Open to work Melbourne, VIC Permanent Resident · full work rights Hybrid / On-site / Remote AI & Automation Consultant
Proof of Work — show, don't tell

Giovanni Lesna-Maranetto

AI & Automation Consultant · Certified Management Consultant · 12+ years strategy + build

Most people who call themselves AI consultants can show you a slide deck. I can show you systems I've shipped — AI agents, self-hosted automation infrastructure, and human-in-the-loop workflows running real business processes. I work AI-augmented: I architect, review and ship fast because I pair deep solution judgement and op-sec with modern AI tooling. Outcomes are the proof. Below are short walkthroughs — each covers the problem, what got automated, where the human stays in control, and the stack.

start here — 60-second intro

I build things that create real value

Years spent turning messy, manual problems into systems that just run — now designing and shipping AI and automation end to end.

A rare mix of discipline and invention: I'm a Certified Management Consultant, so things get built properly — tested, auditable, production-safe — and a genuine builder who digs into the frontier until I understand it. Not "it works" — "it works and I'd trust it."

Outcomes-driven, equally at home remote, hybrid or in the room — and actively looking to be back in a team shipping real work.

Australian Permanent Resident · full work rights · Melbourne

Then scroll down — every demo below is something I actually built.

what I've built — problem → solution → result · short demos
01 · automation infrastructure

Client onboarding that took a day now takes minutes

The problem

Setting up a new client's automation environment meant hours of manual server, security and software setup — slow, and every manual step is a chance to get something wrong.

What I built

A tool that builds the entire environment automatically from a single setup file — one command instead of a checklist.

The result

A full day of setup collapses to minutes — identical every time, with security built in from the start.

Kept safe: secrets locked in a vault, encryption automatic, hardening built in — not bolted on after.
under the hood: Hetzner · Cloudflare · Docker · n8n · infrastructure-as-code
Technical detail

A single declarative YAML config drives the whole provision. The tool spins up a Hetzner Cloud server, points DNS through Cloudflare and triggers Let's Encrypt SSL via Traefik, hardens the box, generates per-environment secrets and stores them in Bitwarden, then deploys the service layer through Coolify using custom Docker Compose templates.

Core services deployed end-to-end: Uptime Kuma (monitoring), Baserow (database), DocuSeal (document signing) and self-hosted n8n (automation). Idempotent and repeatable — the same config reproduces the same stack, and secrets never touch the config file or version control.

Hetzner · Coolify · Cloudflare DNS/SSL · Traefik · Bitwarden · Docker Compose · n8n

Watch demo · 2–4 min
02 · production automation

Manual blockchain payment checks, now fully automated

The problem

A client paid its providers in USDC straight from an on-chain treasury wallet. After every payment run, someone had to manually check the blockchain, work out which provider was paid, and confirm it by email — slow, easy to miss one, and every missed confirmation is a provider relationship left hanging.

What I built

A production automation that watches the blockchain, matches each payment to the right provider, and notifies them automatically by email and Slack — with a complete audit trail behind every payment. Runs on a schedule, hands-off, no manual trigger.

The result

A manual after-every-payment chore becomes a zero-touch process — every provider notified, every payment logged, duplicates structurally impossible.

Built for trust: safe to re-run without ever double-notifying, failures routed to a separate error log, and a full audit record of what was sent and what wasn't.
under the hood: n8n · Etherscan · USDC/ERC-20 · Google Sheets · Gmail · Slack · idempotent design
Technical detail

A scheduled n8n workflow reads ERC-20 transfer logs directly from the Etherscan API, parses the raw hex logs, and filters to USDC outgoing from the treasury. Each payment is matched to a provider (wallet → provider record), checked for active status, then deduplicated against an audit log before any notification is sent.

The deduplication key is the backbone: payment_key = tx_hash + log_index. An earlier key based on tx_hash + amount silently collapsed multi-send transactions — one transaction paying several providers could skip a notification. Keying on the blockchain's guaranteed-unique log_index makes duplicate or dropped notifications structurally impossible.

New payments trigger a formal email (amount, wallet, tx link, date) plus a real-time Slack alert; every payment is written to an audit log, and any failure — missing email, Slack error, no provider match — is routed to a separate error log. The workflow is idempotent and safe to re-run: Ingest → Normalize → Match → Deduplicate → Act → Log.

n8n (self-hosted) · Etherscan Logs API · USDC/ERC-20 · Google Sheets (system of record) · Gmail · Slack · idempotency (tx_hash + log_index) · audit + error logging

Watch demo · 2–3 min
03 · AI with a safety rail

AI handles the incoming flood — a human still approves

The problem

Teams want AI to handle incoming requests, leads and tickets, but can't risk it sending the wrong thing to a customer on its own.

