Zuellig Pharma, Asia's healthcare leader for over a century, provides top-notch distribution and services to expand healthcare access across 16 markets. They partner with top pharma companies, serving over 200,000 medical facilities.Objective:The objective is to modernize cloud infrastructure by migrating from Azure to GCP with Kubernetes Engine for orchestration. This transition will implement best practices for organization and security (Fabric FAST, GKE best practices, GitOps) and leverage CloudSQL with Workload Identity for secure databases. An IaC pipeline will automate infrastructure management.Responsibilities:• Migrate all the infrastructure from Azure to Google Cloud• Set up and maintain the Kubernetes system• Implement best practice Organization model using Fabric FAST• Implement security best practices to the GKE system• Migrate and implement security with GitOps from AAKS to GKE• Provision CloudSQL and implement SQLproxy with Workload Identity Authentication methods to provide secured connection to the databases.• Setup pipeline for IaC

VMO Group is an outsourcing company that provides software development and IT services to clients across various industries. As a DevOps engineer at VMO Group, my main role was to create and maintain dev environments for all Delivery Units in the company, using various technologies and best practices.• Set up and maintained a robust and secure on-premise Kubernetes system for deploying and managing containerized applications• Implemented a Ceph storage system to provide scalable and reliable storage for the Kubernetes clusters• Installed and configured Gitlab system to enable version control, continuous integration, and continuous delivery for the development teams• Integrated Gitlab dynamic runner system used IaC tools to manage Gitlab runner system with GitOps, which is a methodology that applies the principles of version control and automation to the entire software delivery pipeline to improve the efficiency, reliability, and security of the software delivery process at VMO Group• Provision and manage the Proxmox system, which is a virtualization platform that allows running multiple operating systems on a single host

As a sole DevOps engineer at BB Digital Company, you are responsible for ensuring the security and reliability of the company's software development and operations processes. You implement DevSecOps best practices, such as using tools like Vault Warden, Gitlab CI/ArgoCD, Terraform, KEDA/Kapenter, Hashicorp Vault/OPA GateKeeper, and Snyk/Sonarqube/Trivy/ZAP Operator to automate security tasks throughout the software development lifecycle. You also monitor the performance and health of the company's systems with logging (Promtail, Loki, Grafana), tracing (ElasticSearch, Jaeger), and monitoring (Prometheus). Additionally, you use Automation WAF to automatically deploy and manage AWS WAF rules to protect the company's web applications from common attacks.

Led a comprehensive cloud migration to AWS for BIC Bank Cambodia, transforming their on-premises infrastructure for increased scalability, agility, and cost-efficiency.Technical Approach:Technical approach:- Migrate all on-premises banking platforms to AWS with a re-architect strategy- Design and implement landing zones for organizations with IAM Identity Central Active Directory- Design and implement hub and spoke hybrid network model- Implement Site to Site VPN and Software VPN with SSO Active Directory with Pritunl Enterprise- Implement all underlying infrastructure as EKS, RDS serverless, DynamoDB ...- Implement centralized security and monitoring in shared-service EKS cluster with Hashicorp Vault high availability, Prometheus with Thanos Multi cluster pattern.- Implement secret rotation and injection with Hashicorp Vault Injector high availability, directly pass secrets into the pod without storing them as secrets inside the cluster.- Implement distro-less images with smaller size, faster deployments, and potentially improved security.- Implement Istio gateway and service mesh with strict mTLS between microservices.- Implement Gitlab for 5000 users with hybrid architecture- Integrate GitLab dynamic runner system with GitOps managed declarative config- Implement a centralized pipeline template with many security layers in the pipeline, including SAST and SCA with Sonarqube, Trivy, Snyk, Docker Scout, ...and DAST with OWASP ZAP - Implement policy enforcement with Open Policy Agent GateKeeper with Centralized Policy Management, Admission Control Integration, Enforcing Best Practices and Compliance Enforcement to comply with internal security policies or external regulatory requirements (e.g., PCI-DSS, HIPAA)- Implement Security Automations for AWS WAF rules to protect your web applications from common attacks with Automation WAF (anti DDoS, Web Scan, XSS/SQL injection, Bot and IP restriction, ...)

As a DevSecOps engineer at OQL Company in Australia, I am responsible for ensuring the security and reliability of the company's Encryption as a Service platform on Google Cloud Platform. I work in a fully secured environment and use a landing zone approach with Google Cloud Foundation Fabric.My responsibilities include:- Implementing and managing DevSecOps best practices throughout the software development lifecycle, from code development to deployment and operations.- Using Google Cloud Platform security tools and services to protect the company's infrastructure, data, and applications.- Configuring and managing Google Cloud Foundation Fabric to create a secure landing zone for the Encryption as a Service platform.- Working with other engineers to automate security tasks and integrate security into the company's development and operations processes.- Monitoring the performance and security of the Encryption as a Service platform and responding to incidents promptly.I am a highly skilled and experienced DevSecOps engineer with a deep understanding of Google Cloud Platform security tools and services. I am also passionate about DevSecOps and am committed to delivering secure and reliable software.

