➢ SME for governance and security for all production customer facing or customer supporting systems, including Azure, AWS, GCP, ecommerce platforms, and distribution vendors. Project and technical lead for several successful initiatives to improve our security posture, including SSO, automated user provisioning, improved account auditing, centralized audit logging, and alerting. Business processes surrounding these activities were also revamped to reduce friction and improve compliance. ➢ SME for cloud cost management. Built a tool that exports raw cost data from cloud providers, normalizes it, and assigns several additional business relevant dimensions for reporting. ETL tool is written in python deployed to Kubernetes as a daily cron job, data is stored in MySQL hosted in same, and reporting is done via Microsoft PowerBI.➢ Migrated all workloads from four production and two non-production data centres to Azure using Azure Migrate. Amenable workloads have been cloudified, remainder have been right-sized and reserved instances purchased. Project took four months of planning and three months to execute, reduced overall costs, and aligned infrastructure with business initiative to migrate our platform to a microservice architecture in Kubernetes.➢ Wrote terraform modules for internal teams to automate and enforce correct deployment topologies and security standards for several different recurring workloads. Reduced timelines for deployments by the managed services team from weeks to hours. Modules include enforcement of tenant level security standards, IAM permission and role assignments, network and network security configurations, infrastructure including virtual machines, Kubernetes clusters, PaaS offerings like Azure DB and Azure App Service, as well as templated Ansible for virtual machine hardening to CIS benchmarks

➢ Designed and deployed SAP HANA based Hybris Billing platform in AWS. Design includes multi-region failover/disaster recovery and separation of platform via multiple AWS accounts. Deployment was fully automated, including compute, storage, network, and security configurations. Host configuration enforced via puppet.➢ As part of an acquisition, designed and deployed new networks and infrastructure including a forklift migration of customer facing production systems to AWS. Wrote a REST API for F5 Load Balancer using iRules (TCL) to enable developers to dynamically manage external access to internal test systems for CI/CD pipeline.➢ Deployed new data centres in the Netherlands, Australia, and Singapore to facilitating the global rollout of the Ingram Micro Cloud Marketplace. Redesigned the original network design to improve security through greater segmentation, isolation, and more granular network security policies.➢ As part of a security revamp completely redesigned the approach to user access and management, introducing a new LDAP schema for more granular user access control as well as an internal virtual desktop platform for secure access to production systems.➢ Introduced and drove adoption of puppet automation and configuration management, reducing variation and human error while also enforcing security restrictions and best practices.➢ Rebuilt infrastructure behind a key web marketing property, reducing loading time by more than half while simultaneously improving resilience of the platform.➢ Migrated primary load balancer for direct hosting platform from Cisco ACE to F5 BigIP (again).

➢ Deployed new Cisco UCS cluster to replace existing VMWare 4 based private cloud. Responsibilities included network design (layers 1 through 3), creating security policies, deployment and configuration of VMWare ESXi and vCenter (including Cisco UCS integration), and migration planning.➢ Designed and deployed new Point of Presense (POP) to support Broadworks VoIP platform using Cisco UCS with VMWare ESX 5.5 and bare metal installations. Handled network design and deployment of supporting services (DNS, LDAP, etc). Site served as template for deployments of other POPs throughout country.➢ Assumed operational lead of legacy customer portal infrastructure, including maintenance and deployment of new code to existing weblogic servers, replacing apache with nginx proxies for security reasons, and transition to serving much of the content statically. Wrote documentation for the platform, which had previously been lacking.

➢ Planned and executed the migration from Cisco ACE to F5 BigIP load balancers in both primary facilities, affecting every service offered. Used perl to ingest multiple large (28k line) XML configuration files, manipulate the data in a database to consolidate and simplify the configuration without losing functionality, and then export F5 configuration in order to automate the configuration migration.➢ Lead the application portion of the IPv6 deployment across the production network. Worked with the networking team to plan and allocate our IPv6 network, then ensured services could be delivered over it. Utilized a mix of IPv6 termination on the load balancer and full dual-stacked networking to the application servers, depending on the service.

➢ Responsible for system maintenance and upgrades.➢ Developed and deployed SIP Trunking as a general product.

➢ Built, maintained, and migrated several large VoIP platforms serving residential, commercial, and wholesale customers.➢ Developed and deployed several internal tools, including one to automate the maintenance of local calling areas, and another allowing support agents to troubleshoot calling from multiple platforms and carriers.