Hands-on AWS Cloud Security Architect
2022 - PRESENTBloomberg Industry Group - Main- Developed a GitOps framework using AWS CDK that enhanced the team's ability to ship software more securely, faster, and with higher quality.
- Created detailed documentation and onboarding support processes for the GitOps framework.
- Developed and executed a detailed migration plan to move from an AWS Landing Zone to AWS Control Tower for AWS account governance.
Technologies: Amazon Web Services (AWS), AWS Lambda, Terraform, AWS CloudFormation, IT Security, Cloud, AWS Cloud Development Kit (CDK), AWS Control Tower, Cloud Architecture, AWS Cloud Architecture, Governance, Cloud SecurityAWS Cloud Architect
2022 - 2022Disney Streaming Services- Planned the move from an isolated (non-governed) AWS environment into Disney-governed AWS environments in line with Disney governance and service standards.
- Developed code to automate the migration process with high precision, repeatability, and reliability.
- Led the handover efforts to the new team after the migration effort had proven to be a 100% success with zero downtime for the migrated services.
- Led the Disney architecture and security governance reviews to ensure migrated services aligned with Disney expectations and standards.
Technologies: Amazon Web Services (AWS), AWS IAM, Kubernetes, Jenkins, Spinnaker, PostgreSQL, Migration, Cloud Migration, Data Migration, Compliance, Governance, IT GovernanceSenior DevSecOps Engineer
2021 - 2022Check Technologies, Inc- Established world-class AWS accounts governance systems and implemented AWS Security Reference Architecture.
- Implemented AWS SSO and deprecated AWS Access Keys for all team members.
- Developed first-class detection, logging, and monitoring capabilities.
- Delivered world-leading infrastructure security automation.
- Implemented world-class threat detection and incident response capabilities.
Technologies: Amazon Web Services (AWS), TypeScript, AWS Cloud Development Kit (CDK), Terraform, Infrastructure as Code (IaC), GitLab, GitLab CI/CD, Docker, AWS CloudFormation, IT Security, Endpoint Security, SecOps, Documentation, Penetration TestingLead MLOps Engineer
2021 - 2022involve.ai- Analyzed and improved the efficiency, accuracy, scalability, and stability of ML-enabled content processing workflows.
- Provided technical guidance and coaching to developers and engineers on maintaining best practices.
- Managed a world-class engineering DevSecOps and MLOps organization that served as a center of excellence for other teams.
- Partnered with engineering, marketing, CS, product, sales, and machine learning heads.
- Implemented new relic synthetics, APM, ML model endpoint monitoring, and serverless application tracing to enhance observability, monitoring, and alerting capabilities.
- Enhanced Involve AI AWS Accounts governance and management significantly. Implemented AWS multi-account best practices and AWS security reference architecture.
- Implemented a comprehensive testing methodology. Defined all aspects of development, from appropriate technology and workflow to coding standards.
- Determined and implemented IT security strategy. Maintained SOC 2 Type II compliance. Delivered and maintained GDPR compliance.
- Reviewed contracts, data processing agreements, and other agreements for accuracy and compliance.
Technologies: TypeScript, Amazon Web Services (AWS), Amazon SageMaker, Apache Airflow, Amazon Elastic Container Service (Amazon ECS), AWS Fargate, Amazon Virtual Private Cloud (VPC), Amazon Aurora, PostgreSQL, SQL, Python, Architecture, Infrastructure as Code (IaC), AWS Cloud Development Kit (CDK), Terraform, Docker, Docker Compose, MLflow, DVC, IT Security, ISO 27001, Endpoint Security, SecOps, Documentation, Penetration TestingSenior DevSecOps Engineer
2021 - 2021involve.ai- Played a major role in helping to secure a $16.5 million investment funding round.
- Created a prioritized operational plan that improved DevSecOps processes and software delivery capabilities. Designed, architected, and implemented infrastructure automation with AWS CDK.
- Improved the product security posture and CI/CD quality gates significantly.
- Collaborated effectively with a diverse team of front-end, back-end, and full-stack developers.
- Helped train and develop client team members on advanced infrastructure as code automation technology. Generated comprehensive system documentation.
- Conducted AWS Well-Architected reviews to ensure system reliability, performance, security, scalability, and cost-effectiveness.
- Designed and implemented a serverless architecture for a mass mailing email application using AWS CDK. Collaborated with the development team on this project. Email delivery throughput was enhanced 10x over the previous system.
- Implemented AWS SSO integration with GSuite that enhanced employee system access and security.
