Donovan Francesco, Developer in Johannesburg, Gauteng, South Africa
Donovan is available for hire
Hire Donovan

Donovan Francesco

Verified Expert  in Engineering

DevSecOps and Security Architecture Developer

Location
Johannesburg, Gauteng, South Africa
Toptal Member Since
May 18, 2021

Donovan is a senior DevSecOps specialist with over 21 years of experience in the IT industry. He is an AWS, GCP, and Azure services expert, specializing in Infrastructure-as-code (IaC) using Terraform, Ansible, Chef, and Puppet to drive automation and security standards in CI/CD pipelines. Donovan is a veteran of solving complex problems, and with his unique security background, he architects solutions using industry best practices.

System AdministrationFirewallsHAProxyWeb SecuritySecurityVirtual MachinesDevOps EngineerCloudCloud InfrastructureInfrastructure as Code (IaC)Identity & Access Management (IAM)Amazon RDSWebSocketsCloud SecurityApplication SecurityAmazon AuroraAnsibleFirewallOKTASquid CacheData CenterOpenShiftMQTTAmazon EKSArgo CD

Portfolio

Prometheus Technologies Ltd
Amazon Web Services (AWS), AWS DevOps, Kubernetes, Docker, Terraform, DevOps...
Mas
DevOps, Kubernetes, Docker, System Administration, Git, Subversion (SVN), Cron...
MAS S.A.
DevOps, Kubernetes, Docker, System Administration, Git, Cron, OpenShift...

Experience

DevOps Engineer - 10 yearsDevSecOps - 10 yearsAmazon Web Services (AWS) - 8 yearsGoogle Cloud - 7 yearsTerraform - 7 yearsKubernetes - 7 yearsAnsible - 7 yearsGoogle Cloud Platform (GCP) - 5 years

Availability

Part-time

Preferred Environment

Terraform, Kubernetes, Google Cloud Platform (GCP), Azure, Amazon Web Services (AWS), DevSecOps, DevOps Engineer, Networks, Continuous Integration (CI), Continuous Delivery (CD)

The most amazing...

...experience was architecting, building, and deploying an OpenStack cluster with Ceph as back-end storage to run more than 5,000 customer workloads.

Work Experience

AWS DevOps Engineer

2023 - 2023
Prometheus Technologies Ltd
  • Built the entire infrastructure as code in AWS using Terraform and Terraform Cloud. This consisted of over 20 modules and was dynamic enough to deploy multiple environments without complexity.
  • Authored Helm3 templates which were more than 10 individual projects that deployed to the AWS EKS clusters using Argo CD as the pipeline.
  • Created Terraform Cloud manifests with encrypted secrets alongside AWS Secrets Manager to use the Kubernetes CSI driver that exposes secrets at runtime.
  • Developed and deployed both Confluent Kafka Terraform modules as well as Atlas MongoDB using AWS PrivateLink for best practices and security concerns.
Technologies: Amazon Web Services (AWS), AWS DevOps, Kubernetes, Docker, Terraform, DevOps, Apache Kafka, AWS ELB, Python, AWS NLB, AWS Certified DevOps Engineer, Databases, Amazon EC2, Amazon S3 (AWS S3), Amazon Virtual Private Cloud (VPC), AWS IAM, Containers, Logging, Cloud Infrastructure, Microservices Architecture, Confluence

Senior Systems and DevOps Engineer

2023 - 2023
Mas
  • Wrote Terraform modules to deploy the customer's stack into Azure, which included migration from native Kubernetes to AKS.
  • Wrote helm charts to deploy the customer's in-house software and combined Argo CD to deploy.
  • Utilized GitHub Actions to trigger CI/CD pipelines to build and test, do SAST scanning and smoke tests, and enable the promotion of code to upper environments.
  • Enabled Terraform's consumption of Azure services, including AKS, Keyvault, Azure Active Directory, Azure DNS, VNet peering, VPN peering, and ACR.
  • Deployed Prometheus, Thanos, Grafana, Loki, Tempo, and Alertmanager for telemetry and monitoring.
Technologies: DevOps, Kubernetes, Docker, System Administration, Git, Subversion (SVN), Cron, OpenShift, CI/CD Pipelines, Cloud Services, Networking, Bash Script, Virtualization, MongoDB, MySQL, Elasticsearch, Apache Kafka, Monitoring, MQTT, RabbitMQ, Load Balancers, Ansible, Grafana, Terraform, Azure Kubernetes Service (AKS), Azure, TCP/IP, Proxies, Argo CD, Databases, Istio, Containers, Logging, TypeScript, Cloud Infrastructure, Microservices Architecture, Confluence

Senior Systems and DevOps Engineer

2023 - 2023
MAS S.A.
  • Implemented DRY (Don't Repeat Yourself) methodology, which improved the time to deliver/deploy by more than 60%. Implemented quality gates based on code smells, code complexity, code vulnerability, and security hotspots.
  • Deployed Kubernetes to bare metal using Ansible (Kubespray) and Terraform to maintain the state of the deployments and version control.
  • Updated and modernized their GitLab CI/CD pipelines to include Snyk open source to identify potential risks.
  • Implemented Anchore image scanners to help identify and mitigate container vulnerabilities.
  • Improved the size of Docker image from 2 GB down to 500 MB by adding fewer layers in their deployment.
  • Implemented the Grafana stack with Loki, Tempo, and Jaeger. This drove the time to resolution down by more than 40% because there was a single point to discover bugs, issues, or resource contention.
  • Used Argo CD with Helm 3 to ensure CI/CD configuration was automated, and deployment was zero-touch. Implemented versioning which made it easier to roll back.
  • Integrated the ELK stack with a machine learning module to alert on anomalies.
  • Ensured the Kafka message bus was durable and could back up the topics and queues.
Technologies: DevOps, Kubernetes, Docker, System Administration, Git, Cron, OpenShift, CI/CD Pipelines, Cloud Services, Networking, Bash Script, Virtualization, MongoDB, MySQL, Elasticsearch, Apache Kafka, Monitoring, MQTT, RabbitMQ, Load Balancers, Ansible, Grafana, Terraform, Linux, Shell Scripting, Nagios, SQL, Infrastructure as Code (IaC), Bash, Kubernetes Expert, Application Security, Networks, Continuous Integration (CI), Continuous Development (CD), Web Security, Security, PostgreSQL, Cloudflare, Redis, Amazon Simple Queue Service (SQS), Amazon CloudWatch, AWS Lambda, AWS Fargate, Amazon Aurora, Azure Kubernetes Service (AKS), Continuous Delivery (CD), GitHub, Cloud, Agile DevOps, K3s, TCP/IP, Proxies, Argo CD, Databases, Istio, Containers, Logging, TypeScript, Cloud Infrastructure, Microservices Architecture, Confluence

