Software Architect, Engineer & Leader
Decades of experience transforming outdated systems into modern, maintainable architectures — without disrupting the operations that depend on them.
Legacy systems do not survive because they are good. They survive because they work — and because replacing them is genuinely hard. The codebase that ran fine in 1998 now carries twenty years of undocumented business logic, edge cases learned the expensive way, and institutional knowledge that lives only in the heads of engineers who may no longer be at the company.
Most modernization efforts fail not from technical incompetence but from underestimating this weight. A wholesale rewrite discards everything the old system knew. A naive incremental approach creates a system that is half-old, half-new, and fully incoherent. The path through requires both technical depth and organizational patience — an understanding that the goal is not to move fast, but to move without breaking the trust of the business that depends on these systems daily.
Forty years of working inside these systems — from founding-team work on Backup Exec in the early nineties through directing engineering at one of America’s largest insurers — has produced a specific, battle-tested approach to this problem.
Legacy modernization is not a technology problem. It is a trust problem. The business trusts the old system because it has proven itself over years of operation. Earning that same trust for the new system requires a disciplined, transparent approach that never leaves the business exposed.
Every modernization engagement begins with deep archaeology. What does this system actually do? Not what the documentation says it does — what does it actually do? The gap between those two answers is usually where the hardest work lives. Weeks spent understanding a legacy codebase can prevent months of rework later.
The strangler fig pattern — incrementally routing traffic from the old system to the new one while both run in parallel — is the most reliable path through complex modernization. It enables progressive validation, rollback at any point, and gives the business continuous confidence rather than a high-stakes cutover event.
The logic embedded in a legacy system is often the most valuable thing in it. The goal is rarely to change what the system does; it is to change how it does it. Separating business rules from their implementation is both the hardest part and the most important architectural discipline in this work.
Theory without application is speculation. The following engagements represent real modernization work — each with distinct constraints, timelines, and organizational contexts that required adapting the approach to the situation rather than applying a formula.
Led modernization initiatives at one of America’s largest property casualty insurers. Reshaped engineering practices across an enterprise organization, elevating development standards and driving systemic improvements to how large, long-lived systems are maintained, extended, and replaced. Scale: thousands of engineers, systems measured in decades of production runtime.
Created the Common Vulnerability and Lifecycle Engine (CVLE) for the Cybersecurity & Infrastructure Security Agency — a system that consolidates and modernizes how the agency tracks and manages vulnerability data at national scale. Government modernization projects carry additional constraints: regulatory compliance, security clearance boundaries, and procurement cycles that do not bend to engineering timelines.
Co-founded a software incubator that guided 50+ development teams across healthcare, finance, government, and education. Many engagements involved inheriting existing systems in disrepair and restoring them to production health — identifying what was worth saving, what needed replacing, and how to sequence that work without disrupting clients who depended on the systems daily.
Part of the founding team that built Backup Exec, the enterprise backup and recovery solution still in widespread use today. Building a system that must itself survive decades of hardware generations, operating system changes, and data format evolution is legacy modernization in reverse — designing for the future migrations that will inevitably come.
The same failure patterns appear across organizations of every size. Recognizing them early is the most reliable way to avoid them.
A business rule encoded only in the legacy system, discovered after the new system goes live because no one knew to test for it.
A modernization project that gradually accumulates new features, losing focus on migration and turning into an unfinished product build.
Running old and new systems in parallel indefinitely, never fully cutting over, resulting in double the maintenance burden with none of the modernization benefits.
A stakeholder whose influence or budget depends on the legacy system’s continuation, creating organizational resistance that technical arguments alone cannot overcome.
Switching to the new system before it has been adequately validated in production conditions, eroding confidence at exactly the moment it needs to be built.
Choosing the new technology stack before understanding what the legacy system actually does — optimizing for engineering preference over business continuity.
The most consequential early decision in any legacy engagement is whether to modernize incrementally or rewrite from scratch. Both are legitimate approaches. Neither is universally correct. The right answer depends on signals that must be honestly assessed before any architecture work begins.
| Signal | Points Toward |
|---|---|
| Business logic is dense, undocumented, and accumulated over many years | Incremental Modernization |
| The system’s fundamental data model is structurally wrong for current needs | Targeted Rewrite |
| The organization cannot tolerate any service disruption during transition | Incremental Modernization |
| The codebase is small enough that a rewrite is measurably scoped and bounded | Targeted Rewrite |
| Original developers are available to consult on embedded logic | Incremental Modernization |
| Technology dependency (language, framework, OS) is end-of-life with no upgrade path | Targeted Rewrite |
| The system handles edge cases that are difficult to fully enumerate in advance | Incremental Modernization |
| Security or compliance requirements cannot be satisfied without architectural change | Targeted Rewrite |
Most real engagements land in neither extreme — they are hybrid approaches where specific modules are rewritten while surrounding systems are modernized in place. The discipline is in making that boundary decision deliberately, not by default.