Engineer with architect, frontend, backend, AWS, remote, consultant, and security experience and worked in adtech, security, gambling, and IoT industries (details available upon request)
Lead a migration project from CloudFront (usage cost) to CloudFlare (flat cost) savings a lot of money and decreasing latency for clients and maintaining IaC in terraform
Lead a Single Point of Failure project to compile a list of all known vendors, billing, across all teams, assign owners, and create action items to reduce SPOFs across the org
Lead a migration project from EC2 to EKS by working with teams, reducing blockers, forecasting, presenting in front of VPs, and coming up with scalable solutions to ease the transition
Lead a project for IaC only AWS accounts to introduce best practices and security out of the box for 3rd party contractors which served as an example for future AWS accounts
Mentored multiple members internally in ops, infrastructure as code, xy problem, and overall scalable, secure, solutions
Rearchitected atlantis (terraform CICD) to be a pleasant experience and thus eliminating a separate project to recreate those workflows in a bespoke system that would need to be internally maintained
Introduced architectural design records (ADRs) to solidify decisions per repo and participated in org-wide ADRs for security and infrastructure
Introduced policy-as-code using tools like OpenPolicyAgent (OPA), Conftest, Gatekeeper and applied in terraform code and in kubernetes
SAST tools (tflint, tfsec / trivy) for terraform-cicd pipeline to resolve security issues prior to merge
Reduced Critical and High security vulnerabilities across the organization using a combination of best practices documentation, trainings, cloud custodian policies, and Service Control Policies (SCPs) across the org
Introduced renovatebot for automatically keeping dependencies up to date
Enabled colocation of terraform resources by introducing an internal account-map terraform module
Created an internal FAQ that has reduced common questions in many slack channels and is now maintained by many teams
Noted that devs did not take advantage of AWS support and setup AWS Chat Bot and AWS Support Chat Bot to make it easier for users
Worked with IT, security, internal auditors, external auditors to get to root issues to come up with solutions to streamline auditing
Removed all persistent administrators from many production accounts by creating new least-privilege roles and migrating users
Automatically tagging resources helped with forecasting costs per teams
Setup AWS Budgets (cost and usage) for expensive services to notify slack/email via SNS if costs are rising faster than initially forecasted
RB Consulting LLC - CEO / Principal Staff (2021 - Present) - Remote
Consulted for Fortune 500 clients, midcap, and small companies
Helped manage 100s of open source terraform modules in terraform-aws-modules and cloudposse
Everything, absolutely everything in terraform (infrastructure as code)
Experience getting into Amazon’s Marketplace by using AWS Control Tower Account Factory for Terraform
Setup from the ground up: SAML, AWS SSO with Okta, Gravitational’s Teleport, AWS Client VPN, Spacelift (terraform automation), Datadog, OpsGenie, private/public R53 split-horizon, Cloudtrail, AWS WAF, delegated IAM roles, AWS Shield, GuardDuty
Configured and maintained EKS (with and without bottlerocket) and ECS Fargate
All helm releases with IRSA roles built with terraform using the helm provider
Used tooling such as tflint, tfsec, checkov, infracost
Tested terraform using terratest and Open Policy Agent rego policies
Spearheaded architectural design decisions (ADRs) in repos and related mermaidjs diagrams
Used Akamai CDN and AWS WWAF to protect servers from bot traffic and DDoS attacks
Built microservices using AWS’s ALB, TG, and lambdas using python and terraform
Coded GAppsScript to grab deployment history from OctopusDeploy using a Subscription and webhook
Advised dev teams on testing locally, decreasing feedback loop, improving services, improving pipelines
Wrote a lambda to forward Slack requests to another lambda allowing creation of many slack commands
Improved patching process of AMIs by automating Rapid7 InsightVM scans
Created VM templates for Windows and Linux in datacenters using Packer
Monitored microservices in ASGs and ECS docker containers using Datadog and ELK stack dashboards
3rd party upgrades, Chef, reviewing PRs, daily requests from devs, blue/green and rolling deploys
Adtech & Sales CMS - DevOps / DevSecOps / Full Stack Engineer (2016 - 2018) - In Office and Remote
Architected and built a multi-million dollar, highly scalable, and concurrent Node.js app using koa and pm2 in only 8 weeks with 30% test coverage. The app handles over 150M req/mo and allowed our team and product to rapidly expand.
Designed and helped build a proxy API for Sales written in Java Springboot with a TypeScript frontend
Uncovered over 60 high severity issues in legacy apps by manual and automated testing using Burp, w3af, sqlmap, and custom scripts
Containerized our apps in docker and in Vagrant VMs using Ansible to provision
Setup local pre-commit hooks, built Jenkins CI pipelines to run unit tests and static code analysis tools to auto merge and auto deploy
Load tested apps using apache bench, wrk, loader.io, jmeter, and blazemeter
Designed and created a pre-buy app in jQuery, bootstrap, font awesome, flask, with docker deployment
Maintained and improved upon a once complicated ETL left behind by a previous team
Gave presentations on TDD (Test Driven Development) and CICD principles
Networking & Firewall - DevOps / DevSecOps / Automation Engineer (2013 - 2016) - In Office and Remote
Implemented a scalable solution to test ExtJs frontend code using Jasmine tests via Siesta
Built a remote python agent to act as a test runner and integrated results into a common database. Ran tests in Jenkins based on a commit trigger.
Won an award for cost savings by creating a self correcting Smartsheet using Smartsheet-Data-Tracker
Setup VMs using Packer using provisioners, veewee for iso automation, and deployed on vSphere and created local development environments using Vagrant
Managed and monitored LDAP and Radius servers for network firewall authentication
Wrote packet manipulation scripts using Scapy to circumvent IDS/IPS firewall software
Scripted reproduction scenarios for Heartbleed and other security issues
IoT - Engineer (2011 - 2013) - In Office
Created self healing mesh network for buoys that sends real time data and field tested in a boat
Programmed custom Arduino boards in C++ to work with GPS and Digi modules
Developed functions around Yorick legacy code written by USGS for the EAARL (Experimental Advanced Airborne Research LIDAR) project
Trained USGS personnel via presentations on how to develop and build upon the EAARL project
Read LIDAR (Light Detection and Ranging) papers under a PhD professor’s tutelage to derive important variables for a radiometric calibration to generate light reflectance graphs
Python: I have worked with Python for years. I’ve created APIs in Flask and Falcon, written many scripts, lambdas, and built a Django app.
Golang: Contributed to Packer, Terraform AWS Provider, and atlantis projects.
Node.js & TypeScript: Built a scalable API using koa and pm2 utilizing es7 features like block scoping and async / await and used mocha style jasmine tests to unit and integration test the app. Also lambdas and google scripts.
Java: Built a microservice using Springboot.
Dabbled:D3, Golang, Ruby, Bash, Kotlin and personal cloud (AWS and Azure) accounts. Envoy/Istio. Podman instead of Docker. Used gRPC and swagger for fun. I try to stay language agnostic / polyglot as much as possible.