DevOps and Kubernetes Engineer

2023 - 2023
Pano AI, Inc
  • Built the infrastructure using Terraform to comply with Google best practices and ISO 27001k, PCI, and DSS compliance.
  • Implemented Terraform Cloud with workload identity and short-lived service accounts in conjunction with Terraform workspaces to provide encrypted variables and encrypted, remote state.
  • Implemented GitHub Actions to build, test, and conduct static code analysis with SonarQube for code smells, complexity, and coverage.
  • Used Jaeger tracing with Grafana Tempo and Grafana Loki for event monitoring.
  • Used Terraform workspaces to create development, staging, and production environments.
  • Rewrote existing Terraform code, made the IaC idempotent and integrated it with Terraform Cloud.
  • Improved the Continuous Deployment pipelines with Helm 3 for packaging and version release process.
  • Implemented custom metrics using Stackdriver to autoscale infrastructure based on application load or load balancer HTTP requests.
  • Implemented Argo CD to ensure the Helm deployments were versioned and reflected in source control.
  • Implemented Infracost into the pipelines, which gave us a workflow of how much resources would cost if Terraform was applied.
Technologies: Kubernetes, Terraform, Google Cloud Platform (GCP), Java, Stackdriver, Docker, CI/CD Pipelines, Helm, Prometheus, Kubernetes HPA, GitHub Actions, Containerization, Python, Argo CD, Grafana, Linux, Shell Scripting, Nagios, SQL, Infrastructure as Code (IaC), Google Cloud Storage, Google Cloud, Configuration Management, Bash, Networks, Application Security, Kubernetes Expert, Continuous Integration (CI), Continuous Development (CD), Web Security, Security, PostgreSQL, Cloudflare, Redis, Cybersecurity, Identity & Access Management (IAM), Architecture, System Administration, Load Balancers, Node.js, Continuous Delivery (CD), GitHub, Cloud, Agile DevOps, TCP/IP, WebSockets, Databases, Istio, Containers, Logging, TypeScript, Cloud Infrastructure, Microservices Architecture, Confluence

Site Reliability Engineer

2022 - 2022
Toptal Client
  • Ensured all relevant applications were PCI compliant. This included documentation, application flow, architectural diagrams, and system architecture. This spanned between Windows Server and Linux.
  • Built environments based on Cloud Adoption Framework for Terraform, including VNet, VNet peering, resource groups, DNS records, AKS, firewall policies, identity management, app service plan deployment, and Azure DevOps.
  • Wrote custom modules in TypeScript and C# to integrate into their new CRM and planning tool built in-house.
  • Conducted penetration testing exercises. Wrote fuzzing and reverse shell exploitation. Used Kali Linux with Metasploit and OWASP ZAP to intercept web calls and manipulate payloads.
  • Implemented the Istio service mesh for east-west security controls, including using OPA (Open Policy Agent) inside AKS.
  • Managed and maintained F5, checkpoint appliances, and virtual devices.
  • Implemented DRY (Don't Repeat Yourself) methodology, which improved the time to deliver/deploy by more than 60%. Implemented quality gates based on code smells, complexity, vulnerability, and security hotspots.
  • Implemented Anchore image scanners to help identify and mitigate container vulnerabilities.
  • Implemented the Grafana stack with Loki, Tempo, and Jaeger. This drove the time to resolution down by more than 40% because there was a single point to discover bugs, issues, or resource contention.
  • Used Argo CD with Helm 3 to ensure CI/CD configuration was automated, and deployment was zero-touch. Implemented versioning which made it easier to roll back changes.
Technologies: Azure, Terraform, Linux, Site Reliability Engineering (SRE), CI/CD Pipelines, Python, Bash, Docker, Kubernetes, Azure IaaS, DevSecOps, Azure DevOps, Datadog, Shell Scripting, Cloudflare, Nagios, SQL, Infrastructure as Code (IaC), User Stories, Virtual Machines, Azure Virtual Machines, Firewalls, Windows PowerShell, IIS SQL Server, Configuration Management, MongoDB, Grafana, Continuous Integration (CI), Continuous Development (CD), Web Security, Security, PostgreSQL, Redis, Cybersecurity, Identity & Access Management (IAM), Architecture, System Administration, Load Balancers, Node.js, Azure Kubernetes Service (AKS), Continuous Delivery (CD), GitHub, Cloud, TCP/IP, PHP, Argo CD, AWS CloudFormation, Databases, Istio, Amazon S3 (AWS S3), Amazon Virtual Private Cloud (VPC), AWS IAM, Containers, Logging, TypeScript, Cloud Infrastructure, Microservices Architecture, Confluence

