Cloud Solutions Architect
Overview of the Project
This architecture is designed to leverage the strengths of both private and public clouds, enabling secure, scalable, and cost-effective hybrid cloud operations. The OpenStack-based private cloud provides flexibility, while AWS offers robust scalability and managed services. The VPN tunnel and network segmentation ensure secure communication and efficient workload management across environments.
Overview of the Project
This illustrates an AWS SSO authentication flow using Active Directory Federation Services (AD FS) and SAML in a Home Lab Infrastructure setup. It details the steps involved when a user logs in to a portal and gains access to the AWS Management Console via federated authentication.
This setup enables secure Single Sign-On (SSO) for AWS resources using Active Directory authentication mechanism hosted in a main AWS account, ensuring centralized user management, enhanced security, and compliance.
Overview of the Project
Todd is a dedicated Yoga instructor based in Florida and the CEO of Native Yoga, a company committed to providing high-quality Yoga classes and training. With over 17 years of experience in the industry, Todd has cultivated a loyal following, offering both in-person and virtual Yoga sessions to students worldwide. His passion for Yoga and holistic wellness drives him to continuously enhance the learning experience for his clients. However, as the business grew, he began facing several operational and technical challenges that required immediate attention.
Challenges Faced by Todd
Overview of the Project
Our project aims to migrate the functionality of your on-prem data center to a well-designed secured cloud environment. It's in response to your recent cybersecurity event where sensitive and
confidential data were stolen. Also to address the loss of skilled tech workers to maintain such an environment on your on-prem. This will benefit your business, both your internal and external
stakeholders by protecting your data and reputation, preserving your competitive advantage, and
avoiding lawsuits and compliance fines. Through meticulous planning and execution, we're
confident in our ability to achieve the desired outcomes.
Objectives
The primary goal of our project is to design a secure cloud migration and secure future state cloud architecture that addresses your company needs to address the lack of tech skills and a more
secure environment. In addition, we have specific objectives such as contracting cloud and
migration skills for implementation and security operations. By accomplishing these goals, we'll
create a positive impact and drive meaningful change.
Approach
Our proposed approach for this project is based on a thorough analysis of the situation and best
practices. We'll adopt a structured methodology that includes a signed statement of work with
capability matrices, architectural vision, business, data, and application mappings, the cloud
architecture, opportunities, migration planning, implementation governance, and change
management. All the while managing any requirement changes. This approach ensures efficient
utilization of resources and maximizes project outcomes.
Implementation timeline
While the project is divided into distinct phases, as outlined in the approach phase, medium sized
migrations in the industry takes about 2-4 months. Our plan ensures that tasks are executed in a timely manner, allowing us to stay on track and deliver results.
Resource requirements
To successfully execute this project, we've identified the key resources needed. This includes migration engineering, cloud engineering, and security monitoring and response .We're confident in our ability to secure the necessary resources and allocate them effectively to ensure project success.
Budget
A project of this nature requires a well-planned budget. Based on our analysis, we've estimated the required funding to be approximately 14 million over 3 years of operation. This budget
encompasses all project-related costs, the cloud engineering for the cloud infrastructure and
security monitoring and response and aligns with the anticipated benefits and outcomes.
Conclusion
Our project proposal is an exciting opportunity to address and create tangible value for internal and external stakeholders. With a clear vision, defined objectives, and a robust implementation plan, we're ready to embark on this journey. Join us as we bring this project to life and make a lasting impact.
Overview of the Project
Designed an automated auditing solution to scan 75 AWS accounts, identifying IAM users and their associated policies. The solution cross-validated these users against Active Directory (AD), streamlining data collection to facilitate a migration from local AWS users to AD and prepare for Single Sign-On (SSO) enforcement. Solution also included an on-demand reporting of IAM users and their defined policies via email, providing continuous visibility into the readiness phase. Tech: Python, MS SQL, AD, Jenkins.
Note: Sensitive data have been skipped/masked from being displayed.
Overview of the Project
Architected an end-to-end solution to manage public cloud Security Groups. The solution included options to generate reports and automated initiation of actions on policy violations. Tech: Python, MS SQL, Jenkins
DFD: Take Action on Defaulters of Security Group
Sample report on Security Groups
Note: Sensitive data have been skipped from being displayed.
