About

With over 18+ years of experience across DevOps, release engineering, infrastructure engineering, and security, I am proficient in designing, building, and securing cloud (AWS & Azure) infrastructure with Terraform or using general-purpose languages (C#, Go, PowerShell). Furthermore, my expertise covers the entire software development lifecycle (SDLC), from source control, versioning, building, testing, and packaging, to deploying and securing software.

While working at RelayHealth, I developed the Azure infrastructure, identity management system, and security protocols - then directed the migration of RelayHealth systems from McKesson to Change Healthcare. At Scratch, I simplified employee onboarding by enabling Okta SSO, managing identity lifecycles for access control on over 30 applications, and device enrollment in only 15 minutes!

Working hand-in-hand with departments such as engineering, product, security, and operations allowed me to manage various tech projects successfully. Additionally, I mentored developers to take on more significant tasks required for company growth while ensuring efficiency and regulatory compliance. Furthermore, I guided engineers in automating their processes by providing governance models that enabled self-sufficiency.

Professional Experience

Sabbatical

Full-time Dad, Hayward, CA

I left the workforce to care for our 17-month-old daughter during the pandemic.

Whenever I found the time, I worked on some projects in my homelab, a data center, and the cloud:

• using Packer to create generalized VMware VMs for NetBSD, FreeBSD, OpenBSD, Windows, Linux
• using Packer to specialize those images to become Jenkins nodes
• created a Jenkins pipeline to automate the building of images
• experimented with dynamic Jenkins nodes within VMware vSphere
• experimented with building a C application using all the Jenkins Nodes
• using Packer to create AWS images and then running them via Jenkins
• using Terraform to bootstrap AWS
• using Terraform to bootstrap VMware vSphere
• using Terraform to automate Okta
• learned Python so I can automate Autodesk Fusion 360 to create mounting plates for small board computers from a YAML file
• wrote a Go application to sync registered domains in AWS with Route53 zones such that when a domain expired or was deleted, the corresponding Route53 zone was deleted
• updated my website to use GitHub Actions (building and publishing) and GitHub Pages (hosting)

I also studied towards Azure certification and completed the following:

• AZ-900 Azure Fundamentals
• AZ-104 Microsoft Azure Administrator Associate

Scratch

Software Engineer, DevOps, San Francisco, CA

Scratch is reimagining loan servicing to help borrowers understand, manage, and repay their loans.

• Simplified and reduced employee onboarding to 15 minutes by enabling Okta SSO, identity lifecycle management, and access control for 30+ applications. Reduced device enrollment to one hour by integrating JAMF with Okta.
• Drove data privacy strategy by defining privacy parameters and hardening all platform systems against threats. It reduced the time to generate vulnerability reports to mere minutes by revamping Rapid7 integration with AWS and JAMF.
• Recommended and provisioned Amazon Workspaces and Sophos Firewalls that enabled the business to hire 30+ employees and provide access to production worldwide rapidly.
• Developed SFTP servers in AWS, setting the company up to reduce the time to onboard customers, simplifying access controls, improving confidentiality by keeping data in S3, and automating activities like processing and encryption.
• Reduced ACM costs by $10,000 annually in AWS by consolidating certificate authorities.
• Partnered cross-functionally to ensure business continuity during the pandemic by providing each application/service had a succession plan.
• Worked with auditors to perform a SOC 2 Type 2 audit without findings.