VP Infrastructure Engineer

2021 - 2022
Yoyo Group
  • Oversaw the Yoyowallet platform with more than 5 million users. Completed the technical design and implementation with my teams.
  • Implemented AWS patterns using Terraform for our IaC. Applied extensive experience in AWS networking, security, and deployment methodology.
  • Advocated and sponsored the GitHub Action migration of more than 700 repositories.
  • Implemented security and dependencies scanning using Nessus, OWASP ZAP, SonarQube, Tekton CI, Argo CD, and EKS to store clean images in ECR.
  • Deployed services using Terraform, utilizing ECS, RDS, EC2, NLB, ALB, target, and auto-scaling groups DynamoDB and EKS.
  • Oversaw the security and architectural design for compliance with various ISO and SOC2 requirements.
  • Implemented the Istio service mesh to apply security between the east-west traffic using OPA and OPA for Kubernetes.
  • Integrated AWS Cognito with 3rd-party IDPs, such as SAML or OpenID Connect OIDC with servers Auth0 and Okta.
  • Managed and maintained client-facing F5 appliances, patching, and web application firewall (WAF) and protected the Azure Virtual Network (VNet) peering and AWS VPCs.
  • Implemented the Grafana stack with Loki, Tempo, and Jaeger. This drove the time to resolution down by more than 40% because there was a single point to discover bugs, issues, or resource contention.
Technologies: Amazon Web Services (AWS), Terraform, GitHub Actions, Prometheus, Grafana, AWS DevOps, Argo CD, Identity & Access Management (IAM), Monitoring, Apache Kafka, Cron, CircleCI, Shell Scripting, Python 3, MySQL, Linux, Nagios, SQL, HAProxy, Infrastructure as Code (IaC), Google Cloud Storage, Azure DevOps, Virtual Machines, Azure IaaS, Firewalls, Windows PowerShell, Configuration Management, Application Security, Bash, Networks, Kubernetes Expert, Datadog, MongoDB, Continuous Integration (CI), Continuous Development (CD), Web Security, Security, PostgreSQL, Redis, Cloudflare, Cybersecurity, Architecture, System Administration, Load Balancers, Amazon Simple Queue Service (SQS), Amazon CloudWatch, Node.js, AWS Lambda, AWS Fargate, Amazon Aurora, Azure Kubernetes Service (AKS), Continuous Delivery (CD), GitHub, Cloud, GitLab CI/CD, .NET, Agile DevOps, Amazon EKS, Amazon RDS, Rancher, K3s, Squid Proxy Server, NGINX, TCP/IP, Amazon Elastic Container Service (Amazon ECS), Proxies, WebSockets, PHP, Ruby on Rails (RoR), AWS IoT, AWS CloudFormation, Databases, Istio, Amazon EC2, Amazon S3 (AWS S3), Amazon Virtual Private Cloud (VPC), AWS IAM, Containers, Logging, TypeScript, Cloud Infrastructure, Microservices Architecture, Confluence

AWS DevOps

2021 - 2022
Toptal Client
  • Implemented DRY (Don't Repeat Yourself) methodology, which improved the time to deliver/deploy by more than 60%. Implemented quality gates based on code smells, complexity, vulnerability, and security hotspots.
  • Built the entire infrastructure using Terragrunt and Terraform, deploying many AWS technologies to support 10,000 concurrent users per second.
  • Used Argo CD with Helm 3 to ensure CI/CD configuration was automated, and deployment was zero-touch. Implemented versioning which made it easier to roll back changes.
  • Deployed the Atlantis PR workflow using AWS Fargate.
  • Implemented the Grafana stack with Loki, Tempo, and Jaeger. This drove the time to resolution down by more than 40% because there was a single point to discover bugs, issues, or resource contention.
  • Utilized AWS Lambda to transform log output into Loki.
  • Integrated the ELK stack with a machine learning module to alert on anomalies.
  • Implemented Anchore image scanners to help identify and mitigate container vulnerabilities.
  • Added Infracost to their GitHub Actions to show how much a terraform plan would cost to deploy.
  • Performed cost analysis and introduced FinOps using Optscale.
Technologies: Terraform, Kubernetes, Amazon Web Services (AWS), Amazon EKS, DevOps, Web Security, Docker, AWS Lambda, AWS Fargate, Network Security, Load Balancers, DevOps Engineer, Amazon Simple Queue Service (SQS), Amazon RDS, Redis, Elasticsearch, Amazon CloudWatch, Containerization, Virtualization, Cloud Security, Networking, Cloud, RabbitMQ, Argo CD, SQL, Shell Scripting, Cloudflare, Python 3, MySQL, Linux, Nagios, HAProxy, Infrastructure as Code (IaC), Virtual Machines, Configuration Management, Continuous Integration (CI), Continuous Development (CD), Security, PostgreSQL, Cybersecurity, Identity & Access Management (IAM), Architecture, System Administration, Node.js, Amazon Aurora, Continuous Delivery (CD), GitHub, Agile DevOps, TCP/IP, Amazon Elastic Container Service (Amazon ECS), Proxies, Databases, Amazon EC2, Amazon S3 (AWS S3), Amazon Virtual Private Cloud (VPC), AWS IAM, Containers, Logging, TypeScript, Cloud Infrastructure, Microservices Architecture, Confluence

Senior DevOps Engineer

2021 - 2021
Toptal Client
  • Implemented DRY (Don't Repeat Yourself) methodology, which improved the time to deliver/deploy by more than 60%. Implemented quality gates based on code smells, complexity, vulnerability, and security hotspots.
  • Tested and deployed node pools for EKS 1.16 and upgraded EKS to 1.21.
  • Migrated the customer from self-managed Redis and MongoDB to AWS Redis cache and Amazon DocumentDB. This was a significant milestone in achieving proper high availability.
  • Mitigated risk by implementing AWS Secrets Manager with the CSI driver into EKS. This meant no password or API key was passed unencrypted.
  • Documented DevOps and DevSecOps best practices and design patterns using a hybrid AWS and OSS model, where I introduced Prometheus, Grafana, Thanos, and Loki for visualization.
  • Implemented the Grafana stack with Loki, Tempo, and Jaeger. This drove the time to resolution down by more than 40% because there was a single point to discover bugs, issues, or resource contention.
  • Used Argo CD with Helm 3 to ensure CI/CD configuration was automated, and deployment was zero-touch. Implemented versioning which made it easier to roll back changes.
  • Integrated the ELK stack with a machine learning module to alert on anomalies.
Technologies: Kubernetes, Amazon Web Services (AWS), DevOps, DevSecOps, Terraform, GitHub, AWS Lambda, RabbitMQ, AWS DevOps, Argo CD, Apache Kafka, Cloudflare, Python 3, MySQL, Linux, Shell Scripting, Nagios, SQL, HAProxy, Infrastructure as Code (IaC), User Stories, Virtual Machines, Firewalls, Configuration Management, Kubernetes Expert, Application Security, Networks, Bash, Continuous Integration (CI), Continuous Development (CD), Web Security, Security, PostgreSQL, Redis, Cybersecurity, Identity & Access Management (IAM), Architecture, System Administration, Load Balancers, Amazon Simple Queue Service (SQS), Amazon CloudWatch, Node.js, AWS Fargate, Amazon Aurora, Jenkins, CircleCI, Continuous Delivery (CD), Cloud, GitLab CI/CD, Agile DevOps, Amazon EKS, Amazon RDS, Rancher, K3s, TCP/IP, Amazon Elastic Container Service (Amazon ECS), Proxies, WebSockets, AWS IoT, AWS CloudFormation, Databases, Amazon EC2, Amazon S3 (AWS S3), Amazon Virtual Private Cloud (VPC), AWS IAM, Containers, Logging, TypeScript, Cloud Infrastructure, Microservices Architecture, Confluence