Overview of the Project
Designed and implemented an end-to-end automation framework for seamless Chef node registration upon instance launch. EC2 instances, forming part of a secure cluster, required Chef compliance enforcement. Leveraging an existing remote bootstrap solution, I enhanced the AMI’s user data script to automatically register instances with Chef server upon startup.
However, a critical issue arose - terminated instances left orphaned objects in the Chef DB, creating unnecessary overhead. To mitigate this, I engineered an automated de-registration mechanism by developing a Red Hat service that proactively removes nodes from Chef server upon instance shutdown or deletion. Given the ephemeral nature of these instances, this solution significantly optimized Chef DB performance, reducing redundant entries by at least 50%. Tech: Chef, Bash, PHP, Jenkins, curl, System services.
Overview of the Project
Leading this project was a dynamic and rewarding experience. I worked with a talented cross-functional team to develop comprehensive test cases, ensuring that the Morpheus cloud management platform met all intended use cases seamlessly. From the start, I focused on building a structured test plan that would not only validate system reliability, security, and performance but also set a strong foundation for future scalability.
To streamline integration with our private cloud, we leveraged Chef staging environments, automating VM bootstrapping and software deployments with predefined cookbooks. This automation ensured consistency across deployments, reducing configuration drift and improving operational efficiency.
Understanding that each team member brought unique strengths, I thoughtfully assigned tasks based on expertise, fostering a collaborative and high-performing environment. Regular stand-ups and checkpoints weren’t just about tracking progress - they provided an open space to troubleshoot challenges, exchange ideas, and ensure everyone had the support they needed.
Security was a key focus throughout the project. I identified a critical vulnerability that could have exposed the system to potential risks. To mitigate this, I developed a custom solution that effectively circumvented the issue, strengthening our security posture without compromising functionality.
Vendor update calls became a crucial part of the process. I took an active role in identifying and reporting bugs, feature gaps, and performance limitations, ensuring that our concerns were addressed. By advocating for necessary enhancements, I helped refine the solution, ensuring it met our business objectives and delivered real value. I also developed a custom solution to circumvent a security vulnerability.
Overview of the Project
Developed a tool that integrated with ServiceNow to fetch CMDB data and compared it against Chef’s database to identify unregistered servers or those failing to check in. Upon detection, it initiated the registration process for Gold, Silver, and Bronze-tier servers. A self-healing mechanism ensured compliance by running every 8 hours for Bronze servers. Failure reports were sent to the respective teams via email for remediation. The tool’s output was consolidated and published on Tableau for real-time visibility. Tech: Chef, Python, Bash
Overview of the Project
Designed and implemented a secure, custom workflow to replace an insecure process provided by the private cloud. The solution ensured full adherence to InfoSec compliance standards for newly launched VMs, including automated installation of required applications. Additionally, a bespoke cloud initialization solution was developed to extend support for legacy operating systems no longer maintained by vendors. This innovation enabled developers and QA engineers to continue delivering support to customers reliant on older versions of Informatica products, ensuring uninterrupted service and operational continuity. Tech: Chef, Bash, PowerShell
Overview of the Project
The Cloud Management Platform (Morpheus) utilizes the cloud-init package to configure VM-specific parameters. The absence of a reliable cloud-init solution in the environment created significant challenges for the business. Furthermore, with the operating system being obsolete, vendors had ceased providing bug fixes and maintenance releases. Without proper VM configuration, it led to the following issues:
Overview of the Project
This was a high-priority, CEO-monitored project with a tight deadline, requiring a flawless execution strategy. As the project lead, I managed a team of developers to design and implement a seamless migration solution that replaced commercial Java versions with open-source alternatives, specifically OpenJDK and Azul. Our approach involved building an intuitive frontend UI that allowed users to:
Overview of the Project
CIS Profiles provide a practical and effective approach to securing your IT environment, offering pre-configured, well-researched security settings tailored to a wide range of systems and applications. Developed by the Center for Internet Security (CIS), these profiles are based on the latest threat intelligence and industry best practices. They simplify the process of securing infrastructure across platforms such as Windows, Linux, macOS, and cloud services. By implementing these profiles, organizations can ensure their systems are configured to minimize vulnerabilities, protecting against common threats and attacks.
