Keidrych Oates Anton
Cloud Architect and Developer
Keidrych is a cloud architect who guides organizations through the quagmire of multi/poly-Cloud Native Computing Foundation (CNCF) technologies so their technological foundation may be secure to all, reliable for customers, and monetarily efficient, leveraging scorched earth capabilities toward zero production impact on plant-scale architecture. Keidrych believes trusted technology serves humanity; a 5% increase in internet or cyberspace trust results in a $3,000+ increase in GDP per capita.
ExperienceAPI Architecture - 20 yearsDevSecOps - 20 yearsFog Computing - 10 yearsLarge Scale Distributed Systems - 10 yearsServerless - 8 yearsContainerization - 8 yearsCloud Native Computing Foundation (CNCF) - 8 yearsKubernetes - 7 years
IT Security, Kubernetes, Fog Computing, Cloud Infrastructure, Large Scale Distributed Systems, Secure Containers, Containerization, IoT Security, Disaster Recovery Consulting, Immutable Infrastructure
The most amazing...
...technology I've built enabled organizations to move their entire IT infrastructure between any major cloud within 60 minutes with no production downtime.
Foggy Cloud Advisor and Architect
Insurance Australia Group
- Trained the team in concurrent distributed continuous delivery, bringing production defects toward zero.
- Conceptualized multi-cloud approaches for improved application uptime and reliability, targeting 99% uptime.
- Customized in-use containers for Containizen compatibility, booting CI deployments by 10x.
- Spearheaded the Kubernetes Secrets Management upgrade, motivating the team toward zero trust principles.
Foggy Cloud Advisor and Architect
- Conceptualized wargames specific to eBPF interactions and challenges. The team was able to analyze in advance what could have been hours of frustration in production situations.
- Partnered Atlassian with Sysdig for eBPF security and monitoring, interpreting most production issues within five minutes.
- Revamped the network to become zone-aware on routes, extracting 100% visibility into traffic through clusters.
- Routed all container traffic through an eBPF secure observability layer, locking down over 99% of vulnerable opportunity scans or probes by malicious actors.
- Arbitrated replacing the Container Networking Interface with a transparent mTLS by WireGuard, blocking 100% of unencrypted traffic between machines.
- Secured in-cluster requests to an EKS API to approved pods only, which typically accounted for less than 5% of active pods.
- Facilitated upgrading Kubernetes Secrets Management to Open Source Standards, critiquing the risk of escaped secrets in-cluster to almost zero.
Foggy Cloud Advisor and Architect
- Achieved a secure code audit trail traceable to production, restricting 100% of unsigned or visually verified containers.
- Decreased the risk of disaster recovery strategy failure by identifying vaporware, preventing over 25% of permanent data loss.
- Evaluated ANZ's internal PaaS against Foggy Ubiquity's lessons learned, which added years of maturity to its platform.
- Diagnosed collaboration failure points against infosec recommended patterns, increasing cooperation between teams by 30%.
- Standardized code signing by demonstrating how fake actors can hijack commits. Over 95% of commits are typically unsigned on Git.
- Clarified how planet-scale networking operations can mitigate risks toward zero.
- Assigned data sovereignty patterns for GDPR and traced data sovereignty for legislation compliance of 10.
Foggy Cloud Advisor and Architect
- Authored a Kubernetes Cluster API to interface with bare-metal servers, allowing the iPXE benchmark a 20x improvement over VMware.
- Debugged AWS NVMe to allow full read-write performance per NVMe specification, accelerating throughput by 100x.
- Promoted identical and reproducible development environments across the technology stack, forecasting a 5x reduction in CI infrastructure costs.
- Coded an automatic nightly suspension-and-resume capability into non-production Kubernetes clusters, eliminating 70% of infrastructure costs.
- Customized billing per Kubernetes cluster resource, reducing OPEX for business units by 50%.
- Launched a Kubernetes on the metal automated deployment, upgrade, and maintenance platform, reducing over $500,000 in VMware license costs.
- Saved the Kubernetes DNS from discovery attacks, restricting 60% of expected malicious actors.
- Built a Kubernetes hybrid cloud from metal to AWS with transparently encrypted traffic between machines, isolating 100% of listening attacks.
Consultant, Critical Production Support
- Presented methodologies to optimize CNCF architecture for plant-scale stability, aiming for 100% uptime at sponsored meetups.
- Promoted Containizen's discoveries for security and operation awareness to minimize time to diagnose and repair production issues by over 75%.
- Engaged as a P1 critical support for challenging or critical clients, typically resolving issues within 90 minutes.
Senior DevOps Engineer
- Standardized CI/CD within a fully automated isolated environment for efficiency and security, removing 10 servers.
- Removed VMware by coding iPXE compatibility for Kubernetes to run directly on bare metal, voiding $100,000+ in license fees.
