. The whole stack.

Not slide decks — live platforms, running in production on infrastructure I set up and maintain.

The transport every platform here shares

No TCP. No classical-only TLS. Post-quantum by default.

Each platform below rides the same path I designed, deployed and operate end-to-end — a Rust HTTP/3 reverse proxy terminating hybrid post-quantum TLS, carrying QUIC and WebTransport from the browser to the backend.

HTTP/3 QUIC WebTransport Hybrid PQC TLS · X25519MLKEM768 JA3/JA4 fingerprinting ACME auto-cert

PQ Crypta

Infrastructure for the post-TCP web

Rust backend, Python ML pipelines and browser applications. Designed, deployed and operated end-to-end.

  • Rust HTTP/3 / QUIC reverse proxy with hybrid PQC TLS (X25519MLKEM768)
  • 500+ REST endpoints on Axum / PostgreSQL / Redis
  • 31 NIST-aligned PQC algorithms with full roundtrip validation
  • Python ML bot & threat detection, WAF, live observability

Open Source

Open-source infrastructure

Production Rust infrastructure, publicly auditable, on crates.io / PyPI / npm.

  • pqcrypta-proxy — HTTP/3 proxy with hybrid PQC TLS, JA3/JA4, ACME
  • pqc-binary-format — PQC interchange format, 6 language bindings
  • hmac-circuit-breaker — tamper-evident circuit breaker
  • pqcrypta-collector — async metrics & anomaly-detection layer

PQ PDF

The same PDF can mean different things to different parsers

The 47-engine forensic scanner grew out of that finding — it measures parser disagreement, semantic drift and document integrity across real-world PDFs.

  • Detects parser disagreement, value-vs-appearance drift & shadow-document tampering
  • 47-engine scanner: structural, dynamic, ML and behavioural analysis
  • 6-renderer sandbox detonation in isolated Linux namespaces
  • 6M+ local threat indicators — zero external upload, zero retention

QUIC / WebTransport Suite

Observability for protocols browsers barely expose

Browsers show pages; transports tell the real story. These tools surface what's actually happening over HTTP/3, QUIC and WebTransport.

  • HTTP/3 · QUIC · WebTransport protocol analyzer
  • QUIC-native speed test over WebTransport
  • Live WebTransport telemetry wall

stlweb.dev

Infrastructure-first web platform

Full-stack sites for St. Louis businesses, deployed with HTTP/3, QUIC, hybrid PQC TLS and real observability.

  • HTTP/3, QUIC and hybrid PQC TLS by default
  • Real observability — not a black box
  • Designed, deployed and operated end-to-end

Research

When identical bytes mean different things

Original research showing the document format AI pipelines trust does not always have a single machine interpretation — the same file reads differently to different parsers, measured across 24,824 real PDFs.

  • Parser disagreement — six parsers, one file, different documents
  • Reality drift & V/AP divergence — stored bytes ≠ what's shown
  • AI-ingestion failure — how PDFs quietly poison RAG & training data
  • Why ground truth, retrieval correctness & reproducible evals break on documents

End to end

I write the backend, run the servers it lives on, trace why it broke, and build the monitoring that catches it next time.

Backend Development

Rust, Python, JavaScript. REST APIs, async services, distributed systems.

Infrastructure & Systems

Linux & Windows Server, Apache, IIS, F5 BIG-IP, networking, high availability.

Security Engineering

TLS, WAF, cryptography, threat detection, JA3/JA4 fingerprinting.

Observability

Datadog, custom telemetry, SLOs, anomaly-detection pipelines.

DevOps & CI/CD

Deployment automation, Jenkins, Buildmaster, reliability engineering.

Root Cause Analysis

Tracing failures through every layer until I find the actual problem.

Three decades in production

Senior escalation and infrastructure engineering across insurance, finance, and healthcare.

Principal Systems Architect
stlweb.dev · PQPDF · PQCrypta · 2024–Present

Designed and built the platforms above end-to-end — Rust HTTP/3 proxy and APIs, post-quantum cryptography, a 47-engine PDF forensics scanner, Python ML pipelines, and the infrastructure they run on.

Lead Middleware Engineer
Reinsurance Group of America (RGA) · 2017–2025

Senior escalation engineer and middleware architect for mission-critical infrastructure across 7 countries. Architected global observability on Datadog, built CI/CD with Jenkins, and ran high-availability infrastructure across IIS and F5 BIG-IP.

Lead Web & Frameworks Engineer
Randstad Technologies (contracted to RGA) · 2016–2017

Engineering lead for enterprise middleware and application-delivery infrastructure supporting global insurance systems — the same scope continued directly at RGA after the transition.

Systems Engineer
Stifel Nicolaus · 2012–2016

High-availability web and application infrastructure — IIS, Tomcat, SQL Server, Citrix NetScaler — for mission-critical financial platforms, with HA/DR and disaster-recovery design.

Senior Business Systems Administrator
Essence Healthcare · 2008–2012

Enterprise application and database infrastructure — WebSphere, SQL Server, SharePoint, ERP — with HA clustering, VMware virtualization, and enterprise backup/recovery.

Earlier roles · 1999–2008
AMP Technology · USA Mortgage · Tecvar · SAVVIS · CDS Office Technologies · Xerox-Connect · Phoenix Networks

Systems, network, and IT leadership: data-center operations, multi-org IPSec VPN architecture, NOC management, and custom back-office development for a 10,000+ subscriber ISP.

Where I slot in

Senior / staff individual-contributor roles — full-time or contract, remote preferred.

Start with a conversation

Every path begins the same way — talking to the engineer who built and measured all of this. Where it goes is up to you.

01

Hire

Senior / staff individual-contributor roles in backend, systems & infrastructure, DevOps, or security. Full-time or contract. Remote preferred.

  • Writes the code and runs the systems it lives on
  • Works the full stack — Linux internals to TLS handshake debugging
  • Root-cause debugging of live distributed failures
02

Consult & License

Bring me in for QUIC / HTTP/3 / WebTransport, post-quantum TLS, or proxy and observability work — or license the engines directly.

  • Protocol-level advisory and implementation
  • Embed the proxy, PQC, or PDF-forensics engines
  • Architecture review and root-cause investigations
03

Acquire

Start by talking to the engineer who measured semantic nondeterminism across 24,824 PDFs and built observability for the post-TCP web. If it goes further, the platforms, source and brands — PQ PDF, PQ Crypta, the QUIC/WebTransport suite — are available, together or apart.

  • Working platforms, not prototypes
  • Published open-source crates and protocol work
  • Acqui-hire of the person who built it

Frequently asked

Are you available now?

Yes. I'm open to senior/staff individual-contributor roles — full-time or contract, remote preferred — and can start quickly.

What roles do you fit?

Systems & infrastructure, backend (Rust), security, protocol/transport (QUIC, HTTP/3, WebTransport), observability/SRE, and research engineering.

Do you work remotely?

Yes — remote is preferred, with openness to hybrid for the right role.

Can I engage you as a consultant or licensee instead of hiring?

Yes — full-time, contract, advisory, or licensing of the engines (the Rust proxy, post-quantum cryptography, and PDF forensics).

Are PQ PDF or PQ Crypta available to acquire?

Yes — the platforms, source, and brands are available to the right buyer, together or apart, including acqui-hire of the person who built them.

Start the conversation

If you're exploring QUIC / WebTransport, AI-ingestion safety, document integrity, protocol observability, PDF forensics, post-quantum TLS — or acquiring PQ PDF / PQ Crypta — let's talk. One email reaches the engineer directly: no recruiter layer, no funnel.