Senior DevOps Engineer
2022 - PRESENTFreelance- Researched, recommended, and documented an appropriate Git workflow strategy for the company between GitFlow, GitHub Flow, and GitLab Flow. My recommendation was presented, discussed, and adopted with minimal disruption and no resistance.
- Implemented continuous integration and continuous deployment and delivery (CI/CD) in GitLab for a Go application. The pipeline was complete with a minimal deployment solution to ensure customer requests were unaffected during production deployments.
- Installed Prometheus for infrastructure and database metrics collection to aid business needs. Secured and documented the installation steps. Installed and secured Grafana to visualize the metrics collected.
- Implemented Grafana Loki and Promtail to be used as an infrastructure and application logging solution. This enabled the collection of logs and seamless analysis of both application and infrastructure logs.
- Created a CI/CD pipeline for a React and React Native SDK to build and publish to an npm organizational account.
- Implemented continuous integration and continuous deployment and delivery (CI/CD) with rollback support in GitLab for a monorepo with three different applications. The pipeline only ran when changes were reflected in the specific codebase folder.
- Investigated and identified a shared lock issue on PostgreSQL preventing services from restarting. The issue was a long-running query that was not properly closed, which was identified down to the line of code for a swift resolution.
- Implemented continuous integration and continuous deployment and delivery (CI/CD) with rollback support in GitLab for a Python application project.
- Managed proxies and networks across multiple virtual environments.
- Promoted and taught good design patterns, inspiring clean and neat architecture.
Technologies: DevOps, Bash, IP Networks, Ubuntu, Python, Linux, IT Infrastructure, Proxies, Prometheus, Grafana, PostgreSQL, GitLab, GitFlowCo-founder | Cloud Security Engineer
2018 - PRESENTHepta Analytics- Co-founded the company, served as a director, led the IT infrastructure team of three, and led client engagements to define and deliver solutions.
- Migrated and rebuilt 24 production VMware virtual machine applications for a client and set up a Kubernetes cluster in a hybrid cloud setup with minimal downtime for consumers. Set up secure remote access and connectivity between sites.
- Migrated and maintained a Microsoft stack (IIS connected to SQL Server 2008 with multiple subdomains) from a local VM to Azure (App Services with managed databases). Set up a DevSecOps pipeline for the client with GitHub and swaps.
- Investigated and responded to a downtime incident at a client's colocation facility. Migrated workloads to the cloud to mitigate the impact and wrote and presented an incident report, which led to the award of damages to my client.
- Set up private email hosting on the client domain for two dozen mailboxes. Migrated six existing Office 365 user email addresses to the new email hosting setup. Designed an email security gateway solution to support the multiple cloud solution.
- Identified potential risks to continued operations of processes at a client's site. The risk assessment phase involved quantifying the risks and identifying mitigation controls following an identification exercise at the manufacturing plant outlets.
- Developed a sturdy Android application that is able to cope within the complex internet connectivity environment to receive audio reports. Deployed a secure dashboard to view, organize, manage, and process case reports.
- Brainstormed a potential fintech solution for a client and advised on potential challenges and workarounds. Developed and deployed Android mockup code to demonstrate an initially intended functionality.
Technologies: PHP, Apache2, Linux, AWS, Azure, Amazon Virtual Private Cloud (VPC), Amazon EC2, VirtualBox, Kubernetes, OpenVPN, Networking, Office 365, Mail Servers, Python, Classic ASP, Apache, Information Security, Cloud Security, VPN, Cloud Architecture, AWS Cloud Architecture, Role-based Access Control (RBAC), Azure Active Directory, Azure Key Vault, Azure Resource Manager (ARM), Amazon Web Services (AWS), DevOps Engineer, DevSecOps, Networks, IP Networks, DevOps, Azure DevOps, Docker, Ansible, IT Security, Security, Hybrid Cloud InfrastructureDevSecOps Engineer
2022 - 2022Freelance- Resolved a burst traffic issue on an Azure Kubernetes Service (AKS) cluster using a HorizontalPodAutoscaler (HPA) and a Cluster Autoscaler.
- Researched and recommended an appropriate cloud-native data volume for Azure Kubernetes Services (AKS) that supports concurrent access across multiple pods and horizontal scalability.
- Architected a cloud-native infrastructure with the Web-Queue-Worker style for a new scalable, secure, resilient, and highly available application, which supports multi-tenant clients.
- Deployed a Web-Queue-Worker sample infrastructure architecture and demonstrated how the client would transition into a big data architecture using Azure Synapse Analytics and other tools.