The real value of CIS Profiles lies in the peace of mind they provide. By following these guidelines, organizations can stay ahead of potential security risks, reduce time spent on manual configurations, and ensure compliance with key industry regulations like HIPAA, PCI-DSS, and GDPR. Beyond just a set of recommendations, CIS Profiles help businesses lay a solid security foundation, safeguard sensitive data, streamline security processes, and foster a culture of proactive cybersecurity. With regular updates and a focus on actionable security, these profiles are a vital resource for organizations looking to strengthen their defenses and reduce risk.
I was approached by the Information Security (InfoSec) team to implement CIS policy controls across enterprise-supported operating systems, including on-premises, AWS, and Azure cloud environments. After reviewing the standards, I worked closely with both the Operating Systems and InfoSec teams to ensure alignment. Together, we decided to implement 95% of the policy controls outlined in the CIS report, excluding the remaining 5% due to non-alignment with Informatica standards.
I successfully designed and developed a cookbook to automate the implementation of the agreed standards, which was then audited and approved by a third-party cyber security agency.
Additionally, I developed InSpec profiles to verify the applied CIS policy controls and generate reports in HTML format, ensuring that the implementation was both validated and easily accessible. Tech: Chef, CIS Profiles, Inspec Profiles, Jenkins
Overview of the Project
Developed a custom solution to streamline the registration and management of servers on Chef, enabling the seamless application of InfoSec compliance standards. I modified the core bootstrap process to meet these specific requirements, addressing credential-sharing challenges.
Faced a unique challenge while bootstrapping cloud instances where IP address of the instance is replaced by NAT Gateway IP for the outgoing traffic. I enhanced the tool to forward actual IP of the instance so it can be registered on Chef. This solution empowered infrastructure owners to secure their environments autonomously, ensuring operational security without compromising sensitive credentials. Notably, the implementation included a unique feature that even the commercial version lacked, which surprised the vendor and demonstrated significant technical innovation. Tech: Apache, PHP, Jenkins, Bash, Batch, PowerShell, curl
Overview of the Project
The project involved hosting a 2-day Chef Essentials training session designed to equip participants with the foundational knowledge of Chef automation. During the training, participants were encouraged to bootstrap their laptops to convert them into Chef workstations, which allowed them to practice hands-on automation tasks in real time.
The training covered key concepts such as creating and managing Chef cookbooks, writing simple programs, and automating tasks that were previously performed manually. The goal was to ensure participants could independently use Chef to automate routine processes and improve their workflow efficiency.
This training not only improved users’ technical skills but also fostered a culture of automation within the organization, empowering individuals to take charge of their own environments and reduce reliance on external teams for day-to-day tasks.
Overview of the Project
Designed and developed an automated solution based on DevOps principles to streamline the testing and deployment of applications into production. This solution empowered teams to independently test and release applications such as Snow, Qualys, SEP and Cortex.
Previously, these teams launched VMs, installed and tested applications manually, consuming significant time and resources. The new solution leveraged CI/CD pipelines to automatically deploy multiple versions of Linux and Windows VMs in the private cloud. Once the VMs were reachable over the network, the tool would install and configure the selected applications and the results would be emailed to users.
Additionally, the solution enabled teams to use CI/CD pipelines to release applications into the production environment, with proper approval from the change management team. Tech: Chef, Jenkins, Morpheus REST API, curl.
Self-service - CI/CD Pipelines to Build, Test, and Release Applications
Overview of the Project
Implemented a solution using Chef to forward syslog messages from all Linux servers to a central syslog server. A Sumo Logic collector was installed on the syslog server, which then forwarded all incoming messages to the cloud-hosted Sumo Logic infrastructure.
An analytics dashboard was developed using Sumo Logic to monitor infrastructure status.
Tech: Chef, Rsyslog, Sumo Logic.
Overview of the Project
While monitoring vendor releases, I identified that our environment was running Chef Client 12.15.19, whereas version 12.17.44 was available with critical security and feature improvements. Recognizing the potential benefits, I initiated a Proof of Concept (PoC) to validate the new version on a subset of servers. The PoC was successful, and I proactively updated leadership on the findings, proposing a structured upgrade plan.
To ensure a smooth transition, I collaborated with key stakeholders, including the Infrastructure team, ITSM, and InfoSec, conducting meetings to communicate the necessity and impact of the upgrade. To automate and streamline the deployment, my team and I developed a Chef cookbook that seamlessly upgraded the Chef client across all existing 8000+ servers. Additionally, I worked closely with the VMware team to ensure Chef client updates were integrated into the VM templates, preventing version mismatches in newly provisioned servers.