Director of DevSecOps and Security Architecture

2020 - 2021
DotModus
  • Served as the principal technical lead for DevSecOps and security architecture at a global media company running on Azure. Managed architecting and designing security best practices and frameworks to increase the security posture.
  • Approved design patterns as a Technical Design Authority (TDA) member. Ensured design patterns and frameworks were used to guide the development process and governing standards.
  • Implemented a secure software delivery lifecycle framework. Educated developers to adhere to industry best practices and design patterns approved by the technical design forum.
  • Identified critical common vulnerabilities and exposures (CVE) and designed policies and procedures to minimize the blast radius.
  • Implemented honeypot environments and Chaos Monkey red team drills to adhere to SLAs and keep the engineering team's skills up-to-date.
  • Implemented system auditing to adhere to ISO2007+, NIST CSF, and PCI DSS compliance. Provided evidence to external auditors based on our customers' requirements.
  • Gathered technical and business requirements to develop roadmaps that complied with security governance standards.
  • Adhered to and enforced legislative policies, including but not limited to GDPR, PII, HIPAA, and POPIA acts to encrypt data in flight and at rest.
  • Implemented an Istio service mesh across multiple clusters. In addition, I have used AWS Cognito with Google IdP, Auth0, and Okta for third-party JSON Web Token (JWT) claims.
  • Completed penetration testing exercises. Wrote fuzzing and reverse shell exploitation. Used Lali Linux with Metasploit and OWASP ZAP to intercept web calls and manipulate payloads. Using Burp Suite Pro in conjunction with OWASP ZAP.
Technologies: DevSecOps, DevOps, Google Cloud Platform (GCP), Azure, Terraform, Helm, GitHub, Python, Continuous Integration (CI), Continuous Delivery (CD), Amazon Web Services (AWS), Docker, GitHub Actions, Elasticsearch, PostgreSQL, Infrastructure as Code (IaC), DevOps Engineer, Containerization, Virtualization, Networking, Identity & Access Management (IAM), Apache Kafka, Shell Scripting, Python 3, MySQL, Linux, Nagios, SQL, HAProxy, Google Cloud Storage, Google Cloud, Azure DevOps, User Stories, Data Centers, Virtual Machines, Azure Virtual Machines, Azure IaaS, Firewalls, Windows PowerShell, IIS SQL Server, Configuration Management, Continuous Development (CD), Web Security, Security, Redis, Cloudflare, Cybersecurity, Architecture, System Administration, OpenShift, Load Balancers, RabbitMQ, MQTT, Amazon Simple Queue Service (SQS), Amazon CloudWatch, AWS Lambda, AWS Fargate, Amazon Aurora, Jenkins, CircleCI, Azure Kubernetes Service (AKS), Cloud, GitLab CI/CD, .NET, Agile DevOps, Amazon EKS, Amazon RDS, Rancher, K3s, Squid Proxy Server, NGINX, TCP/IP, Amazon Elastic Container Service (Amazon ECS), Proxies, WebSockets, PHP, Argo CD, Ruby on Rails (RoR), AWS IoT, AWS CloudFormation, Databases, Amazon EC2, Amazon S3 (AWS S3), Amazon Virtual Private Cloud (VPC), AWS IAM, Containers, Logging, Cloud Infrastructure, Microservices Architecture, Confluence

Principal Technical Lead, Platform Engineering and Security

2018 - 2020
Dimension Data
  • Led a team of highly skilled engineers over two different business units. Conducted the strategic planning and execution of critical projects and defined reporting line structures and overall management of business units.
  • Designed and implemented security policies and frameworks to increase compliance for external auditing companies based on customer requirements. Educated executive leadership on ISO2007+, NIST CSF, and PCI DSS compliance.
  • Introduced concepts, such as honeypots, including low-interaction honeypots. This type of honeypot is elementary to construct, but it might look "phony" to a hacker. It runs a narrow set of services that exemplify the most prevalent attack vectors.
  • Designed and implemented demarcated zones, such as high-interaction honeypots. This honeypot employs virtual machines to ensure that potentially compromised systems are isolated.
  • Designed and implemented pure honeypots, which are time-consuming and challenging to build and manage but are authentic targets. Based on their purpose, there are two categories of honeypots: research and production.
  • Owned and drove security tracing throughout the delivery lifecycle of software or supporting systems, including business policies and processes, tooling, technology, and compliance with enterprise security standards.
  • Adhered to and enforced legislative policies, including but not limited to GDPR, PII, HIPAA, and POPIA acts to encrypt data in flight and at rest.
  • Deployed, operated, and implemented the Istio service mesh inside Kubernetes.
  • Managed and maintained customer equipment, including VMware patching, customizing, and storage area networks connected through fiber channels on EMC arrays.
  • Provided diagrams and integration diagrams to depict various customer-specific designs clearly. All support, maintenance, and monitoring with infrastructure as code was authored by me for a few clients.
Technologies: Terraform, Architecture, Azure, Amazon Web Services (AWS), Google Cloud, Jenkins, Continuous Delivery (CD), Continuous Integration (CI), MongoDB, Docker, DevOps, DevSecOps, Azure Kubernetes Service (AKS), Cloud, Python, Go, Elasticsearch, Redis, PostgreSQL, Site Reliability Engineering (SRE), Datadog, Azure DevOps, Network Security, Load Balancers, AWS DevOps, DevOps Engineer, Containerization, Virtualization, AWS Lambda, Cloud Security, RabbitMQ, GitLab CI/CD, Cloud Services, Cron, Monitoring, OpenShift, Networks, TCP/IP, Cloudflare, Node.js, Python 3, MySQL, Linux, Shell Scripting, Nagios, SQL, HAProxy, Infrastructure as Code (IaC), Google Cloud Storage, User Stories, Data Centers, Virtual Machines, Azure Virtual Machines, Azure IaaS, Firewalls, Windows PowerShell, IIS SQL Server, Configuration Management, Continuous Development (CD), Web Security, Security, Cybersecurity, Identity & Access Management (IAM), System Administration, MQTT, CircleCI, GitHub, .NET, Agile DevOps, Amazon EKS, Amazon RDS, Rancher, K3s, Squid Proxy Server, NGINX, Amazon Elastic Container Service (Amazon ECS), Proxies, WebSockets, PHP, Ruby on Rails (RoR), AWS IoT, Databases, Amazon EC2, Amazon S3 (AWS S3), Amazon Virtual Private Cloud (VPC), AWS IAM, Containers, Logging, Cloud Infrastructure, Microservices Architecture