- Configured Perimeter 81 client VPN connectivity to AWS.
- Implemented AWS Control Tower. Established good security hygiene and governance using AWS Security Hub at the AWS account level.
Technologies: Amazon Web Services (AWS), Docker, Docker Compose, TypeScript, JavaScript, Serverless, AWS Lambda, AWS Fargate, Amazon Aurora, MySQL, Apache, PHP, Agile, User Experience (UX), Cloudflare, New Relic, Amazon Route 53, AWS Cloud Development, AWS CloudFormation, GitHub, Continuous Delivery (CD), CI/CD Pipelines, Cypress, IT Security, ISO 27001, Endpoint Security, SecOps, Documentation, AWS Cloud Architecture, Cloud Infrastructure, Data Privacy, Data ProtectionSenior DevSecOps Engineer
2020 - 2021European Commission- Implemented an AWS cloud landing zone that improved baseline cloud security posture management.
- Delivered 100% automated DevSecOps pipeline for a digital forensics application used by computer security incident response capability (CSIRC) teams.
- Implemented an Azure AD and AWS SSO solution that helped improve the daily productivity of around 50 CSIRC and SOC teammates and eliminated the need for IAM access keys.
- Onboarded GitHub Enterprise and GitHub Actions to help streamline collaboration, developer productivity, CI/CD pipelines, and the ability to ship higher-quality software faster.
- Produced comprehensive documentation on DevSecOps processes that facilitated internal upskilling and more productive collaboration with vendors.
- Helped lead the development team to an on-time launch of the cloud digital forensics data-gathering application used by the CSIRC teams.
- Introduced Azure AD PIM to the team to reduce permanent admin role assignments.
- Implemented CIS remediation Lambda functions to improve AWS CIS compliance secure score from 45% to over 90%.
- Collaborated on the production of cloud security and CI/CD threat models.
Technologies: Azure, TypeScript, Python, Windows PowerShell, Threat Modeling, Cybersecurity, DevSecOps, AWS DevOps, Azure DevOps, GitHub, Linux, Amazon EC2, Amazon Virtual Private Cloud (VPC), AWS CloudFormation, AWS Cloud Development Kit (CDK), Amazon Web Services (AWS), Continuous Delivery (CD), Continuous Integration (CI), Security, AWS IAM, Pulumi, SAML, Single Sign-on (SSO), Static Application Security Testing (SAST), Azure Active Directory, Solution Architecture, Cloud, Software Architecture, Cloud Security, Networks, Networking, IT Security, Endpoint Security, SecOps, Documentation, Penetration Testing, AWS Cloud Architecture, Cloud InfrastructureSenior DevSecOps Engineer
2019 - 2020LEGO- Created solution architecture for a serverless data integration application.
- Implemented a fully automated CI/CD pipeline for development teams.
- Trained Lego employees on AWS technology and best practices.
- Introduced Serverless best practices to Lego B2B development teams.
- Conducted AWS Well-Architected Framework reviews of developed systems.
- Improved secrets management systems and Lego employee security awareness.
- Contributed to and participated in Agile processes, training, and workshops with the rest of the team.
Technologies: Serverless, Serverless Architecture, Serverless Framework, Amazon Aurora, Azure, Microsoft Graph, AWS Cloud Development Kit (CDK), AWS CloudFormation, TypeScript, Cybersecurity, DevSecOps, Python, Security, SAML, Single Sign-on (SSO), Azure Active Directory, Amazon Web Services (AWS), AWS IAM, Continuous Delivery (CD), Continuous Integration (CI), Solution Architecture, Software Architecture, PostgreSQL, Cloud Security, Networks, Networking, IT Security, Endpoint Security, SecOps, DocumentationLead DevSecOps Engineer
2018 - 2019Publicis Worldwide- Delivered a three-phase DevSecOps maturity project in collaboration with remote development teams.
- Enhanced the security posture of both external client projects and internal systems in line with ISO 27001 Stage 1.
- Undertook GDPR compliance audits for both internal and external client systems with solution recommendations.
- Led a successful migration of internal systems from Azure to AWS to help streamline internal operations and skills requirements.
- Visited development teams on an international field trip to Belarus and helped build relations.
- Contributed to a major pitch with my technical expertise, helping the agency win a large contract with Samsung Electronics.
- Created a PoC for a secure automated data analytics reporting solution using AWS Redshift, AWS Glue, and AWS RDS for SQL Server.