By driving this initiative, I ensured our infrastructure remained secure, stable, and up to date, minimizing operational risks while enhancing system reliability.Tech: Chef.
Overview of the Project
The primary requirement for this project was to select a vendor that could automate the installation and configuration of applications using Chef cookbooks. The goal was to eliminate manual intervention, reduce errors, and improve overall deployment efficiency.
As part of the process, I took the lead in preparing the RFP document that would outline the project’s requirements and expectations from potential vendors. Some key clauses included in the RFP were:
Overview of the Project
Recognizing the critical limitations of Dell Multi-Cloud Manager, I played a key role in identifying and implementing a more effective private cloud solution. As a member of the selection committee, I was actively involved in the vendor evaluation process, attending multiple demo sessions from different cloud management vendors, carefully assessing their capabilities, and analyzing their responses to the Request for Proposal (RFP). This rigorous evaluation process allowed us to compare key factors such as feature set, automation capabilities, integration with existing infrastructure, scalability, and vendor support.
After thorough assessment, we selected Embotics for the Proof of Concept (PoC) phase, ensuring it addressed the pain points of the previous solution. Dell’s system had proven unreliable due to recurring bugs, a complicated three-tier architecture, and a failure to execute Chef cookbooks, which significantly impacted our automation efforts. Moreover, its lack of adequate vendor support made troubleshooting and patching a constant challenge.
Once the PoC was approved, I led the initiative to integrate Chef with the new platform, enabling seamless infrastructure automation and improving deployment efficiency. I collaborated with cross-functional teams to develop and execute rigorous test cases, ensuring the solution was robust, scalable, and secure. Additionally, I maintained an open feedback loop with stakeholders and vendors, proactively addressing issues and ensuring the new system aligned with business and technical objectives.
By replacing a problematic cloud management system with a well-evaluated, vendor-supported, and automation-driven two-tier solution, we significantly enhanced operational efficiency, reduced long-term maintenance overhead, and empowered teams with a more stable and scalable infrastructure.
Overview of the Project
The Dell Multi-Cloud Manager was failing to meet the customer's evolving needs due to its reliance on a complex three-tier architecture, which consisted of:
Overview of the Project
The newly architected solution enabled authorized staff to independently initiate application refreshes, eliminating the need for multiple teams to coordinate through a semi-automated tool. By fully automating the end-to-end process of publishing new application versions, the solution streamlined deployments, minimized human intervention, and ensured faster rollouts.
This automation reduced the maintenance window for the customer-facing cloud application from three hours to just 30 minutes, significantly enhancing service availability and operational efficiency. Tech: Chef, AMI, EC2, RDS, F5
Functions of the Management Node
Recognized for swiftly implementing a Log4j vulnerability scanner across the on-premises infrastructure, covering over 8,000 servers in record time. Received special acknowledgment from the CEO during an all-hands meeting for this critical initiative.
Received a commemorative gift for leading a team of developers for automating the replacement of commercial Java with open-source alternatives, earning recognition from the CEO during an all-hands meeting.
The self-service solution, built with Jenkins and Chef, enabled rapid deployment of OpenJDK or Azul across Windows and multiple Linux distributions. Within six weeks, the tool facilitated over 4,000 replacements, mitigating the risk of vendor fines for unauthorized usage.
Received a memento for automating the detection and reporting of MKS Toolkit errors that triggered production outages by crashing ESXi servers. Earned recognition from the VP during the IT kickoff meeting.
The collaborative effort with various business and IT teams resulted in a cost reduction of 90%, from $1 million to $100k. Received a boundary-less behavior banner award on successfully achieving a first-of-its-kind milestone for migrating the Ab Initio application from an AIX environment to a Linux virtual environment..
Honored for developing a web-based self-service password reset solution, leading to annual savings of £3,300. This unique solution received a souvenir during the Tesco Innovation conference and was highlighted in the Tesco Innovation Achievers magazine.
Recognized for visiting onsite and successfully resolving a high-impact business issue reported by ZF-Sachs, Germany, pertaining to the HP OMS database and helped retain key client.
Recognized for visiting onsite and successfully resolving multiple business-critical escalations related to the HP OMS application within three weeks, despite issues remaining unresolved for 18 months. This achievement garnered recognition from the Ministry of Social Policy, Government of New Zealand.