The Practice
Independent. Experienced. Opinionated.
Ergotech operates as a specialist independent consultancy — no large firm overhead, no junior consultants learning on your time, no allegiance to a vendor ecosystem. What you get is direct access to senior architecture expertise, applied to your specific context.
The practice spans five interconnected domains: solution architecture, security architecture, infrastructure architecture, technology strategy and planning, and digital transformation. In enterprise environments, these domains are never fully separate — a good security architect needs to understand infrastructure; a transformation programme needs a strategy; a solution architect needs to think about security from day one. Ergotech brings an integrated perspective across all five.
Engagements range from short advisory reviews — assessing a proposed architecture, stress-testing a vendor solution, reviewing a strategy document — through to embedded architecture roles on major transformation programmes. The format adapts to what the engagement actually needs.
The Approach
Every engagement starts with an honest assessment of where things actually are — not where the documentation says they should be. Architecture advice based on a false picture of the current state is worth nothing.
Every recommendation is constrained by what the organisation can actually build and sustain. The right architecture for an organisation with a team of five is different from the right architecture for an organisation of five hundred engineers.
Architecture decisions are documented in a form that is useful to the teams who must implement and maintain them — not just to the review board that approved them.
Where the practice runs deep
AWS and Azure multi-account strategy, landing zone design, hybrid connectivity, cloud governance, and migration sequencing across complex enterprise estates.
Zero Trust frameworks, IAM and identity design, network segmentation, cloud security posture, DNS security, threat modelling, and compliance mapping (NZISM, ISO 27001, NIST CSF, CIS).
SD-WAN design, SASE architecture, branch network migration, DNS architecture and security, PKI design, and hybrid connectivity patterns.
Internal Developer Platform design, DevSecOps toolchain architecture, CI/CD pipeline design, infrastructure-as-code strategy, and platform operating model.
Technology roadmapping, platform portfolio rationalisation, investment case development, architecture governance design, and vendor evaluation frameworks.
Integration architecture, API design, system context modelling, non-functional requirements definition, architecture decision records, and vendor solution review.
Principles that guide every engagement
Security is architecture, not audit
Security decisions made at the architecture stage cost a fraction of what they cost when discovered in a pen test or an incident. Security by design is not a methodology — it is a commitment to involving security thinking from the first design conversation.
Complexity must be justified
Every layer of complexity in a system has a cost that is paid by the people who maintain it. The default posture should be simplicity, and increased complexity should be a deliberate, justified trade-off — not a design preference or a pattern applied out of habit.
Architecture serves delivery
Architecture that does not result in delivered, working systems has failed regardless of how elegant it is. The measure of architecture is not the quality of the diagrams but whether the engineering teams can use it to make good decisions faster.
Strategy must connect to execution
A technology strategy that cannot be traced directly to an investment case, a delivery roadmap, and a set of measurable outcomes is not a strategy — it is a vision. Vision is necessary but insufficient. The work of strategy is the connection to execution.