Dentity is a platform that enables consumers and businesses to more easily and safely share their identity data. It provides secure and scalable authentication and authorization services for web and mobile applications. Dentity System leverages the best practices and tools of DevSecOps to ensure the highest level of security and performance throughout the software development lifecycle.As a sole DevSecOps engineer working on Dentity System, I am responsible for integrating security into the development and operations processes. Some of the tasks that I perform include:• Manage project-evel secrets using Vault Warden• Automate the deployment of your applications to AWS EKS clusters using fully managed by GitOps with Gitlab CI and ArgoCD• Infrastructre as Code (IAC) to improve the scalability, availability, security, and performance of the infrastructure by following best practices such as version control, modularization, testing, and monitoring using Terraform.• Autoscale the EKS clusters with KEDA and Kapenter• Manage your secrets and rotate secrets securely with Hashicorp Vault and enforce policies with OPA GateKeeper• Passwordless and credential-less design pattern to connect to a database or other AWS resources without storing or passing any passwords or credentials.• SAST and DAST scan IAC and Application code for vulnerabilities with Snyk, Sonarqube, Trivy and ZAP operator• Monitor the performance and health of your system with logging (Promtail, loki, grafana), tracing (ElasticSearch, Jaeger), and monitoring (Prometheus)• Automatically deploys and manages AWS WAF rules to protect your web applications from common attacks with Automation WAF (anti DDoS, Web Scan, XSS/SQL injection, Bot and IP restriction, ...)By following the DevSecOps approach, I help Dentity System deliver secure and reliable identity services to its customers while maintaining agility and innovation in AWS.

- Built a logging and tracing system on AWS to monitor and troubleshoot the performance and health of their applications• Used Fluent Bit to collect and forward logs from various sources to Loki• Used Loki to store and query the logs in a scalable and cost-effective way• Used Grafana to visualize and analyze the logs and metrics from Loki and other sources• Used OpenTelemetry to instrument and collect traces from the applications• Used AWS X-Ray to store and visualize the traces and identify bottlenecks and errors• Used CloudFormation to provision and manage the AWS resources for the logging and tracing system• Used HashiCorp Packer to create and configure custom AMIs for the EC2 instances running the applications

- Personal Agent Desktop: Part of the Personal Agent project, personalized data mining, using resources from the user's own computer. Personal Agent desktop is in the presentation layer to manage the collected data, statistics and all source to collect of user. (hybrid app with Personal Agent web with more personal functions)- Personal Agent windows services: Part of the Personal Agent project, personalized data mining, using resources from the user's own computer. The windows service will be responsible for checking the collection schedule and conducting highly personalized data collection.

• Used Google Kubernetes Engine (GKE) to deploy and manage a crawler system with 800 nodes on Google Cloud Platform (GCP)• Used Kafka to stream and process large amounts of data from the crawler system• Used Redis to store and access data in memory for fast performance• Used MongoDB to store and query structured and unstructured data• Used Loki, Promtail, and Grafana to monitor and visualize the logs and metrics of the crawler system and other components• Used best practices and tools to automate, secure, and optimize the DevOps workflow on GCP

- Account control extension: Chromium-core extension for obtaining account-based cookies for the collection of data that requires login authentication such as social networks. Collect facebook full access token of account.- Personal Agent web-frontend: Part of the Personal Agent project, personalized data mining, using resources from the user's own computer. Personal Agent web-frontend is in the application layer to manage the collected data, statistics and all source to collect of user. + Tool: Vue, Bootstrap- Blocking paywall extension: Chromium-core extension for blocking the payment required in some Newspaper (for data collection module)

Backend modules: - All about Data Extraction module (Worker, manager, queue, document parser, ...): Collecting all kinds of data on social networks on demand. Manage the workers to collect. Data stored at MongoDB and managed data at Postgree. Workers, using http, selenium depend on Rule template sepecified, are given the option to use proxies to avoid problems with blocking requests. + Full responsibility (develop, manage source code, deploy) + Tools: MongoDB, Postgree, Kafka, Selenium. - Realtime metasearch: Quickly search results related to keywords on search systems. Handles blocking requests (Redis cache, autohealing), automatically scaling according to requests received and resources used. + Full responsibility (develop, manage source code, GKE deploy) + Tools: Kafka, Redis, K8s, Jetty - Personal Agent web-backend: Part of the Personal Agent project, personalized data mining, using resources from the user's own computer. Personal Agent web is in the application layer to manage the collected data, statistics and all source to collect of user. + Full responsibility (develop, manage source code, deploy): + Tool: Spring boot, Kafka

Internal Software: -Accounts Helper Application (windows application): + Auto check and update status of cookie/token. + Get cookies and api tokens on a large number of accounts automatically. + Auto create accounts and get account info to crawl data (social network). + Automate all work if possible in the business.

This internship was approved by the METI Japan Internship program, organized by METI Government of Japan-Acquired knowledge about Blockchain, Web 3.0, Smart contract through internal training conferences-Learned deeply about Scrum and Agile software development methods. -Worked under the supervision of CTO-Contributed to the company's first product in the education sector

• Worked with Wordpress to create and maintain dynamic websites and web applications• Deployed Wordpress on Apache servers and used jQuery for front-end interactivity• Developed software solutions using PHP frameworks, SQL databases, and object-oriented programming• Managed multi-tenant web applications with security and scalability in mind• Used Git for version control and collaboration• Applied HTML5, CSS, JavaScript and other web technologies to design and implement user interfaces and front-end features

- Support customers for more information and promote Sales - Raise ideas, give detailed planning for sales campaigns- Create events for customers

- Process invoice documents and finance report- Help company get tax information- Manage content posted on media channels

Trained Artificial Intelligence with personalized data, enabling AI to identify identity cards, automatically retrieve information and enter data into archives.