What I built

A workflow where AI reads each request, sorts it, and drafts the reply — then stops and waits for a person to approve, edit or reject before anything goes out.

The result

The repetitive reading and drafting is automated; a human keeps the final say — saving hours of triage a week without losing control.

Kept safe: the AI proposes, a person decides. Full record of what was suggested and what was approved.
under the hood: n8n · LLM · human-in-the-loop approval gate
Technical detail

An n8n workflow triggers on inbound items (email/form/webhook). An LLM node classifies intent, urgency and topic; a switch routes by classification — low-risk items down an automated path, sensitive/high-value items to a manual queue. The LLM drafts a response, then the flow halts at a human-in-the-loop approval node (approve / edit / reject) before any send action fires.

Every run logs the AI's proposal and the human's decision, giving a clean audit trail. Constrained prompts and scoped credentials keep the model from taking unilateral action.

n8n · LLM API · REST/JSON · switch routing · HITL approval gate · audit logging

Demo coming soon
04 · data you can trust

A self-checking dashboard that proves its own numbers

The problem

People make decisions off dashboards every day — but a dashboard is only as trustworthy as the maths behind it, and most can't show that the maths is correct.

What I built

A live tracking dashboard with the key numbers up top, and an automated test suite that checks every calculation behind them.

The result

Decisions made on numbers that are verified, traceable and trustworthy — not just numbers that happen to look right.

Kept safe: every figure traces to a source, calculations are independently tested, data is versioned.
under the hood: single-page app · JSON data layer · 150+ automated tests
Technical detail

Vanilla ES-module single-page app, no build step. The calculation logic (e.g. NAV and tax/CGT maths) lives in pure, isolated modules with no DOM or network coupling, which is what makes it unit-testable. JSON files act as the versioned data layer; writes are atomic across multiple files with auto-snapshot logging.

A harness of 150+ inline tests runs against the pure modules so every displayed number is provably correct, not just plausible. Served by a lightweight Python static server with optional write endpoints.

vanilla ES modules · pure-function math modules · JSON store · atomic writes · Python static server · 150+ tests

Watch demo · 2–4 min
05 · AI that respects your data

AI agents that run on your own machine — data never leaves

The problem

For many organisations the blocker to using AI isn't capability — it's that they can't send sensitive data to an outside AI service.

What I built

Custom AI agents that complete real multi-step tasks, running on an AI model hosted locally — plus deliberately limited access, so an agent can only do what it's allowed to.

The result

The same AI capability, but the data never leaves the building — AI you can put in front of a compliance team.

Kept safe: local model = data stays in-house. Agent permissions are scoped and constrained.
under the hood: AI agents (OpenClaw, Hermes) · locally-hosted LLM · scoped tool access
Technical detail

Two purpose-built agents (OpenClaw, Hermes) explore goal decomposition and tool use — given an objective, the agent plans steps and calls only the tools it's explicitly granted (deliberately scoped, least-privilege access rather than open-ended control).

Runs against a locally-hosted LLM (GLM 5.2) on local hardware, so sensitive data never leaves the machine — solving the data-sovereignty blocker that stops many organisations adopting AI. Same capability as a cloud API, without the data egress.

AI agents · local LLM (GLM 5.2) · scoped tool access · on-prem / data-sovereign

Demo coming soon
06 · delivery discipline

The part nobody shows: work built to survive

The problem

Anyone can make something work once, on their own machine, on a good day. The real risk is six months later — can someone else understand it, roll it back, recover it? Most work fails not at "does it run" but at "can anyone maintain it."

What I built

Every project ships with the same backbone: documented from day one, version-controlled properly, backed up in two independent places, and scripted so it's repeatable — not held together by memory and manual steps.

The result

Any project I hand over can be picked up cold — by a client, a teammate, or me in six months — and understood in minutes. Nothing lives in one person's head, and nothing lives in only one place.

Held to standard: every version tagged and rollback-able, hard-won fixes captured in a gotchas log, every script self-verifying — proven, not assumed.
under the hood: Git · GitHub + GitLab dual-remote · tagged versions · PowerShell · living docs
Technical detail

Every repo carries a fixed documentation spine — README, STATUS, CHANGELOG, CHARTER — so the "what, where, why" is never lost. Commits are clean and every meaningful version is tagged for instant rollback.