Technologies: Kubernetes, Docker, NGINX, MySQL, MariaDB, DevOps, DevSecOps, Azure Functions, Azure Synapse, Kubernetes Storage, Azure Kubernetes Service (AKS), Azure Files, Azure Storage, Azure Architecture, Kubernetes HPA, Azure Container Instances, Azure Container Registry, Azure Data Factory, Azure Database for MySQL, Azure Synapse AnalyticsSecurity Trainer
2019 - 2022e.KRAAL Innovation Hub- Taught the National Cybersecurity Training Program (NCSTP) third cohort of 20 trainees on cloud security, featuring 30+ hours of live, practical content, and nine practical labs on Azure, delivered over five days.
- Taught the NCSTP first cohort of 40 trainees on critical information infrastructure protection (CIIP), featuring 24+ hours of live, practical content, and five practical labs on AWS, delivered over four days.
- Received overwhelmingly positive reviews for each training performed.
Technologies: Training, Azure, AWS, Amazon Web Services (AWS), Ansible, IT Security, Security, Hybrid Cloud InfrastructureLinkedIn Learning Instructor
2021 - 2021LinkedIn- Planned a cybersecurity course on fintech security essentials.
- Wrote scripts for a cybersecurity course on fintech security essentials.
- Recorded a cybersecurity course on fintech security essentials.
Technologies: Fintech, Information Security, Cybersecurity, AWS VPC, AWS S3, AWS DMS, Amazon EC2, Amazon Virtual Private Cloud (VPC), Amazon Web Services (AWS), AWS S2S VPN, AWS VPN, OpenVPN, AWS RDS, AWS WAF, Sentry, AWS API Gateway, AWS Fraud Detector, AWS Secrets Manager, Ansible, AWS Auto ScalingSystems Developer
2015 - 2016Nature Surf Systems- Designed and deployed bespoke IT infrastructure focused on security. This included wildcard SSL certificates, strong SSL cipher suites, reverse proxies and load balancers, remote access VPNs, and site-to-site VPNs.
- Led the development team to release a new feature every week for two months straight.
- Reduced an Android application size from 1MB to 40KB by creating a lite, minified version capable of running on entry-level smartphones.
Technologies: PHP, Android, MySQL, Reverse Engineering, Apache2, NGINX, Apache, Information Security, JavaGraduate Management Trainee
2015 - 2015Presidential Digital Talent Program- Updated the immigration department's information security policy.
- Reviewed the interior ministry's website and made recommendations for its redesign.
- Led the entire team of 100 management trainees as their appointed representative.
Technologies: Policy Review, Web App Design, Leadership, Team Leadership
Emmanuel Chebukati
DevSecOps Engineer and Developer in Nairobi, Nairobi County, Kenya
Member since February 19, 2022
Emmanuel is a cloud security engineer with 7+ years of experience in systems auditing, application security, and secure cloud deployment. He has delivered sensitive technology projects across the East African region and globally (remotely) in the public and private sectors. Emmanuel's industry experience is backed by three Microsoft Azure certifications. He is an AWS Certified Cloud Practitioner and Certified Ethical Hacker, and he holds an MSc in information technology from Carnegie Mellon.
Emmanuel is now available for hire
Portfolio
- FreelanceDevOps, Bash, IP Networks, Ubuntu, Python, Linux, IT Infrastructure, Proxies...
- Hepta AnalyticsPHP, Apache2, Linux, AWS, Azure, Amazon Virtual Private Cloud (VPC)...
- FreelanceKubernetes, Docker, NGINX, MySQL, MariaDB, DevOps, DevSecOps, Azure Functions...
Experience
- PHP 8 years
- Information Security 7 years
- Office 365 5 years
- AWS 5 years
- Hybrid Cloud Infrastructure 5 years
- Azure 4 years
- Cloud Security 4 years
- Python 3 years
Availability
Part-time
Preferred Environment
Linux, Apache2, MySQL, PHP, AWS, Azure, Cisco, Office 365, GitLab, NGINX
The most amazing...
...thing I've done was transforming the bottlenecked physical IT infrastructure of a fintech to a hybrid cloud that was modern, secure, and easy to administer.
Employment
Experience
- HeptaPayhttps://heptapay.com
An online agent for loading money to a mobile money wallet via debit or credit card. As the integrations engineer, I set up the card processing payment gateway and connections to the telecommunications partners; tested these connections for security and performance; and managed the back end, the internal transaction monitoring dashboard, and the platform's security.