Principal Technical Lead, OSS

2017 - 2018
Dimension Data
  • Led a team of highly skilled engineers, managing large budgets and strategic planning to execute critical projects for the business. Drove projects using the Agile methodology and presented live demos to the executives.
  • Managed the network monitoring team, which had more than 65,000 endpoints, led the architecture and engineering team from the front and trained the engineers.
  • Oversaw security for the EMEA region and the architecture and solution design with Cisco to deploy and automate the network using SDN securely.
  • Managed the network security architecture, platform security architecture, cloud, application, middleware security architecture, and identity access management architecture. This included on-premise and migrations to AWS and GCP with SSO.
  • Leveraged design thinking concepts to architect and build bespoke customer solutions with legacy systems and industrialization of modern go-to-market services, leveraging public cloud technologies.
  • Adhered to and enforced legislative policies, including but not limited to GDPR, PII, HIPAA, and POPIA acts to encrypt data in flight and at rest.
  • Worked on VMware patch and security updates. Maintained system diagrams and documentation of the architecture. Handled Windows and Windows server updates and customizations and IIS load balancing, along with terminal services load balancing.
Technologies: Kubernetes, Prometheus, CI/CD Pipelines, Ansible, Terraform, Docker, Amazon Web Services (AWS), Continuous Delivery (CD), Continuous Integration (CI), Jenkins, Google Cloud Platform (GCP), MongoDB, DevOps, DevSecOps, Azure, Cloud, Python, Go, Elasticsearch, PostgreSQL, Redis, AWS Lambda, Azure DevOps, Load Balancers, AWS DevOps, DevOps Engineer, Containerization, Virtualization, Cloud Security, Networking, RabbitMQ, GitLab CI/CD, OpenShift, Cron, Cloud Services, Monitoring, TCP/IP, Networks, Cloudflare, Node.js, Python 3, MySQL, Linux, Shell Scripting, Nagios, SQL, HAProxy, Infrastructure as Code (IaC), Google Cloud Storage, Data Centers, Virtual Machines, Azure Virtual Machines, Azure IaaS, Firewalls, Windows PowerShell, IIS SQL Server, Configuration Management, Continuous Development (CD), Security, Cybersecurity, Identity & Access Management (IAM), Architecture, System Administration, MQTT, GitHub, .NET, Agile DevOps, Rancher, Squid Proxy Server, NGINX, Proxies, WebSockets, PHP, Ruby on Rails (RoR), Databases, Amazon EC2, Amazon S3 (AWS S3), Amazon Virtual Private Cloud (VPC), AWS IAM, Containers, Logging

Cloud Architect, Infrastructure and Security

2015 - 2017
Dimension Data
  • Built the first public cloud platform for Africa using OpenStack and Ansible for deployment. Used Prometheus for scraping agents, APIs for monitoring, and Grafana as a visualization platform.
  • Operated a public cloud for over 1,000 customers while being responsible for this cluster's architecture, running, and maintenance.
  • Learned much from this exercise on designing our automation using Ansible and Jenkins with some custom code to call the OpenStack APIs and deploy VMs on behalf of the customer.
  • Architected a cloud migration strategy and solutions, focusing on security. Supported cross-functional teams to investigate, analyze, and make recommendations to leadership on current strategy or operational issues.
  • Utilized critical thinking and skills when working with users and groups at all levels to obtain requirements. Approached issues with an analytical mindset and thinking of the big-picture solutions.
  • Designed security architecture elements to mitigate threats as they emerge.
  • Conducted penetration testing exercises. Wrote fuzzing and reverse shell exploitation. Used Kali Linux with Metasploit and OWASP ZAP to intercept web calls and manipulate payloads. Used Burp Suite Pro in conjunction with OWASP ZAP.
  • Worked on Windows and Windows server automation to roll out CI/CD pipelines. Handled VMware cluster management and support. Built the system architecture design using AD FS and single sign-on.
Technologies: Prometheus, Ansible, Grafana, Python, Kubernetes, MongoDB, Architecture, Terraform, Continuous Integration (CI), Jenkins, Amazon Web Services (AWS), Google Cloud Platform (GCP), Docker, DevOps, DevSecOps, Go, Elasticsearch, Redis, PostgreSQL, Git, DevOps Engineer, Load Balancers, Containerization, Virtualization, Cloud Security, Networking, Cloud, Security, Cybersecurity, GitLab CI/CD, Cloud Services, Cron, Monitoring, TCP/IP, Networks, Cloudflare, Python 3, MySQL, Linux, Shell Scripting, Nagios, SQL, HAProxy, Infrastructure as Code (IaC), Google Cloud Storage, Data Centers, Virtual Machines, Firewalls, Windows PowerShell, IIS SQL Server, Configuration Management, Identity & Access Management (IAM), System Administration, OpenShift, RabbitMQ, MQTT, GitHub, .NET, Agile DevOps, Squid Proxy Server, NGINX, Proxies, WebSockets, PHP, Ruby on Rails (RoR), Databases, Amazon EC2, Amazon S3 (AWS S3), Amazon Virtual Private Cloud (VPC), AWS IAM, Containers, Logging