- Developed a PoC for a Java-based CMS system deployed to AWS ECS using AWS CDK.
- Studied for and passed AWS Certified DevOps Engineer Professional exam.
Technologies: Agile, AWS CloudFormation, GDPR, AWS Cloud Development Kit (CDK), SQL, Azure SQL, TypeScript, Cybersecurity, DevSecOps, Python, Amazon Web Services (AWS), AWS IAM, Azure, Security, Continuous Delivery (CD), Continuous Integration (CI), Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Solution Architecture, Software Architecture, Cloud Security, Networks, Networking, IT Security, ISO 27001, Endpoint Security, SecOps, Documentation, AWS Cloud Architecture, Azure DevOpsCloud Solutions Architect
2016 - 2018Emakina Group- Collaborated with the Emakina CTO and developed the cloud solution architecture for a major strategic client who needed to deploy hundreds of websites at scale with consistent, secure, and compliant governance processes.
- Led the development of the website factory after completion of the PoC and contract signing.
- Delivered DevSecOps consultancy and mentoring for application teams to help them onboard to the website factory.
- Obtained the AWS Certified Solutions Architect—Associate certification.
Technologies: SQL, IIS, Windows Server, Windows PowerShell, SiteFinity, C#, C#.NET, AWS WAF, AWS CloudFormation, Amazon EC2, Amazon Route 53, Amazon Virtual Private Cloud (VPC), DevSecOps, DevOps, Azure, Azure SQL, Python, Amazon Web Services (AWS), Git, GitHub, AWS IAM, SAML, Single Sign-on (SSO), Azure Active Directory, Solution Architecture, Software Architecture, Cloud Security, Networks, Networking, VPN, IT Security, Endpoint Security, SecOps, Documentation, Penetration TestingLead Software Architect
2008 - 2018Effective Computing- Created a speech recognition system that controls 200+ software applications in a deeply automated way.
- Created DevSecOps CI/CD pipelines for software distribution through alpha, beta, and production deployment phases.
- Implemented capability for distributed system control using voice commands.
- Created highly evolvable and modular system architecture that allows adaptions to a rapidly changing technological landscape.
- Obtained Microsoft Specialist: Programming in C# and Microsoft Certified Solutions Developer: Universal Windows Platform certifications.
Technologies: Windows, XAML, Telerik WPF, Telerik, Visual Studio, C#, Windows PowerShell, Architecture, Azure DevOps, User Experience (UX), Human Interface Design, Human-computer Interaction (HCI), ReactiveX, C++, Windows Communication Framework (WCF), Windows Presentation Foundation (WPF), Azure, Azure SQL, SQL, SQLite, DevSecOps, DevOps, CI/CD Pipelines, Git, GitHub, Security, Azure Active Directory, Continuous Integration (CI), Continuous Delivery (CD), Solution Architecture, Software Architecture, Cloud Security, Networks, Networking, IT Security, Endpoint Security, SecOpsSystems Administrator
2008 - 2017Effective Computing- Set up, configured, and operated Azure Security Center.
- Set up, configured, and operated Microsoft Office 365, Microsoft Office 365 Security and Compliance Center, and Microsoft Office 365 mobile device compliance.
- Set up, configured, and operated Microsoft Forefront Threat Management Gateway, Microsoft Active Directory, Windows Group Policy, and Microsoft SQL Server.
- Procured and upgraded computing and network hardware at favorable prices.
- Performed Windows and Linux OS updates and maintenance.
Technologies: Office 365, Azure, SQL, Azure SQL, IIS, Threat Management Gateway (TMG), Group Policy, DNS, Windows, Windows Server, Windows PowerShell, Cloud Security, Networks, Networking, Azure Active Directory, Azure Resource Manager (ARM), Security, Azure Key Vault, VPN, Endpoint Security, SecOpsManaging Director
2008 - 2017Effective Computing- Founded Effective Computing Ltd. and set up all administrative and accounting systems.
- Prepared annual accounts in collaboration with the company accountant.
- Migrated SAP Business One accounting solution into cloud-based Zoho Books.
- Raised investment capital to finance the business in the startup phase.
- Secured access to and participated in Microsoft BizSpark.
- Negotiated with third-party suppliers to obtain favorable pricing.
- Participated in industry events such as Business of Software, Microsoft Build, Adobe MAX, AWS re:Invent, and AWS re:Inforce.
Technologies: SAP Business One, Accounting, Finance, Financial Modeling, Excel VBA, Excel 365, Office 365, Zoho, Zoho Books