Andrew P. Email & Phone Number

Toronto, Ontario, CA

As a hands-on professor of Cloud Computing and Cloud Security at Humber College, I've meticulously crafted the courses to blend theoretical knowledge with practical application. Leveraging the AWS Academy offering, I've designed immersive learning experiences that empower students to not only understand cloud concepts but also gain real-world proficiency.

Toronto, CA

• As the Chief Information Security Officer, I lead security operations, focusing on cloud governance, architecture, integration, and FinOps initiatives. I assess security risks and develop maturity roadmaps for all.
• Introduced FinOps partner to reduce AWS costs, achieving a 40-60% reduction in compute costs through AWS FinOps.
• Eliminated unused AWS resources by optimizing spending via Cost Explorer analysis and reviewing AWS spending.
• Enhanced access management through SAML and central identity provider, and proposed network implementation framework to secure sensitive endpoints and services.
• Implemented laptop resale strategies to reduce new procurement costs, conducting monthly reviews and right-sizing of core IT service licenses, including Microsoft Entra ID and Atlassian licenses.
• Defined and enforced cloud security baselines, such as AWS multi-account environments with Control Tower, scalable private network with Transit Gateway, suspicious activity detection with GuardDuty Run-Time Detection.

Toronto, Ontario, CA

• As Chief Information Officer at Bitbuy Technologies Inc. since 2021, I lead a high-performing team of platform engineers to establish application release requirements. I oversee end-to-end user endpoint management.
• Restructured employee onboarding/off-boarding processes, ensuring full control over user authentication and access.
• Built security operations team, defining security baselines and company policies for IT services and Cloud environment.
• Oversaw project management and delivery functions of Infrastructure as Code (IaC) managed Bitbuy application platform.
• Identified critical application platform health metrics on accessible observability platform, enabling detection of arising system issues.
• Established and enforced standards for secure, opinionated platform, ensuring container images are meticulously scanned and verified before repository integration, and developed scalable observability solutions for.

Toronto, Ontario, CA

• Implemented and operated AWS best practice multi account environment to enable enhanced security, detectability, and traceability (AWS SecurityHub, GuardDuty, IAM access analyzer, AWS network firewall, firewall.
• Transformed IAM user/group practice to Single Sign On (SSO) based strategy thereby establishing central access management capability for the Cloud
• Created and operated Security Operations (SOC) team for the Cloud and Corporate environment

Seattle, WA, US

• As a Solutions Architect at Amazon Web Services Canada, I led technical efforts to ensure best practices and optimal AWS environment setup. I worked closely with VPs and directors to influence strategic decisions and.
• Cultivated and sustained strong customer relationships by serving as trusted advisor within accounts.
• Oversaw infrastructure architecture and security best practices in AWS using tools like AWS Landing Zone, Control Tower, Transit Gateway, CloudFormation, IAM, KMS, CloudTrail, CloudWatch, AWS Config, WAF and Firewall.

Seattle, WA, US

• As a Cloud Security Consultant, I conducted thorough security assessments and provided actionable recommendations to clients. Utilizing IAM roles like SecurityAudit and ReadOnlyRole, I performed detailed analyses of.
• Conducted 2 full-day AWS Cloud security workshops, educating customers on best practices.
• Assessed the customer's environment comprehensively to evaluate security posture.
• Provided recommendations for technical and organizational restructuring to improve security response efficiency, detailing comparative advantages and disadvantages of each approach.

Seattle, WA, US

• As a Cloud Infrastructure Architect, I led digital transformation initiatives by advising clients on AWS Cloud adoption. I strategized AWS Account management, crafting multi-account frameworks for efficient resource.
• Architected Systems Manager Automation Document ensuring root volume encryption of EC2 instances.
• Spearheaded metadata classification, lineage, and discovery through Apache Atlas on Amazon EMR as Co-author.
• Created and released public artifacts, exemplified by puppet module for an internal AWS service (OWPE) use.
• Resolved operational issues, including automation of Golden AMI creation, implementation of patching practices, automation using userdata scripts, OpsWorks Puppet Enterprise and Systems Manager Automation Documents..
• Formulated Hybrid DNS resolution strategy, ensuring seamless cross-name resolution between on-premises and cloud environments, cross-account and cross-region DNS resolution, custom domain integration, and AWS service.

Toronto, Ontario, CA

• Developed RHEL ImageBakery using Jenkins, Jenkins shared global library, Hashicorp's Packer and OpenStack. In particular, I was responsible for integrating RHEL image testing pipeline (which consisted of applying Salt.
• Responsible for supporting OpenStack environment with respect to its RHEL offering
• Experience with Salt Stack code. In particular, I have updated the code that initially used Unix command based script for DNS registration to python based REST API call to the QIP server.
• Responsible for providing level 3 RHEL support when a ticket has been escalated from the Cloud Ops team.
• Participated in Salt Code review for merge and promotion to higher environments

Toronto, Ontario, CA

• Compliance Engine Team Engineer and Puppet Enterprise Administrator:
• Responsible for developing a security puppet module that hardens a RHEL 7.x VM in accordance with CIS (https://www.cisecurity.org) standard.
• Responsible for co-implementing automated testing framework within the Compliance Engine team. In particular, I am responsible for creating and maintaining local Vagrant and Docker RHEL 7.2 images which are used by the.
• Responsible for automating multiple Cloud Platform base image management using packer (http://packer.io)
• Improved the integrity of the Azure Cloud VM deployment ecosystem by replacing the integration with Red Hat Satellite service with simple yum servers attached to a load balancer. Satellite bootstrap used to take.
• Deeper integration with DevOps tools such as Jenkins, Docker, Vagrant, JIRA, Bitbucket and Confluence