Senior Cloud Support Engineer

2014 - 2015
Amazon Web Services (AWS)
  • Served as a subject matter expert for Linux and RDS. Part of the senior support team assisting customers in migrating workloads from on-premise to the public cloud.
  • Assisted large customers with their AWS infrastructure as a key resource.
  • Became an SME in EC2 and RDS. This was one of my highlights while working at AWS, and it opened my ambition to investigate other hyperscalers.
Technologies: AWS ELB, Amazon CloudWatch, Amazon RDS, Cloud, Load Balancers, Virtualization, Cloud Security, Networking, Identity & Access Management (IAM), Cloud Services, Cron, Subversion (SVN), Monitoring, Python 3, Linux, Shell Scripting, Firewalls, Security, System Administration, TCP/IP, Amazon Virtual Private Cloud (VPC), AWS IAM, Logging

Executive Manager, Systems

2013 - 2014
DNS Solutions ZA
  • Managed the deployment of multiple OpenStack environments to present the customer with infrastructure as a service for developers to deploy their code via an automation pipeline using Jenkins.
  • Used Puppet out of habit but found the DSL and parallelism problematic. I switched to Ansible in favor of Puppet for high-velocity automation and ease of use.
  • Trained and mentored our mid-level engineers and helped architect a multi-datacenter solution for resiliency.
Technologies: Ansible, Cloud, Python, Bash, Elasticsearch, Redis, PostgreSQL, Networking, Cloud Services, Monitoring, Cron, Subversion (SVN), Linux, Shell Scripting, HAProxy, Infrastructure as Code (IaC), Data Centers, Virtual Machines, Firewalls, System Administration, Load Balancers, RabbitMQ, MQTT, Jenkins, Squid Proxy Server, NGINX, TCP/IP, PHP, Ruby on Rails (RoR), Logging

Senior Systems Manager

2013 - 2013
Open Network Holdings
  • Contracted to build a computing platform that handled various workloads; this was before the cloud wave happened. Automated infrastructure and networking deployments.
  • Acted as an integral part of the team and trained and mentored juniors reporting to me. Built our own CI/CD platform on the back of Jenkins, automated building and packaging code, and used Puppet to deploy artifacts.
  • Used different technologies, such as OpenStack, Ceph, InfiniBand HPC networking, GlusterFS, Perl and Bash scripting, KVM virtualization, Splunk, and centralized system logging.
  • Introduced a SDLC process and system to get code out. The artifact would go through multiple stages to check for vulnerabilities, code coverage and general app hygiene.
Technologies: NGINX, Nagios, Continuous Integration (CI), Python, Networking, Cron, Subversion (SVN), Monitoring, Linux, Shell Scripting, HAProxy, Infrastructure as Code (IaC), Data Centers, Virtual Machines, Firewalls, System Administration, Load Balancers, Cloud, Squid Proxy Server, TCP/IP, PHP, Logging

Network Security Manager

2008 - 2012
ECN Telecommunications
  • Built the core infrastructure the company used to support VoIP to their customers. The implementation spanned multiple regions, and I was solely responsible for the automation and security of the system.
  • Implemented Puppet as a tool to automate more than 400 remote servers.
  • Ensured the network was secured using various white hat principles and tooling to patch the platform against malicious attacks.
  • Implemented FCAPS. The five levels are fault-management (F), configuration level (C), accounting level (A), performance level (P), and security level (S).
  • Supported development and submissions of budgetary and investment plans.
  • Designed security architecture elements to mitigate threats as they emerge.
  • Penetration testing exercises. Wrote fuzzing and reverse shell exploitation. Used Kali Linux with Metasploit and OWASP ZAP to intercept web calls and manipulate payloads. Using Burp Suite Pro in conjunction with OWASP ZAP.
Technologies: Python, Bash Script, Nagios, HAProxy, Linux, Firewalls, Continuous Integration (CI), Redis, PostgreSQL, Networking, Cybersecurity, Security, Cron, Subversion (SVN), Monitoring, Python 3, Shell Scripting, Infrastructure as Code (IaC), Data Centers, Virtual Machines, Configuration Management, Architecture, System Administration, Load Balancers, Squid Proxy Server, NGINX, TCP/IP, Logging

IT Manager

2007 - 2008
M & D Laminates
  • Built a hub-and-spoke network allowing multiple branches to connect and use internal business applications. Trained and supported junior engineers and shared knowledge regarding system architecture and network design.
  • Used different technologies, from Linux servers that managed incoming sessions and firewalling to email and web hosting linked to the Microsoft Active Directory.
  • Improved remote work for the company, which allowed the business to accelerate its vision.
  • Supported development and submissions of budgetary and investment plans.
  • Designed security architecture elements to mitigate threats as they emerge.
Technologies: Linux, Networking, Cron, Subversion (SVN), Monitoring, Shell Scripting, System Administration, Load Balancers, Squid Proxy Server, TCP/IP, Logging

Linux and Windows Engineer

2005 - 2007
Networks Online
  • Contributed to supporting and maintaining onsite client solutions. Supported bespoke customer requirements.
  • Attended to roughly 40 clients, remotely and onsite, ranging from network, VLAN, and segmentation to DBA administration and domain controller policies.
  • Configured and maintained a large-scale VPN deployment with webpage caching.
Technologies: Squid Proxy Server, MySQL, Linux, Networking, Cron, Subversion (SVN), Monitoring, Shell Scripting, System Administration, Load Balancers, TCP/IP, Logging

Linux and Windows Engineer

2002 - 2004
SA Feed
  • Managed all IT administration and configuration and a few Linux servers that provided website hosting, firewalling, and secure access to network-provided storage.
  • Used technologies, such as iptables firewall, Samba domain controller, Qmail, Windows support, PC hardware support, Apache web servers, Squid proxy servers, and Bind8 (DNS).
  • Managed all IT operations of the company, increasing accessibility to business-critical services, and improving the user experience.
  • Supported cross-functional teams to investigate, analyze, and make recommendations to leadership on the strategy or operational issues.
Technologies: Squid Proxy Server, Firewalls, Networking, Linux, Shell Scripting, System Administration, Subversion (SVN), TCP/IP

