Technology is my passion. I've shaped my life, and 15 years of professional experience around it. AWS is my playground. It's an obsession, really.

The cloud is a superpower that a driven man can use to make his impact on the world. Applying cutting edge information technology in clever and intuitive ways is what I do.

I work every day to move the needle on cloud compliance for efficiency, security, and cost optimization using the latest in containers, serverless, and automation.

2014-19
Lead Cloud Security Engineer, Cimpress

 Analyzing and addressing security and spending risks across hundreds of AWS accounts, and millions of dollars per month in infrastructure spending.

 Learning wide array of AWS services, cloud security & cost control implementations, actively exploited vulnerabilities, and secure coding practices.

 Developing education, detection, and mitigation strategies that enable software engineers to build secure applications in the cloud without overspending.

Lead DevOps Engineer, Cimpress

 Organized migration to robust CI/CD infrastructure and provided complete platform upon which software engineers can review, build, test, deploy, and monitor.

 Learned configuration management and infrastructure automation, logging and monitoring, IT project management, SDLC, containers, and Linux administration.

 Improved SCM, CI/CD, and artifact management uptime and reliability. Provided path forward, removing dependencies on legacy and outdated platforms.

2008-13
Sr. Problem Manager, Vistaprint

 Analyzed, prioritized, & managed the resolution of a wide variety of costly business problems during both business hours and 24x7 on-call.

 Learned emergency problem triage and analysis, global communication and efficient problem management, and cost & postmortem analysis.

 Minimized the impact of ongoing production issues, saving tens of thousands of dollars each week. Prevented re-occurrence of problems through accurate and complete analysis. Briefed executives with summaries of high-impact business problems.

Sr. Systems Administrator, Vistaprint

 Performed maintenance, monitoring, and code deployments on global production infrastructure. Developed tools for systematizing manual tasks.

 Learned e-commerce IT operations, web development, change & work management, and Windows domain administration.

 Increased site uptime and reliability. Enabled consistent work tracking and site health historical analysis through tooling.

2004-07
Systems Engineer, IT4

 Designed and assembled desktop and portable computer systems for use by law enforcement during forensic collection of computer crimes evidence.

 Learned system design, customer service, vendor management, quality assurance, and on-site technical skills.

 Increased product quality baseline and lowered frequency of repair and warranty returns.

Cloud Solutions Architect
DevOps Engineer
IT Problem Manager
Security Engineer
Software Engineer
Network Administrator
AWS Compute
AWS Management
AWS Database
AWS Storage
AWS Security
  Linux
  Mac
  Windows
Docker
Terraform
Git
CI/CD
AWS Security
Compliance
TLS
Crypto
JavaScript
Go
Ruby
C#
PowerShell
AWS Networking
DNS/DHCP
VPN
Raising Compliance and Lowering Cost

Cimpress needed a simple way for our hundreds of engineers to stay on top of the security and control the costs of their cloud infrastructure.


I created an intuitive web app in node.js on Docker using data from CloudSploit and saw drastic improvement in our security compliance.


Right now (Summer 2019), I'm actively building a web app in node.js on AWS Lambda using data from Cloudability to provide actionable, cost-saving insight to engineers, directors, and leadership.

Doing Enterprise AWS Right

Cimpress needed a way for the enterprise at large to use AWS effectively and securely. I spearheaded the company's strategy around adopting SSO for the cloud, for login and for API key generation.


This was achieved through partnership with Auth0, and the creation of several supporting tools in Ruby, PowerShell, and Golang.


My design and tooling contributions empowered thousands of engineers across the world to use hundreds of AWS accounts seamlessly and securely.

Making Docker in AWS Easy

Recognizing a CI/CD usability gap in AWS ECS for software engineers using Docker, I created two tools around AWS ECS - one for building and deploying, and another for optimizing infrastructure.


This was achieved with node.js packages made available to the open source community for use by myself and my peers, as well as the public at large.


Available on npmjs.com

Building My Own Solutions

When I first started using Firefox, there was no way to strictly enforce HTTPS for all requests made by the browser (only add-ons to softly attempt HTTPS, with a fall back to HTTP).


So I built and published an add-on for Firefox called NoHTTP to accomplish this, and I use it every day.


Published to the world at addons.mozilla.org

Applying Machine Learning in New Ways

To gain a deeper understanding of streaming video quality and practicality, I applied Netflix machine learning technology to the video standards used on Twitch.tv.


This was achieved by Dockerizing Netflix VMAF and collecting measurements from video encoded to Twitch's guidelines.


Published to the world at streamquality.report

Clever Use of Multi-Region Serverless

To better understand global HTTP latency, I deployed a node.js script to several locations around the world that connect to my site every 60 minutes and report how long each phase of the connection process takes.


This was achieved with AWS Lambda deployed through serverless framework, executing headless chrome built for Amazon Linux, and aggregating data using sitespeed.io's browsertime tool, storing results in AWS ElastiCache.


Inspired by updown.io. Actual metrics from the past 60 minutes below:


Shedding Light on TLS

To learn more about TLS protocols, cipher suites, and named groups, I implemented a proxy that injects details about the current TLS session as request headers, along with the client's declared supported groups and suites.


This was achieved with nginx built with openssl 1.1.1 for TLSv1.3 support, and cross-referencing data with ciphersuite.info and safecurves.cr.yp.to to understand differences between them.


Deployed as ifconfig.lol. Actual stats about your session below:


This session
  • TLSv1.2
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Your supported groups
  • prime256v1
  • secp384r1
  • secp521r1
  • sect283k1
  • sect283r1
  • sect409k1
  • sect409r1
  • sect571k1
  • sect571r1
  • secp256k1
Your supported ciphers
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_RSA_WITH_AES_128_GCM_SHA256