Every version is dual-pushed to two independent providers (GitHub + GitLab) and verified on both with git ls-remote — no single point of failure. A running gotchas log captures every environment quirk and its fix the moment it bites, so the same problem is never solved twice.

Installs, backups and file moves are scripted in PowerShell with built-in size checks and verification rather than done by hand — repeatable, checkable, safe to re-run. The through-line is one rule applied everywhere: don't trust that it worked, prove it did.

Git · GitHub + GitLab (dual-remote) · semantic version tags · gotchas log · README/STATUS/CHANGELOG/CHARTER · PowerShell · scripted verification & backups

Watch demo · 2–3 min
capabilities --core
AI agentsworkflow automation business process automationn8n ZapierMakeRPA LLM integrationhuman-in-the-loop AI governanceAPI integration AWSDockerPython PowerShellSQL process optimisationdigital transformation stakeholder managementROI / business case
education & certifications --verified
Degrees MBA Digital Business — Univ. of Barcelona BEc — University of Western Australia BCom Hons Economics — UNISA BCom (Cum Laude) — UNISA
Certified Management Consultant (CMC)
AWS Certified Cloud Practitioner
UiPath Agentic Automation Associatein progress
n8n — Level 2 Certified
Lucidchart Certified
Scaled Agile Framework (SAFe 4.0)
Blockchain for Business — Hyperledger / Linux Foundation
Advanced Microsoft Excel
GARP — Financial Risk & Regulation (FRR)
CPP41419 Cert IV in Real Estate Practice (VIC) + Auctioneer
track-record --archive · enterprise delivery (the foundation under the builds)

Before the AI builds, the discipline. The same process mapping, requirements (BRS), UAT/production rigour, regulatory delivery and senior-stakeholder engagement is exactly why my automation ships and survives in production — not just in a demo.

banking · enterprise delivery

Untangling a bank's systems — and its regulatory reporting

The problem

A major bank had overlapping trading systems and complex tax-reporting obligations spread across many business units — costly, risky and hard to manage.

What I did

Merged three trading systems into one, moved core financial data onto a single modern platform, and automated regulatory (FATCA/AEOI) reporting across five business units — working with senior IT, finance and business leaders.

The result

Lower cost, less duplication, and regulatory reporting that runs reliably — delivered through proper requirements, testing and production rollout.

10+ business units · BRS · UAT · production · SAP HANA · Murex · SAFe 4.0
Technical detail

Consolidated three derivative trading systems (Murex Energy, Front Arena) into a single Murex GTS platform; migrated/replicated a Basel II data mart into SAP HANA as part of a cross-country UK|SA delivery team toward a unified financial architecture.

Delivered FATCA/AEOI/SARS IT3 reporting standardisation across 5 business units — vendor scoping, as-is/to-be analysis, gap analysis, data mapping and data-dictionary artefacts. Ran full SDLC (BRS, technical & interface-design specs, UAT, production cutover, training) in SAFe 4.0 with Kanban/JIRA, including EXCO planning with IT, Finance and Business.

Murex · Front Arena · SAP HANA · Basel II · FATCA/AEOI · BRS · UAT · SAFe 4.0 · JIRA

public sector · strategy & research

Helping government bodies prepare for the future of work

The problem

During COVID, multiple government departments needed to understand how ready they were for new technology and the changing world of work.

What I did

Ran a Fourth Industrial Revolution (4IR) readiness assessment across several government bodies, plus feasibility studies, large-scale surveys and executive research reports.

The result

Clear, evidence-based readiness findings and recommendations that senior public-sector decision-makers could act on.

via Mental Block Consulting · 4IR readiness · feasibility studies · executive engagement
Technical detail

Delivered a Fourth Industrial Revolution (4IR) readiness assessment across multiple government bodies — SETAs and state/national departments — during COVID. Designed and ran large-scale questionnaires/surveys for industry-report building (Gartner/Cognizant-style), plus feasibility studies for large government initiatives.

Produced executive-grade research reports and led senior stakeholder engagement across departments. Delivered under the Mental Block Consulting banner for client Redflank.

4IR readiness · survey/questionnaire design · feasibility studies · industry reports · executive engagement

Let's talk

Resume, references (including Australian referees), and a live walkthrough available on request.