Venture-backed Startup

https://pano.ai
This engagement started with old and unmaintained infrastructure as code in Terraform that needed to be refactored and sometimes completely redone. My task was to build their entire environment and make the environment idempotent using Terraform and Terraform workspaces. I implemented the use of Terraform Cloud to keep variables secret and allow other engineers to drive automation independently. This project was done entirely in GCP, making use of the following services: Cloud SQL, Cloud Load Balancing, Pub/Sub queues, GCS, Prometheus monitoring and alerting, GKE with GKE node pools, custom metrics with Stackdriver to scale under specific affinity rules in Kubernetes. We used GitHub Actions and Helm 3 to deploy their applications to the clusters. Careful attention to the overall spend of the platform became very granular and easier to notice what was causing the high spend. Using Terraform, I created VPC peering, Cloud DNS changes, Slack integration for alerts, PagerDuty integration for on-call engineers, Cloud Functions, WAF with rules, and Loki integration with Stackdriver. This engagement was really fun to do, and the end product was quite an achievement to be a part of.

Kubernetes on Bare Metal

https://maseurope.com
The customer had a unique edge case requiring Kubernetes on two physical hosts at various power generation sites. We used Kubespray to Bootstrap the physical nodes. Once the Bootstrap process had been completed, I used the Kubernetes provider for Terraform to control the remote state. The requirement for the customer was to enable their team to upgrade Kubernetes and use versioning to roll out a set of applications with different configurations. I assisted them by implementing Helm 3 to deploy their software via VPN from their internal GitLab CI instance. I wrote over 12 Helm charts for each software component. I used GitLab CI to follow the standard SDLC pattern, i.e., build/test/quality-scan/vulnerability-scan/upload a new Docker image to the registry and then trigger Anchore to scan the uploaded image. Once the versioning was in place, I deployed Argo CD to the clusters and ensured that Argo controlled the running configuration and that synchronicity was facilitated by Git source control. I then deployed Prometheus, Thanos, Grafana, Loki, Tempo, and MinIO for S3-compatible blobs and aggregated metrics/logs to the command center for sysops to monitor and control.

SRE and Automation

https://sandhills.com
This engagement was an Azure stack and the primary use of application service plans. I oversaw the automation of their current stack and the future state, including AKS and migration of apps from Azure DevOps into Helm deployments using Prometheus, Grafana, LokiJS, and Tempo as a replacement for app insights. I implemented the Cloud Adoption Framework (learn.microsoft.com/en-us/azure/cloud-adoption-framework/) to keep with Azure's best practices and policies. CAF uses Terraform inside a container called Rover. Rover is a wrapper around Terraform that uses Azure's best practice manifests. I deployed management groups, VNets, vNet Peering, Azure firewalls, and Dynamic Key Vaults. The remote state was initially in a storage blob container and then migrated to Terraform Cloud. I was also part of the day-to-day operations and reliability team and received a deep understanding of app service plans and deployment center integration with Azure DevOps. I aided the PCI compliance team in achieving their goals and was trusted to have access to their CDE (Card Data Environment) to ensure best practices and security controls were in place.

Migration of EC2 Services to EKS

https://www.azrieli.com/
I oversaw the migration from Elastic Compute Cloud (Amazon EC2) to EKS-managed node pools. I used Terragrunt in this engagement to keep the configuration as DRY as possible. Terraform state was stored in S3 and later moved to Terraform Cloud. Supporting services for their main applications, written in PHP, included writing Terraform code from scratch for the following services: AWS ACM, Amazon CloudFront, ECR for container registry, EFS for multi-pod persistent storage, EKS with Prometheus, Alertmanager, cert-manager, ExternalDNS, Thanos, and Grafana for alert aggregation. I also wrote cloud functions to convert Amazon CloudWatch logs into a format that Grafana Loki could index. Terraform and Elasticsearch also controlled Route53. I wrote documentation and runbooks for the operations team. I also introduced the team to managing sensitive information such as credentials and API keys by implementing the CSI driver to the AWS Secrets Manager.

Terraform Automation from AWS CloudFormation

https://www.tetrascience.com/
The customer had a unique set up where they would publish AMIs, and their clients would use them to set up their solution. I was part of the team that spun up AWS environments for developers to test IoT devices, including migration from MongoDB to Amazon DocumentDB and from eksutils to Terraform. Controlled EKS upgrades and added managed node pools using Terraform. I oversaw the reliability and testing of upgrades from Kubernetes 1.16 to 1.21. I wrote a GitHub action to make release pipelines easier to manage and test. The Terraform code also spun up VPC, Amazon Aurora, PostgreSQL, DocumentDB, Redis clusters, and security groups. I also migrated their existing Redis cluster into AWS-managed Redis clusters with high availability (HA).

Professional Services – Migration to AWS and Microservices

https://yoyowallet.com
Assisted customers in migrating workloads from on-premise appliances to AWS cloud, which included setting up the VPCs and peering to use Amazon MGM. Customers required their services to be migrated from monolith applications to microservices-based architecture. I spearheaded the effort to rearchitect and craft CI/CD pipelines that would measure quality, functionality, and security with the least friction with their on-premise developers. I successfully migrated over 700 repositories from Bamboo/Jenkins to GitHub Actions and wrote all their CloudFormation scripts into Terraform. I educated and gave training for the developers per project on how to architect a microservices-based approach and also what workloads should not be put into containers. We did not want a fat Docker image that equaled a virtual machine in size. We also implemented SonarCloud to the GitHub Actions to ensure quality gates were being used and would block deployments if quality gates were not met.

Perimeter and API Defense

http://www.dentsu.com
I architected and implemented a security blueprint for all ingress and egress traffic, including north-south communications to downstream systems and East-West traffic control, using technologies such as API gateways and service meshes. I've been integral to writing policy as code and introduced GitOPS to a multi-country organization. I had to present my architecture to the technical design forum and get sign-off from the global architect team.

I worked across multiple teams to keep the project flowing with the least friction and managed budgets and resources, including writing the actual code to get the project over the line for a third-party client. I introduced automation for white-listing ingress and blacklisting egress to known bad actors and established path-based routing to enforce security policies between logical zones of clusters.

