SUMMARY
I am an experienced DevOps and Security Engineer with a strong background in platform engineering, application security, and software architecture. At Walt Disney,
I implemented comprehensive cluster monitoring, containerized applications, and optimized CI/CD pipelines. At Wells Fargo Bank, I led encryption automation efforts,
developed an in-house web API platform, and designed high-availability architectures using Kubernetes. At Crown Awards, I introduced platform engineering, built Kubernetes infrastructure,
and improved software release times significantly. Currently, as a Platform Engineer at Yoh, I manage Kubernetes clusters, develop Terraform/Helm tooling, and optimize data visualization applications.
Throughout my career, I have consistently automated processes, enhanced security, and improved infrastructure stability and reliability. My expertise includes using tools like Ansible, Terraform, and Rancher.
I have a proven track record of reducing costs and increasing efficiency. I am now seeking a new opportunity to leverage my skills in a dynamic and challenging environment.
This site is deployed using GitOps IAC with fully automated CI\CD pipelines.
Contact me for a demo!
EXPERIENCE
Dec 2024 - Current
Yoh
Platform Engineer
- Create Terraform plans to build out cloud infrastructure on AWS and Azure.
- Setup monitoring for clusters using Datadog
- Worked with Developers to containerize applications.
- Automated CI and CD pipelines
- Developed Security vulnerabilities test using Trivy.
- Maintained Github repositories for multiteam setups.
Mar 2024 - Nov 2024
Walt Disney
Application Security Engineer
- Create processes and document on how to setup new systems for security compliance
- Automated application deployments using Ansible to manage over 10k servers.
- Wrote Selenium tests scripts for monitoring and QA testing.
- Design and build Kubernetes infrastructure for on premise use.
- Setup monitoring for clusters using Grafana.
- Worked with Developers to containerize applications.
- Automated CI and CD pipelines
- Identified Security vulnerabilities and remediation.
- Handled Identity Access Management(IAM) for team applications.
Mar 2023 - Mar 2024
Crown Awards
Principle DevSecOps Engineer
- Create processes and document on how to setup new Linux systems for security hardening.
- Created Kanban boards and taught the team how to use Agile.
- Work with Software Architect and Operations manager to automate their team’s pipeline, allowing for faster delivery and smoother rollouts.
- Design and build Kubernetes infrastructure and GitOps automation
into organization improving software release time from over week to
minutes.
- Setup monitoring for clusters using Grafana/Loki/Prometheus.
- Managed over 20 apps supporting over 1 million customers.
- Worked with Developers to containerize applications.
- Wrote Ansible playbooks to build out Kubernetes environments.
- Helped CTO migrate from NFS to s3 object storage.
- Created Terraform and Rancher infrastructure as code playbooks.
- Automated CI and CD pipelines
- Identified Security vulnerabilities and remediation.
- Create processes and document on how to setup new Linux systems
for security hardening.
- Created Kanban boards and taught the team Agile.
- Work with Software Architect, Operations and QA teams to automate
their process, allowing for faster delivery and smoother rollouts.
- Created autoscaling apps and documentation for teams to learn
Kubernetes.
- Participated in team projects, demonstrating ability to work
collaboratively and effectively.
- Identified issues, analyzed information, and provided solutions to
problems.
- Used critical thinking to break down problems, evaluate solutions and
make decisions.
- Skilled at working independently and collaboratively in a team
Jan 2017 - Feb 2023
Wells Fargo
Lead Automation Engineer
- Create processes and document on how to setup Vormetric/CipherTrust to automate certificate installation Includes Microsoft Servers, Linux, Apache/PEM (OpenSSL), F5 Big-IP, AWS, Salesforce
- Developed automation web framework using Python, Shell, RESTAPI and Mongodb to automate on boarding and installation of encryption software across the enterprise.
- Transformed Wells Fargo cryptographic customer service engagement and operations with an unique solution of designing, building; implementing an in-house web API platform i.e. VAPS Platform to process software requests, generate reports for Hosts Encryption status and process user queries in high volumes, which has saved more than $100,000 USD annually.
- Designed architecture for high availability using Containers to build kubernetes across Dev, UAT, Production environments, which ensures zero downtime for respective LOBs.
- Completely eradicated the manual effort of searching the critical information such as Guard Path, status, state, target hosts, host policy, along with host OS information including kernel version, Vormetric agent version, staged DSM in REAL-TIME for around 15,000 Windows and Linux hosts which saved countless man hours.