- Restructured to failover edge routing, ensuring zero downtime for deployments.
- Architected Kubernetes on bare metal as a multi-datacenter mesh with encrypted traffic between machines, preventing the need for an inter-datacenter proxy or VPN.
- Demonstrated how shadow environments would aim toward zero production defects with leveraged customer trust and security.
DevOps Engineer, Google Kubernetes Engine
- Examined Node.js memory, throughput, and concurrency and stabilized the application at scale on multi-cloud regions, resolving 70% of application scale challenges.
- Devised better billing, performance, and infrastructure needs, extracting a 10x reduction in cloud computing costs.
- Arbitrated removing the service mesh, enabling 10x stream concurrency.
- Discovered a world-first workaround to Kube-DNS scale issues at volume with a GCP throughput able to exceed 100,000+ concurrent DNS requests. Google published this discovery on an FAQ page.
- Implemented dynamically reroutable secure WebSockets on Kubernetes, removing stream interruptions on pod relocation and 70% of usual customer churn.
- Persuaded the executive team that shadow environments would minimize production defects and boost production security and stabilization, which doubled customer trust.
Consultant to the Head of Digital & Emerging Technology
Virgin Australia Airlines
- Collated the architecture to a CNCF-compliant style, revoked legacy N-tier and domain-driven architecture, and stripped obfuscated code down by 90%.
- Implemented centralized logs via "common log format" and clarified log aggregation streams, streamlining JSON queries for 25% faster search.
- Minimized cluster operational costs by 20% and container image download time by 90%.
- Inspected personally identifiable information and payment card industry compliance through CNCF technologies.
Anonymous User Tracking Over Multiple Devices and Multichannel Attribution
Foggy Ubiquity's Languagehttps://github.com/foggyubiquity/language
Automated Registration DDoS Protection
Cyber Survival Denizen (Cyvizen)
Node.js, API Development
Istio, Azure Kubernetes Service (AKS), Google Kubernetes Engine (GKE), Amazon Elastic Container Registry (Amazon ECR), Amazon EKS, GitHub, Terraform, Helm, Hashistack, GitLab CI/CD
DevOps, Azure DevOps, Agile, Microservices, Microservices Architecture, Serverless Architecture, Continuous Integration (CI), Continuous Development (CD), Continuous Delivery (CD), DevSecOps, DDoS, Agile Software Development, Distributed Computing, Security Software Development, API Architecture
Kubernetes, Cloud Native, Docker, Amazon Web Services (AWS), Google Cloud Platform (GCP), Azure, DC/OS, Linux, Web
Amazon S3 (AWS S3), Redis, Distributed Databases, Alibaba Cloud, MongoDB, SQLite, PostgreSQL, CockroachDB
IT Security, Cybersecurity
Zero Trust, Cilium, Cloud Native Computing Foundation (CNCF), Cloud, IBM SoftLayer, Containerization, Container Orchestration, Secure Containers, Google Container Engine, Code Coverage, Network Stack, Cloud Storage, Data Management, Content Delivery Networks (CDN), Domain Name System (DNS), Containerd, Serverless, RESTful Microservices, Fog Computing, Data Architecture, Code Architecture, NixOS, Content Management Systems (CMS), Build Pipelines, Operations, Clustering, Security Architecture, Caching, Software Development, Containers, Cloud Infrastructure, IoT Security, Disaster Recovery Consulting, Immutable Infrastructure, Tracking, Orchestration, Distributed Systems, Web Security, Infrastructure, Service Meshes, Mesh Optimization, IT Audits, Programming, Foggy Ubiquity, Cluster Computing, Distributed Caches, Distributed Software, Distributed File Systems, PlanetScale, Decentralized Systems, Decentralized Applications, Decentralized Autonomous Organizations (DAO), Hardware, Consulting, IT Consulting, Web Consulting, Startup Consulting, Technical Consulting, Technology Consulting, Software Consulting, Cloud Security, Infrastructure as Code (IaC), CI/CD Pipelines, Leadership, Site Reliability Engineering (SRE), Kustomize, Architecture, Threat Modeling, Open Policy Agent (OPA), Pomerium, Network Security Monitoring, Governance, GRAPH, Artificial Intelligence (AI), High Availability Disaster Recovery (HADR), Business Continuity & Disaster Recovery (BCDR), System Administration, Machine Learning, Demographic Data, Monitoring, Large Scale Distributed Systems, Internet Protocols, Research, Directed Acrylic Graphs (DAG), Continuous Discovery, Secure Coding
Bachelors of Engineering (Infomechatronics) in Mechanical, Electrical & Information Technology Engineering
Queensland Institute of Technology (QUT) - Brisbane, Australia
Advanced Placement Scholar in Biology
Princeton University - New Jersey, USA