Network Security Inside a Service Mesh

https://www.dotmodus.com/
Deployed Istio service mesh on multiple clusters using Terraform and implemented granular security controls using Open Policy Agent and Open Policy Agent Gatekeeper for Kubernetes. I also defined the release process using Git and branching strategies to customize the deployment without changing the actual code.

Federated Identity with SSO

https://www.dotmodus.com/
Architected a solution to federate identity using Okta for a global media company. The federation was between Azure Active Directory, Google IDP, and AWS SSO. We migrated over 65,000 users with their claims and permissions to downstream APIs and front ends. I utilized Terraform and worked with the Okta APIs to create the users using just-in-time provisioning and automated the workflow so that the third-party clients could access the main platform.

Mobile Bank App Deployment

https://www.dotmodus.com/
I architected the solution based on the customer's requirements and drove the scoping and implementation of solutions as required. Made use of AWS technology as the bank preferred it. I used components such as AWS CodeCommit, CodeBuild, and Device Farm project to test the Android app on real physical devices. Used an S3 bucket to store build artifacts and CodePipeline pipelines to monitor changes to the CodeCommit repository. Then it triggers a build using CodeBuild and tests using Device Farm. AWS Lambda functions were used to invoke the Device Farm test from CodePipeline and provision the Device Farm project from AWS CloudFormation. Included in the design was AWS Amplify, a powerful framework, and toolset that enables you to write modern UI-driven and scalable client-server applications across all major languages and platforms. Identifying, communicating, and maintaining awareness of current and emerging security threats, industry trends, and best practices to promote innovation across various products. My tasks included identifying security design gaps in existing and proposed architectures and recommending changes or enhancements.

Federated GraphQL Security

https://www.dotmodus.com/
Managed the uncovering of GraphQL's broken security controls. I designed a pattern to protect GraphQL from nested queries, SQL injections, and schema introspection. Due to the nature of federated GraphQL, introspection is generally left so that downstream GraphQL services can discover schemas using federated GraphQL. The pattern consisted of OWASP best practices for GraphQL. I conducted penetration tests against the federated GraphQL and downstream GraphQL services and uncovered query depth limits and introspection to enumerate queries against the graph. I wrote a GraphQL policy and blueprint the global organization implemented to secure GraphQL endpoints.

Migratation Services to Amazon EKS

https://www.dimensiondata.com/
Migrated services from hosted VMs to Amazon EKS. I deployed using Terraform and Terragrunt to make the code as DRY (Don't Repeat Yourself) as possible. I deployed across multiple accounts in multiple regions and used services such as AWS Redis Cache, Amazon Aurora, GitHub Actions, Amazon CloudFront, and AWS Lambda functions. I was hired to enable the development teams to achieve their milestones accurately and on time.

On-premise Migration to Public Cloud

https://www.dimensiondata.com/
Migrated over 1,000 virtual machines from VMware on-premise to AWS. I was also responsible for the solution design and implementation of the migration. Using DevOps' first principles, I developed the infrastructure-as-code to create the VPC, ELB, AWS Secret, AWS SSO, and Elastic Beanstalk. I helped port some applications into microservices using EKS as the target. This was a long project that lasted almost a year due to customer availability. I introduced HashiCorp Packer to build Golden AMIs and took care of the network, security, and access control. In this program's lifecycle, I migrated all customers to AWS with the help of AWS Control Tower.

Languages

Bash Script, Bash, Python 3, Python, SQL, PHP, TypeScript, Java, Go

Tools

Terraform, Ansible, Git, Cron, Helm, Nagios, AWS ELB, Grafana, Subversion (SVN), RabbitMQ, MQTT, Amazon Simple Queue Service (SQS), Amazon CloudWatch, AWS Fargate, Jenkins, CircleCI, Azure Kubernetes Service (AKS), GitHub, GitLab CI/CD, Amazon EKS, Squid Proxy Server, NGINX, Amazon Elastic Container Service (Amazon ECS), AWS CloudFormation, Amazon Virtual Private Cloud (VPC), AWS IAM, Logging, Confluence, Istio

Paradigms

DevSecOps, DevOps, Azure DevOps, Continuous Integration (CI), Continuous Development (CD), Continuous Delivery (CD), Microservices Architecture

Platforms

Kubernetes, Google Cloud Platform (GCP), Azure, Amazon Web Services (AWS), Docker, Apache Kafka, Linux, Azure IaaS, AWS NLB, OpenShift, Rancher, Amazon EC2, AWS Lambda, AWS IoT

Storage

Google Cloud, MongoDB, MySQL, Google Cloud Storage, Data Centers, IIS SQL Server, Elasticsearch, Amazon Aurora, Databases, Amazon S3 (AWS S3), PostgreSQL, Datadog, Redis

Industry Expertise

Cybersecurity, Network Security

Other

DevOps Engineer, CI/CD Pipelines, Site Reliability Engineering (SRE), System Administration, Cloud Services, Networking, Virtualization, Monitoring, Cloud Security, Shell Scripting, HAProxy, Infrastructure as Code (IaC), User Stories, Virtual Machines, Azure Virtual Machines, Firewalls, AWS DevOps, Configuration Management, Application Security, Web Security, Security, Identity & Access Management (IAM), Architecture, Load Balancers, Cloud, Agile DevOps, Amazon RDS, K3s, TCP/IP, Proxies, WebSockets, Argo CD, Containers, Cloud Infrastructure, Stackdriver, Prometheus, Kubernetes HPA, GitHub Actions, Containerization, Networks, Kubernetes Expert, Cloudflare, AWS Certified DevOps Engineer, Policy as code (PaC)

Frameworks

Windows PowerShell, .NET, Ruby on Rails (RoR)

Libraries/APIs

Node.js

1998 - 2001

High School Diploma in Computer Science

ACE Christian Academy - Johannesburg, South Africa

OCTOBER 2019 - OCTOBER 2022

Red Hat Certified Engineer (RHCE)

Red Hat

SEPTEMBER 2019 - SEPTEMBER 2022

Red Hat Certified System Administrator (RHCA)

Red Hat

OCTOBER 2002 - PRESENT

Sair Linux and GNU Certification

INTEC Education Group

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring