DevSecOps Engineer and Developer
Emmanuel is a cloud security engineer with eight years of experience in systems auditing, application security, and secure cloud deployment. He has delivered sensitive technology projects across the East African region and globally (remotely) in the public and private sectors. Three Microsoft Azure certifications back Emmanuel's industry experience. He is also an AWS Certified Cloud Practitioner and a Certified Ethical Hacker, and holds an MSc in information technology from Carnegie Mellon.
ExperiencePHP - 8 yearsInformation Security - 7 yearsOffice 365 - 5 yearsHybrid Cloud Infrastructure - 5 yearsIdentity & Access Management (IAM) - 5 yearsAzure - 4 yearsCloud Security - 4 yearsPython - 3 years
Linux, Apache2, MySQL, PHP, Amazon Web Services (AWS), Azure, Cisco, Office 365, GitLab, NGINX
The most amazing...
...thing I've done was transforming the bottle-necked physical IT infrastructure of a fintech to a hybrid cloud that was modern, secure, and easy to administer.
Azure Platform Engineer
- Prepared, documented, and implemented a plan to migrate from bare metal on-premise Windows servers into the Microsoft Azure cloud ecosystem.
- Federated user identities from the on-premise Active Directory to Azure Active Directory using the password hash-sync method with Seamless Single Sign-On.
- Synchronized multiple on-premise SMB file shares to Azure Files via Azure File Sync under a single storage account of one on one share mapping.
Senior DevOps Engineer
- Implemented continuous integration and continuous deployment and delivery (CI/CD) in GitLab for a Go application. The pipeline was complete with a minimal deployment solution to ensure customer requests were unaffected during production deployments.
- Created Airflow on Kubernetes with the KubernetesExecutor and migrated it from a VM using the SequentialExecutor. Migrated the database to managed database, installed dependencies in the container, and set up CI/CD and git-sync for DAGs.
- Installed Prometheus for infrastructure and database metrics collection to aid business needs. Installed and secured Grafana to visualize the metrics collected, set up alerts, and created incident runbooks.
- Migrated a monolith Go application to work and run on Kubernetes. Set up the service, deployment, PVC, ConfigMaps, secrets, and Ingress appropriately. Set up a managed database and NFS provisioner on top of the block storage for ReadWriteMany access.
- Researched, recommended, and documented an appropriate Git workflow strategy for the company between Gitflow, GitHub flow, and GitLab flow. The recommendation was presented, discussed, and adopted with no disruption and no resistance. Implemented GitOps.
- Implemented Grafana Loki and Promtail as an infrastructure and application logging solution. This enabled the collection of logs and seamless analysis of application and infrastructure logs.
- Created a CI/CD pipeline for a React and React Native SDK to build and publish to an npm organizational account. Also implemented CI/CD for a Python application project with rollback support in GitLab.
- Implemented continuous integration and continuous deployment and delivery (CI/CD) with rollback support in GitLab for a monorepo with three different applications. The pipeline only ran when changes were reflected in the specific codebase folder.
- Investigated and identified a shared lock issue on PostgreSQL preventing services from restarting. The issue was a long-running query that was not properly closed, which was identified down to the line of code for a swift resolution.
- Led the company's technical side through a successful ISO-27001 audit by implementing recommendations, documenting decisions, and defending the company's position.
Co-founder | Cloud Security Engineer
- Co-founded the company, served as a director, led the IT infrastructure team of three, and led client engagements to define and deliver solutions.
- Migrated and rebuilt 24 production VMware virtual machine applications for a client and set up a Kubernetes cluster in a hybrid cloud set up with minimal consumer downtime. Set up secure remote access and connectivity between sites.
- Migrated and maintained a Microsoft stack (IIS connected to SQL Server 2008 with multiple subdomains) from a local VM to Azure (App Services with managed databases). Set up a DevSecOps pipeline for the client with GitHub and swaps.
- Investigated and responded to a downtime incident at a client's colocation facility. Migrated workloads to the cloud to mitigate the impact and wrote and presented the incident report, which led to the awarding of damages to my client.
- Set up private email hosting on the client domain for over two dozen mailboxes. Migrated existing Office 365 user email addresses to the new email hosting set up. Designed an email security gateway solution to support multiple cloud solutions.
- Identified potential risks to continued operations of processes at a client's site. The risk assessment phase involved identifying risks and mitigation controls, following an identification exercise at the manufacturing plant outlets.
- Developed a sturdy Android application that can cope with the complex internet connectivity environment to receive audio reports. Deployed a secure dashboard to view, organize, manage, and process case reports.
- Brainstormed a potential fintech solution for a client and advised on potential challenges and workarounds. Developed and deployed an Android mockup code to demonstrate an initially intended functionality.
LinkedIn Learning Instructor
- Planned a cybersecurity course on fintech security essentials.
- Wrote scripts for a cybersecurity course on fintech security essentials.
- Recorded a cybersecurity course on fintech security essentials.
- Planned a 14-video course on cybersecurity essentials highlighting the top 10 most commonly reported vulnerabilities in 2022.
- Wrote scripts and prepared slides for a course on cybersecurity essentials.
