Project Experience
CircleCI Deployment Pipeline Security
March 2024
Lead a months-long project to upgrade the deployment pipelines and artifact registry to satisfy regulatory and audit requirements before set deadlines. Drafted and implemented a proposal for a deployment process that guaranteed two-person approval of all code in production via GitHub rulesets, CircleCI context restrictions, and mandatory image promotion from lower-environments. Implemented unattended rotation and revocation of artifact registry API keys to ensure compliance.
Custom Alerting Kubernetes Operator
July 2023
Worked on a team to develop a Kubernetes operator in Go using Operator Framework to deploy necessary configurations to route alerts from applications to PagerDuty. Integrated with the DataDog API to create integration keys and create the appropriate configurations for Prometheus AlertManager, Humio, and Datadog. This enabled developers to control and define alert routing logic inside of application helm charts directly using familiar workflows.
Ansible Git Repo Standardization
March 2023
Developed Ansible roles, playbooks, and necessary infrastructure to create and manage standardized GitHub repositories and their configurations. Created a pipeline that posts dry-run output to PR comments to allow for easy review of changes and verification of functionality. Wrote a custom inventory script using Python to interact with the GitHub API to gather repository info dynamically. This system allows engineers and developers to rapidly create repositories in a secure manner using our standards without requiring potentially dangerous permissions for end users.
GitOps Helm Deployment Redesign
August 2022
Assessed requirements and authored a CircleCI orb to manage the packaging and release of Helm charts to Kubernetes via Flux. Migrated legacy branch-per-environment git workflow to a trunk-based model allowing for automated testing of PRs in lower environments and control over production promotions. Implemented verification of deployments by querying the Kubernetes API for status, running integration tests in the cluster, and providing feedback to the pipeline. This enabled rapid deployment of internal services while ensuring a high degree of trust that the deployed changes will succeed in production.
Terraform Bootstrapping
March 2022
Provided leadership on a small team of engineers to develop a fully automated process to generate ready-to-use Terraform code repositories. Integrated with GitHub Actions to automatically provision GCP Service Accounts configured to use Workload Identity Federation for maximum security. Used templating to allow for one-step provisioning of Terraform repositories for onboarding customers.
Internal Hosting Stack
November 2020
Worked with the development team to plan and build a new internal hosting platform utilizing Docker Swarm. Developed Ansible playbooks to orchestrate deployment of the platform virtual servers (Docker, Logstash, MySQL, HAProxy) as well as orchestrate the CI/CD process for deploying new application code to test and eventually to production.
Staff Cross-training
May 2020
Designed and implemented a training program to prevent single sources of knowledge and siloing of information within the team. Worked with subject matter experts to foster a culture of cross-training and knowledge sharing among team members.
Ansible Network Configuration Automation
Feb 2020
Worked with network engineers to develop an automated process via Ansible for configuring customer network interfaces and security filters. Created Jinja templates for JunOS network device configuration and a playbook to control workflow for simultaneous deployment to dozens of network devices.
Ansible Monitoring Platform Automation
Sep 2019
Developed Ansible modules using Python to interface with a vendor’s proprietary REST API and configure SaaS-based monitoring of hundreds of internal servers and deploy managed single-tenant monitoring for dozens of customers. Verified logic to ensure idempotence for Ansible playbook runs.
Management Network Refactor
Feb 2018
Compiled a plan for secure multi-tenant management network including naming standards, multi-site firewall policies, and credentials storage. Used custom scripting to migrate hundreds of legacy systems to new standards with minimal downtime and without affecting in-progress projects and orders.
Helpdesk Process Automation
Feb 2017
Authored a custom PowerShell module to interface with helpdesk software REST API and deployed using Git version control. Wrote scripts utilizing the module to implement helpdesk business logic on incoming requests and generate custom reporting for executive dashboards.
Citrix/Wyse Migration
Jun 2016
Migrated two legacy XenApp 6/6.5 farms consisting of 30+ virtual machines hosting 20+ applications to a new XenApp 7.6 farm. Deployed a new Wyse Device Manager server to support the upgrade and/or replacement of 60+ Wyse terminals running user applications.
SAN Migration
Jun 2013
Evaluated vendor offerings for a new SAN and successfully migrated virtual infrastructure consisting of over 30 virtual machines to the new storage with minimal downtime, increasing redundancy and reliability.
T1 PRI to VoIP PBX Migration
Feb 2013
Migrated 60 user phone system to a new VoIP PBX and transferred existing telephone service from a T1 PRI to VoIP. Designed and implemented network for VoIP traffic, including QoS.
Office Network Redesign & Migration
Mar 2012
Migrated over 100 devices from a flat network to 802.1Q VLANs for security segmentation and logical separation. Implemented 802.1x certificate-based authentication and the necessary public key infrastructure for end-points to increase network security and prevent unauthorized access.
vCenter Implementation and P2V of existing servers
Nov 2011
Implemented vCenter with shared storage and high availability. Migrated several critical services to the new virtual infrastructure, including MSSQL, Active Directory, and Exchange.