onecandle

independent engineering studio

Better to light a candle.

Software, infrastructure, machine learning, and security. Shipped instrumented. Built to last.

Start a conversationWhat we do

“It is better to light a candle than to curse the darkness.”

// services

A small studio, a wide bench.

Engagements are scoped to what you need: a one-week spike, a multi-month build, or an ongoing retainer. Below is where we work.

  • Full-stack engineering

    Greenfield products and pragmatic upgrades. Web, APIs, and data layers, running wherever you need them: cloud, on-prem, hybrid, public, or sovereign. The stacks below are where we've shipped, not where we're capped. Comfortable with the codebase you have, and the hardware underneath it.

    • React, Next.js, Svelte, vanilla
    • Node, Python, Go, Elixir, Rust
    • Postgres, Redis, & friends
    • Polyglot by default

  • Research & prototyping

    Honest exploration of an idea. We build the smallest thing that proves or disproves it, then document what we learned.

    • Feasibility spikes
    • Technical due diligence
    • Proof-of-concepts

  • Pre-mortem & risk analysis

    Finding the problems before they're problems. We map a system's failure modes: what's exposed, what's brittle, what depends on what. The work ships instrumented enough to see itself, not retrofitted with observability later.

    • Failure mode analysis
    • Blast radius mapping
    • Pre-launch review

  • Machine learning & deep learning

    Modeling for real use: classification, regression, forecasting, deep learning, and LLM-powered applications. Shipped with the evaluation and observability that keeps them trustworthy in production.

    • PyTorch / TensorFlow
    • Fine-tuning & embeddings
    • NLP, CV, time-series

  • Data engineering & infrastructure

    Pipelines, warehouses, and lakes that hold up. Batch and streaming, ETL and ELT, with the schemas and monitoring that turn raw data into something you can actually query.

    • Postgres, dbt, Airflow
    • Kafka, Spark, Flink
    • Schema design & quality

  • Analytics & decision support

    Statistical modeling, experiment design, forecasting, and BI. Operational data translated into decisions you can defend, with the methodology to back them.

    • A/B testing & causal inference
    • Forecasting & operations research
    • Dashboards & metrics

  • DevOps & infrastructure

    Reproducible environments, predictable deploys, and observability that's actually useful. Cloud, self-hosted, or fully sovereign, with the uptime discipline production demands.

    • CI/CD & IaC
    • Containers & Kubernetes
    • Uptime & reliability

  • Security

    Threat modeling, hardening reviews, and incident readiness for teams that need to get it right the first time. Key management, HSMs, and operating posture for systems where uptime is non-negotiable.

    • Code & infra review
    • Key management & HSMs
    • Supply-chain hygiene

  • Advisory

    A senior set of eyes when you need one. Architecture review, technical due diligence, and honest assessment of where a project stands.

    • Architecture review
    • Roadmap pressure-test
    • Hands-on as needed

// about

Quiet, careful, built to last.

One Candle is run by Ian Culp. A senior engineer who runs toward complexity when the right solution lives there, bakes resilience into the work from the start, and plays devil's advocate so the trade-offs are visible before you decide.

The studio takes on a small number of engagements at a time so we can do them properly. Greenfield product work, R&D you can hand to your investors, infrastructure you can hand to your next hire.

Background: graduate training in analytics (M.S. Analytics, Georgia Tech), years of shipping production software across web, infrastructure, ML, and security, plus several years operating high-uptime distributed systems in adversarial environments.

Most engineers don't think about adversarial threats until something breaks. We try to think about them earlier: what's exposed, what the blast radius is, what's logged. Not because anyone can promise bulletproof defense, but because building with that posture from day one is much easier than retrofitting it under pressure later. Sovereignty over your stack, dependencies you can defend, infrastructure you can audit, observability that catches what matters.

You stay current. Status updates without being asked, problems surfaced before they're emergencies.

based
Remote · U.S.
availability
Booking discovery calls

// contact

Tell us about it.

The best engagements start with a clear, honest description of what you're trying to do and what's in the way. A paragraph is plenty.

Prefer email? Reach us at hello@onecandle.dev.