Toronto, Ontario, CA

• Primary Red Hat Enterprise Linux consultant with regards to the service and the Golden RHEL image that the Cloud team provides o Responsible for providing level 3 and final Linux support o Created and maintained all.
• Primary vRealize Operations Manager (henceforth vR Ops) resource for Private Cloud program o Implemented and operated vR Ops in multiple environments o Implemented and maintained custom alert definitions, notifications.
• Primary Puppet Enterprise implementation resource o Participated in overall design review o Implemented Puppet Enterprise which includes  Master of Masters  Multiple Compile masters  Multiple AMQ hubs and spokes .

* Responsible for quality of service at the Main Press Centre located in Direct Energy Centre during Pan American Games Toronto 2015* Responsible for assisting managers to manage volunteers to ensure service level to the press and reporters

Armonk, New York, NY, US

Toronto, Ontario, CA

• Responsible for building LPARs on P770 frames and customize each LPARs according to project requirement. Customization examples include adding IP aliases, adding or changing volune groups and/or filesystems, managing.
• Support software installation and configuration such as TIBCO, ProFTP, GPFS and HACMP. Assist customers with troubleshooting when the special software do not function as planned
• Create shell scripts to automate these software installation and configuration where possible
• Perform AIX Operating System Upgrades from AIX 5.3 TL12 SP05 to AIX 5.3 TL12 SP08 and perform frame migration via mksysb and restore method
• Create shell scripts to automate verification of LPAR builds. Checks include: Filesystem attribute check such as permissions, ownership, group, hardening check, crontab entries, backup filesystem size, ID and Group.
• AIX frame resource management via Capacity on Demand both Trial and Permanent

Toronto, Ontario, CA

• Responsible for building and documenting VIO Servers on IBM Power 7 Systems
• Configure and Manage VIO Server networking (SEA, Aggregate links and Virtual Network Adapters)
• Assign SAN disks on VIO Servers unto LPARs according to system specification
• Responsible for defining AIX Operating System Golden Image for NIM (Network Installation Manager) Operation, which included Hydro One specific customization
• Responsible for building LPARs on P770 frames and customize each LPARs according to project requirement
• Responsible for managing Power 7 frame resources upon project requirement change

Brampton, Ontario, CA

• Active and Pioneering participant member in a team that performed AIX Technology Level upgrades on 1200+ LPARs in 6 months
• Created shell scripts to perform the TL pre-upgrade check to determine precise upgrade scope in addition to the Operating System patch
• Created shell scripts to semi-automatically perform the TL upgrades which included upgrading of netbackup software, java, ssl, ssh package and IHS Web Server
• Created shell scripts to perform the TL post-upgrade checks to verify new OS level and other software versions
• Manage SAN disks on VIO Servers for LPAR assignment
• Responsible for building LPARs on P770 frames and customize each LPARs according to project requirement

Toronto, Ontario, CA

• Assign SAN disks on VIO Servers unto LPARs according to system specification
• Responsible for building LPARs on P770 frames and customize each LPARs according to project requirement
• Performed Operating System upgrades using Alternate Disk upgrade
• Performed LPAR migration from one frame to another via disk re-zoning as well as LPM
• Represent and enforce Unix team’s security standards to the projects
• Provided consultation on ITM (IBM Tivoli Monitoring) implementation to operate as non-root user and performed agent installation on numerous LPARs

Armonk, New York, NY, US

• Design and implement easy customization and maintenance scheme for RedHat Linux and AIX servers for the organization
• Ensure that RedHat Linux and AIX boxes meet internal IBM security requirements
• Created RHN update package cache server to download all RedHat updates for the RHAS
• Created YUM (YellowDog Updater Modified) server in the RHN update package cache server for easy distribution of updates to the RedHat YUM clients
• Design backup and restore schemes for RedHat Linux servers and participate in Disaster Recovery exercises
• Build and implement ITM 6.2 (IBM Tivoli Monitoring) infrastructure consisting of Remote and Hub TEMS (Tivoli Enterprise Monitoring Server), TEPS (Tivoli Enterprise Portal Server) and TEMA (Tivoli Enterprise Monitoring.

Toronto, Ontario, CA

• Created RedHat Kickstart Server (which used DHCP and NFS) to install on 100+ Linux workstations
• Customized Anaconda (RedHat Installer) to include the proper network adapter driver and DHCP client patch to get RedHat Kickstart installation working for the Linux lab workstations
• Recompiled Linux Kernel to include proper RAID controller drivers to work with the server hardware
• Compiled many open source software for end-user use both for the Solaris and Linux environments (exact same version of software such as pine, a screen driven e-mail client, needed to be installed for Solaris and Linux.
• Modify or write new extensions to existing software
• Programmed in C, Shell Scripting (Bourne Shell), perl and python for system automation and system status reporting

B. Sc., Computer Science

Th. M. (Master Of Theology), Systematic Theology

Mts, Theology