- Successfully automated KMIP engineering process which would allow ISEs to stage multiple KMIP servers at once which helped to seamlessly implement Native Encryption on Mongo Database Platform and integration with DSM for Key management.
- Developed an end to end automated reporting process for Teradata team to monitor the status of encrypted Teradata instances which helped to satisfy TCP-8 compliance requirements.
- Automated Vormetric Load Balancing project and distributed around 15,000+ hosts across DSM's based on proximity to improve overall Stability, Availability, Scalability and Reliability of the Infrastructure.
- Meticulously developed a completely new REST API web handler for the registration of both Linux and Windows hosts which enables the patching team to query Vormetric DSM information using Ansible. This solution eliminated the gaps in the existing process and improved the overall efficiency of the patching process of hosts.
- Migrated Host Group Lookup function from VMSSC tool kit to the VAPS REST API. This eliminates the dependency on vendor tool-kit and helps ISEs/TBSAs to query the host group in DSMs and validate encryption status for LOB’s data. It is real-time and will be leveraged by Information Protection Repository Metadata (IPRM) application in the future for end to end automated Staging for Vormetric requests.
- Automated the creation of Jira tickets and sub-tasks.
- Act as Linux subject matter expert for team.
- Wrote and maintain Bash script for scrubbing confidential and restricted information from files.
- Lead sprint/kanban meetings with team
- Wiki/Confluence updates.
Oct 2013 - Jan 2017
Wells Fargo
Sr Security Engineer
- Create processes and document on how to setup Vormetric/CipherTrust to automate certificate installation Includes Microsoft Servers, Linux, Apache/PEM (OpenSSL), F5 Big-IP, AWS, Salesforce
- Designed architecture for high availability using Containers to build kubernetes across Dev, UAT, Production environments, which ensures zero downtime for respective LOBs.
- Act as Linux subject matter expert for team.
- Wrote and maintain Bash script for scrubbing confidential and restricted information from files.
- Lead sprint/kanban meetings with team
- Evaluate cloud encryption solutions.
- Database installation for Postgres , backups.
- Wiki/Confluence updates.
- Setup innoDB clusters for POCs
- Created and wrote BYOK process for AWS and SalesForce
- Setup and maintained CASBY solutions for cloud data
Oct 2011 - Jan 2014
Lazy Admins
Platform Engineer
- Analyzing system logs and identifying potential issues with computer systems.
- Introducing and integrating new technologies into existing data center environments.
- Performing routine audits of systems and software.
- Performing backups.
- Applying operating system updates, patches, and configuration changes.
- Installing and configuring new hardware and software.
- Adding, removing, or updating user account information, resetting passwords, etc.
- Answering technical queries and dealing with often frustrated users.
- Responsible for security.
- Responsible for documenting the configuration of the system.
- Troubleshooting any reported problems.
- System performance tuning.
- Ensuring that the network infrastructure is up and running.
- Write bash, perl, and php scripts for automation
- LAMP stack
Jan 2009 - Oct 2011
Godaddy
Business & IT Security/ Managed Server Administrator
- Investigate server compromises
- Maintain, manage, backup and optimize servers, running LAMP stack
- Setup and deploy Apache Tomcat
- Configure Cisco Firewalls
- Setup RAID
- Storage Solutions DAS, NAS, SAN, and NFS
Jun 2007 - Jan 2009
White Hat Hacks
Penetration Tester / Ethical Hacker
- Penetration testing
- Authentication
- Brute Force
- Insufficient Authentication
- Weak Password
- Recovery Validation
- Command Execution
- Buffer Overflow
- SQL Injection
- SSI Injection
- Information Disclosure
- Directory Indexing
- Information Leakage
- Path Traversal
- Predictable Resource Location
- Client-Side
- Content Spoofing
- Cross-site Scripting (XSS)
- HTTP Response Splitting
- Authorization
- Credential/Session Prediction
- Insufficient Authorization
- Virus and Spyware prevention and removal
EDUCATION
Dec 2014 - Dec 2015
Stanford University
Cryptography
Sep 2005 - Feb 2007
Kaplan University
Software Engineering
Certifications
Sep 2009
Certified Linux Administator (CLA)
Novell
Feb 2011
Linux Professional Institute Certified (LPIC)
LPI
Oct 2007
Certified Ethical Hacker (CEH)
EC-Council