Change Healthcare

Software Engineer, Developer Support

• McKesson Technology Solutions (MTS) merged with Change Healthcare (CHC), and McKesson Connected Care (and RelayHealth) was part of MTS. The result of the merger involved migrating assets from McKesson to Change Healthcare.
• Directed migration of RelayHealth systems from McKesson infrastructure to Change Healthcare; I advised senior leadership on risks, approaches, and progress and guided 50+ engineers on automating Azure infrastructure using C#.
• Automated Azure infrastructure using C# that promoted collaboration between operations and product teams and reduced infrastructure changes from 2 weeks to 4 hours. Created governance structure and an inner source C# project for deploying Azure infrastructure where software engineers could contribute changes.
• Mentored, trained, and advised Product and Operations teams on release and infrastructure engineering, automation, security, identity and access management, and cloud computing (Azure), thus standardizing tools, processes, and governance across the company.
• Maintained the CI/CD infrastructure (TeamCity, Artifactory, GitHub Enterprise, Coverity, JIRA) and made it self-service for 100+ users and 2000+ configurations.

RelayHealth

Software Engineer, Developer Support

The Data Platform was responsible for transforming healthcare transactions into a usable database that healthcare systems could use to infer trends, amongst other things.

• Implemented and maintained GitHub (helping engineers adopt Git and use source control), Artifactory (helping engineers adopt package management), and Coverity, a static code analysis system as part of the CI/CD pipeline using TeamCity.
• Partnered closely with software engineers, from deploying web apps to adopting Akamai CDN, driving response times 20X faster and updating content in 30 minutes instead of a week.
• Drove Security strategy from advising the security team about Azure (threats, investigations, and approaches to improve), automating security operations (managing AAD, firewalls), designing identity management in Azure, and working with Microsoft on security challenges.
• Served as the technical lead designing, deploying, and maintaining JIRA and ADFS in the data center by proxy (barred access due to need-to-know requirements). Addressed concerns from the security and compliance folks.
• Deployed ADFS to integrate identities in Azure with our on-prem Windows Active Directory and JIT privileged access management system
• Bootstrapped Azure, including networks, storage, SQL Servers, identities
• Designed, built, and maintained CI/CD infrastructure (TeamCity, Artifactory, Coverity, GitHub Enterprise) and developer tools
• Automated release engineering process and made it self-service.
• Mentored, trained, and advised product and operations teams on release and infrastructure engineering, automation, security, identity and access management, and cloud computing (Azure), thus standardizing tools, processes, and governance

Software Architect

RelayHealth built solutions that integrated various health systems. I joined as an Architect and worked on teams to implement features for the patient portal and migrate Superscripts.

• Served as the senior architect on a team of 4-6 engineers, trained the infrastructure team on using version control and automation, and closely collaborated with Product Management and QA.
• Led the end-to-end upgrade from .NET 3.5 to .NET 4.5 for a large codebase (3.5m+ LOC), including building processes, toolchains, and supporting infrastructure.
• Directed migration to the latest Surescripts specification, ensuring RelayHealth could continue to process prescriptions.
• Took over maintenance and support of CI/CD (Git, SVN, TeamCity, GitHub Enterprise) and other development infrastructure after a medical emergency.
• Collaborated with vendors improving productivity for huge codebases (3.5 million LOC)
• Collaborated with DBAs to see whether we could improve the velocity of deployments that involved database changes.
• Collaborated with teams to adopt Akamai, reducing response times up to 20 times faster and updating content in 30 minutes instead of a week
• Monitored production, investigated potential threats, and found solutions.

Workshare

Server Architect, San Francisco, CA

• Managed a 5-member team and served as architect of Protect Server, a message transfer agent (MTA) that analyzed emails and removed metadata from documents. Drove agile process and delivered ahead of schedule.
• Drove cross-functional team as Server Architect for Workshare Network Protect. Led design and testing efforts, mentored other software engineers, set up CI/CD, created windows installer and tools for maintaining appliances, and collaborated with technical writers to produce customer-facing documents.
• Launched Workshare Compare, a hosted online product responsible for comparing office documents, as the sole developer. Delivered ahead of schedule and required minimal maintenance afterward.
• Designed and implemented a network monitor using a framework that analyzed captured data for metadata and warned companies of disclosures.

Software Architect, Cape Town, South Africa

• Worked as part of an eXtreme Programming team to build Workshare Protect, a solution that analyzes documents for metadata and removes them.