- Sentiment Analysis of the 2017 Kenyan Presidential Electionhttps://uchaguzi.today/
Kenya held a general election in 2017. We built Uchaguzi Today to show the trends behind each candidate's popularity and explain (via regular updates) the actions they performed that elicited a positive, neutral, or negative response. My involvement was setting up the infrastructure for collecting the data, interacting with the Twitter API to collect the tweets, designing and deploying the dashboard, and deploying an Android application to classify a sample dataset to help train the model.
- Email Server Audit
This project was brought about by suspected malpractice on the ICT systems of a tour company—particularly the email system. The company owners were the project champions. The purpose of the project was to identify any possibilities of such malpractice on the ICT part, recommend solutions, and implement the solutions where possible.
This project was carried out in three phases remotely and through three regional trips to the Arusha headquarters:
Phase one involved a forensic analysis of the mail system to identify instances of foul play. Malpractice was indeed identified, and the evidence was presented to the project champions.
Phase two was implementing a solution that migrated the mail server to a secure cloud virtual private server running with encryption and email antivirus and anti-spam mechanisms in place. This migration was done seamlessly and successfully with minimal business impact.
The final phase was the optimization of office ICT systems for both performance and security. This phase further involved configuration of the mail server to suit organizational needs, such as particular accounts to be limited to internal-only communication.
Overall, the project was a great success.
Skills
Tools
VPN, Apache, Azure Key Vault, Ansible, NGINX, Amazon Virtual Private Cloud (VPC), VirtualBox, OpenVPN, Azure App Service, Azure Kubernetes Service (AKS), Sentry, Grafana, GitLabParadigms
Role-based Access Control (RBAC), DevOps, Web App Design, DevSecOps, Azure DevOpsPlatforms
Linux, Apache2, Azure, Kubernetes, Amazon Web Services (AWS), Android, Amazon EC2, AWS Cloud Computing Services, Docker, Azure Functions, UbuntuStorage
MySQL, Azure Active Directory, Data Centers, Storage Area Networks (SAN), MariaDB, AWS S3, PostgreSQLIndustry Expertise
IT Security, Security, Network Security, CybersecurityOther
AWS, Office 365, Hybrid Cloud Infrastructure, Information Security, Cloud Security, Cloud Services, Cloud Storage, Networks, IP Networks, Cloud Architecture, Networking, Cisco, Cloud Computing, Reverse Engineering, Mail Servers, Application Security, Azure Security, Cloud, Data Security, Application Services, Azure Administrator, Azure Load Balancer, Azure Storage, Azure Subscriptions, Azure Virtual Machines, Multi-factor Authentication, Privileged Identity Management, Identity & Access Management (IAM), Azure Virtual Networks, Cloud Data, Cloud Networking, Virtualization, Azure Resource Manager (ARM), IT Audits, AWS Cloud Architecture, Policy Review, Leadership, Team Leadership, Training, Business Continuity Planning (BCP), Business Continuity, Storage Architecture, Storage Networking, Email Security, Data Protection, DevOps Engineer, Azure Synapse, Kubernetes Storage, Azure Files, Azure Architecture, Kubernetes HPA, Azure Container Instances, Azure Container Registry, Azure Data Factory, Azure Database for MySQL, Azure Synapse Analytics, Fintech, AWS VPC, AWS DMS, AWS S2S VPN, AWS VPN, AWS RDS, AWS WAF, AWS API Gateway, AWS Fraud Detector, AWS Secrets Manager, AWS Auto Scaling, IT Infrastructure, Proxies, Prometheus, GitFlowLanguages
PHP, Python, Java, BashFrameworks
Classic ASPLibraries/APIs
Twitter API
Education
- Master's Degree in Information Technology2016 - 2018Carnegie Mellon University Africa - Kigali, Rwanda, Africa
- Bachelor's Degree in Applied Computer Technology2012 - 2014United States International University-Africa - Nairobi, Kenya, Africa
Certifications
- Microsoft Certified: Azure Security Engineer Associate (AZ-500)JUNE 2021 - JUNE 2023Microsoft
- AWS Certified Cloud PractitionerDECEMBER 2020 - DECEMBER 2023AWS
- Microsoft Certified: Azure Administrator Associate (AZ-104)OCTOBER 2020 - OCTOBER 2022Microsoft
- Microsoft Certified: Azure FundamentalsAUGUST 2020 - PRESENTMicrosoft
- Associate - Information Storage and Management Version 2.0APRIL 2015 - PRESENTDell Technologies
- Certified Ethical Hacker (CEH)NOVEMBER 2014 - NOVEMBER 2023EC-Council
