Infrastructure Strategist & Software Engineer
Bridging cryptographic security theory with cloud-native production realities to build resilient, distributed systems.
Protocol Design
Cross-Functional Collaboration,
ProVerif Formal Analysis
Systems Engineering
Strategic Systems Design,
Zero-Trust Architecture
Cloud & Reliability
Multi-Cloud Architecture,
HA/Disaster Recovery
01 //
IETF_Engagement
IETF Protocol Design & Security Research Participation
Active protocol researcher and primary editor of SEAT Architecture ↗ and SEAT Proxies ↗, advancing standard mechanisms for binding remote attestation evidence to secure transport channels.
-
→
Protocol Design & Standardization Defining interoperable specifications that map the intersection of transport-layer protocols with standards-based remote attestation. Extending this work via collaborations on WIMSE Workload Attestation ↗ and the RATS RARE API ↗.
-
→
Formal Verification (ProVerif) Independently building formal models to analyze intra-handshake attestation. Producing machine-checked proofs that demonstrate cryptographic binders achieve injective agreement over post-handshake application data under single-key compromise. View seat_playground models ↗
-
→
Vulnerability Analysis & Mitigation Evaluating KEX downgrade and relay attack mitigations across proposed IETF standards. Applied ProVerif symbolic modeling to analyze known attestation vulnerabilities (e.g., CVE-2026-33697) and contributed formal architectural critique to working group mailing lists. Read WG Analysis ↗
02 //
System Ops
Impact Highlights
- → Multi-Cloud Architecture: Built geo-redundant, multi-provider architecture across Vultr, Linode, and Genesis Cloud; balanced latency vs. availability to withstand single-provider outages.
- → Cost Optimization: Reduced infrastructure cost ~75% by leading a high-stakes migration from AWS to a multi-provider alt-cloud footprint, preserving uptime and runway.
- → Resilience Engineering: Deployed a multi-site MySQL cluster tuned for the DAM workload; designed for city-local cross-provider replication and controlled failover.
- → Performance Optimization: Improved API latency by up to ~1s under load via a resource-constrained Kafka cluster (≈2GB RAM/1 vCPU) that absorbed bursty workloads and protected primary DBs.
- → CI/CD Automation: Authored complete Git-driven CI/CD pipeline (Bash + Docker Compose) enabling automated build, test, and deploy across 12+ service roles.
CleanPix Corporation
Digital Asset Management SaaS | Calgary, AB
Infrastructure Strategist
2011 — Present
- Reduced infrastructure cost ~75% by leading a high-stakes migration from AWS to a multi-provider alt-cloud footprint, preserving uptime and runway.
- Maintained 24/7 on-call responsibility as primary responder for production issues, ensuring business continuity across 5-7 VMs and on-premises hardware.
- Built geo-redundant, multi-provider architecture across Vultr, Linode, and Genesis Cloud; balanced latency vs. availability to withstand single-provider outages.
- Deployed a multi-site MySQL cluster tuned for the DAM workload; designed for city-local cross-provider replication and controlled failover.
- Improved API latency by up to ~1s under load via a resource-constrained Kafka cluster (≈2GB RAM/1 vCPU) that absorbed bursty workloads and protected primary DBs.
- Authored complete Git-driven CI/CD pipeline (Bash + Docker Compose) enabling automated build, test, and deploy across 12+ service roles; includes multi-stage container builds that deconstruct Java WARs for cache efficiency, dynamic per-role manifest generation, and just-in-time secret delivery via transient helper containers.
- Integrated Cloudflare for DNS management, WAF protection, and load balancing; implemented Amazon SES for email delivery with a full deliverability stack (SPF, DKIM, DMARC).
- Automated integration testing using BDD principles with Gherkin/Cucumber feature files that gate production deployments.
- Maintained direct customer-support channel, translating real-world user issues into infrastructure fixes, UX improvements, and SLA-driven priorities.
Product Champion
2011 — 2016
- Overhauled customer-facing web application using JSPs and modern JavaScript, significantly improving user experience.
- Bridged the gap between business needs and technical execution through daily collaboration with the head software architect.
- Crafted user stories and acceptance tests, translating client and operational requirements into actionable, high-quality software deliverables.
Infrastructure Specialist
2007 — 2011
- Recovered botched Sun Apple Xserve migration after catastrophic XRAID failure—restored critical endpoints from near-total data loss, preventing company closure.
- Responsible for monitoring, review, and reporting of on-prem hardware health.
03 //
Skill_Stack
Cloud & Reliability
- Multi-Cloud Architecture
- Cost Optimization
- HA/DR/BC
- Linode, Vultr, AWS
- Cloudflare
Security & Protocols
- Zero-Trust Architecture
- Cryptographic Protocol Design
- Formal Verification (ProVerif)
- Remote Attestation (IETF RATS/SEAT WG)
- OAuth 2.0/DPoP, HPKE
Engineering & DevOps
- CI/CD Automation
- DevSecOps
- Infrastructure as Code
- BDD (Gherkin/Cucumber)
- Linux, Bash
- Docker, Docker Compose
- Git
Data Systems
- Apache Kafka
- MySQL Clustering
- Object Storage (Wasabi S3)
- REST APIs
Observability
- Netdata Cloud
- Cloudflare Analytics
- AWS SNS
Languages
- Python
- Java
- JavaScript
- SQL