- Recorded a 14-video course on cybersecurity essentials, complete with demos for each video.
- Resolved a burst traffic issue on an Azure Kubernetes Service (AKS) cluster using a HorizontalPodAutoscaler (HPA) and a Cluster Autoscaler.
- Researched and recommended an appropriate cloud-native data volume for Azure Kubernetes Services (AKS) that supports concurrent access across multiple pods and horizontal scalability.
- Architected a cloud-native infrastructure with the Web-Queue-Worker style for a new scalable, secure, resilient, and highly available application, which supports multi-tenant clients.
- Deployed a Web-Queue-Worker sample infrastructure architecture and demonstrated how the client would transition into a big data architecture using Azure Synapse Analytics and other tools.
e.KRAAL Innovation Hub
- Taught the National Cybersecurity Training Program (NCSTP) third cohort of 20 trainees on cloud security, featuring 30+ hours of live, practical content, and nine practical labs on Azure, delivered over five days.
- Taught the NCSTP first cohort of 40 trainees on critical information infrastructure protection (CIIP), featuring 24+ hours of live, practical content, and five practical labs on AWS, delivered over four days.
- Received overwhelmingly positive reviews for each training performed.
Nature Surf Systems
- Designed and deployed bespoke IT infrastructure focused on security. This included wildcard SSL certificates, strong SSL cipher suites, reverse proxies and load balancers, remote access VPNs, and site-to-site VPNs.
- Led the development team to release a new feature every week for two months straight.
- Reduced an Android application size from 1MB to 40KB by creating a lite, minified version capable of running on entry-level smartphones.
Graduate Management Trainee
Presidential Digital Talent Program
- Updated the immigration department's information security policy.
- Reviewed the interior ministry's website and made recommendations for its redesign.
- Led the entire team of 100 management trainees as their appointed representative.
Sentiment Analysis of the 2017 Kenyan Presidential Electionhttps://uchaguzi.today/
Email Server Audit
This project was carried out in three phases remotely and through three regional trips to the Arusha headquarters:
Phase one involved a forensic analysis of the mail system to identify instances of foul play. Malpractice was indeed identified, and the evidence was presented to the project champions.
Phase two was implementing a solution that migrated the mail server to a secure cloud virtual private server running with encryption and email antivirus and anti-spam mechanisms in place. This migration was done seamlessly and successfully with minimal business impact.
The final phase was the optimization of office ICT systems for both performance and security. This phase further involved configuration of the mail server to suit organizational needs, such as particular accounts to be limited to internal-only communication.
Overall, the project was a great success.
VPN, Apache, Azure Key Vault, Ansible, NGINX, Amazon Virtual Private Cloud (VPC), VirtualBox, OpenVPN, Azure App Service, Azure Kubernetes Service (AKS), Sentry, Grafana, GitLab
Role-based Access Control (RBAC), DevOps, Web App Design, DevSecOps, Azure DevOps
Linux, Apache2, Azure, Kubernetes, Amazon Web Services (AWS), Android, Amazon EC2, AWS Cloud Computing Services, Docker, Azure Functions, Ubuntu, Amazon
MySQL, Azure Active Directory, Data Centers, Storage Area Networks (SAN), MariaDB, Azure SQL Databases, Amazon S3 (AWS S3), PostgreSQL, Azure SQL
IT Security, Security, Network Security, Cybersecurity
Office 365, Hybrid Cloud Infrastructure, Information Security, Identity & Access Management (IAM), Cloud Security, Cloud Services, Cloud Storage, Networks, IP Networks, Cloud Architecture, Networking, Cisco, Cloud Computing, Reverse Engineering, Mail Servers, Application Security, Cloud, Data Security, Applications, Azure Administrator, Azure Storage, Azure Virtual Machines, Multi-factor Authentication (MFA), PIM, Azure Virtual Networks, Data, Virtualization, Azure Resource Manager (ARM), IT Audits, AWS Cloud Architecture, Reviews, Leadership, Team Leadership, Training, Business Continuity Planning (BCP), Business Continuity, Storage, Email Security, Data Protection, DevOps Engineer, Azure Synapse, Azure Files, Kubernetes HPA, Azure Container Instances, Azure Container Registry, Azure Data Factory, Azure Synapse Analytics, Fintech, AWS VPN, Amazon RDS, AWS WAF, Amazon API Gateway, AWS Secrets Manager, AWS Auto Scaling, IT Infrastructure, Proxies, Prometheus, GitFlow, Document Management Systems (DMS), Load Balancers, Subscriptions
PHP, Python, Java, Bash
Master's Degree in Information Technology
Carnegie Mellon University Africa - Kigali, Rwanda, Africa
Bachelor's Degree in Applied Computer Technology
United States International University-Africa - Nairobi, Kenya, Africa
Microsoft Certified: Azure Security Engineer Associate (AZ-500)
AWS Certified Cloud Practitioner
Microsoft Azure Administrator Associate
Microsoft Certified: Azure Fundamentals
Associate - Information Storage and Management Version 2.0
Certified Ethical Hacker (CEH)