Resume 2021

From UVOO Tech Wiki
Revision as of 00:10, 22 February 2021 by Busk (talk | contribs) (Created page with "My Wiki: https://tech.uvoo.io/ (Dumping ground for things I’m working on.) Open Sourced Project: https://gitlab.com/pyrofex/numifex look under cicd for my work Git: https://...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

My Wiki: https://tech.uvoo.io/ (Dumping ground for things I’m working on.) Open Sourced Project: https://gitlab.com/pyrofex/numifex look under cicd for my work Git: https://github.com/jeremybusk - Please request example work if wanted even on private repos.

Focus: I like to model and build cost effective, stable, secure, performant, manageable and scalable information systems that promote and do beneficial stuff in the world. I prefer to use open source or open projects whenever possible. I donate money to opensource projects. I like the freedom, scale and protection it provides. I’ve spent a lot of time doing this. However, I always try to use proven methods in that space if they will get the job done instead of inventing my own less effective way. I like to always think BIG even when I start something small. I am able to learn any new technologies easily. I like to evolve, build and innovate to make things better than they currently are. I have a deep security background so when I build I tend to build with security in mind.

As you will see, I’m trying to cover a lot of ground here but I like creating creative information solutions around Linux & other open source tools. I don’t have an aversion to commercial software when needed but like the flexibility of open source. After working with a lot of languages I’m trying to push most of my code into PostgreSQL and use supporting apps & langs to support it where needed. I spent a lot of the last two years doing continuous integration & continuous deployment in a heavy Debian/Ubuntu environment. I designed, implemented & managed the infrastructure in our collocation, touching all layers of the OSI Model. I also did some full stack development utilizing http(s) reverse proxy (NGINX & some LUA) in order to do customized control on some JSON-RPC services. I usually research, architect and then implement solutions. I love brainstorming and having everyone’s ideas challenged in order to get the better solution. I like getting stuff done and have a long track record of doing just that without a project manager pushing me. I like to see the fruits of my labour and not a fan of vaporware.

I am able to learn most anything pretty quickly. I do not believe in technology lockin’ just because that is all I understand at the time and usually do comparatives when starting new projects to get the best of breed. My breadth and depth in data systems allow for this.

I believe every problem has a solution you just need to keep applying the hammer of effort with intelligence until accomplished.

Summary of Qualifications Almost 20 years working deeply with ip based protocol applications and networked devices in large environments with complex information structures. Deep understanding of how interconnected devices work and their communication protocols. I’ve worked Deep understanding and experience with all 7 layers in the OSI Model. Performed extensive ip troubleshooting using packet capture and analysis and systems tools over the years to correct application access and performance issues. Built on-demand tools, most full stack, around IP based systems for different purposes when needed. Excellent relational data modeling skills. Excellent conceptual and implementation skills. Propensity for getting things done well and quickly. I’m a man of action! Self motivated and work well under pressure. I endure and actually enjoy my work being critiqued. I love to see the project succeed. Excellent at using programmatic scripting to perform tasks and try to apply the DRY (don’t repeat yourself) principle as much as possible by preferring agile automation over error prone human repetition. Used numerous cli based operating systems and applications to do things. I prefer the command line. Yes, I use VIM. Yes, I use spaces. Almost 20 years spending most of my time researching in a web browser and doing work in a terminal. Ethics and good values are important to me. It is important for the products I create to have positive value to those who use and are used by them. A lot of tech has gotten really sketchy of late. I prefer to not be part of that. ISC2 ethics is a good starting point. https://www.isc2.org/Ethics.

Skills Application Delivery Controller: NGINX, OpenResty(NGINX with LUA), HAProxy, F5 BIG-IP Centralized Authentication: OpenLDAP, Active Directory, Custom datastores using postgres/mysql/mssql/redis, FreeRADIUS CI/CD: Gitlab, Travis-CI, Concourse CI CMS: Wordpress, Joomla Database: PostgreSQL, MySQL, SQLite, Redis (I can and have worked with many others, like Mongo, memcached, though I prefer PostgreSQL, MySQL and SQLite for simple or embedded projects) DHCP: ISC DHCP, Dnsmasq DNS: PowerDNS Authoritative/Recursor, ISC BIND. File Systems: ZFS, LVM, EXT Firewall(Application or Stateful): nftables, netfilter/iptables, pfSense ( I have worked with others including Checkpoint, Palo Alto, Sidewinder) HTTP Server: NGINX, Apache, Python, Tomcat, Jetty IDS/IPS: Suricata, Snort IPAM: NOC Project, Netbox (I have worked with plenty of others as well) Log Collection: Splunk, rsyslog, Elastic Stack(working on moving everything to this but have not yet) Message Broker: RabbitMQ MTA/Email: Zimbra, postfix (I even worked with qmail quite a bit in the far past) Monitoring/Management: Zabbix, nfdump, ManageEngine(past), Nagios(past), Sensu-go(a bit) Network Configuration Management: RANCID, NOC Project, SaltStack, Ansible, Custom (Python, BASH, NetBox) NOS: Cisco, Brocade ( I have worked with others, like Juniper but usually am using ip/brctl cmds in Linux) OS: Linux (Redhat/CentOS, Ubuntu/Debian), Windows (I’m a heavy Linux user) OSI Model: Deep understanding of OSI Model and the many different ip based communication protocols and applications. ORM: SQLAlchemy Packet Analyzer: Wireshark, tshark, tcpdump, ngrep, iptraf-ng Programming Language: Python, Golang Project Management/Ticketing: JIRA, Request Tracker, Odoo Protocols: SNMP, Sflow, Netflow, SIP, HTTP, HTTPS, TFTP, SSL/TLS, IPSEC, IPv4, IPv6, TCP, UDP, SMTP, SMTPS, DNS, BIND, DHCP/BOOTP, NFS, CIFS, FTP, FTPS, SSH, SFTP, Telnet, iSCSI, SAS, AAA, RADIUS, TACACS+, IPMI, Syslog, RSYNC, HSRP, VRRP, OSPF, BGP, BFD, IGMP, PIM Restful API: PostgREST, JSON, XML SOAP Scripting: BASH, Python, TCL Expect(some automation), LUA for embeddable. Powershell Text Editor: VIM, nano, and Visual Studio Code when wanted. Version Control: git, Github, Gitlab Virtualization/Containerization: LXD, Proxmox VE, KVM/libvirt, LXD, Docker, VMWare ESXi/vSphere, UCS(prefer whitebox hardware running CentOS/Debian/Ubuntu Linux), Kubernetes Vulnerability Assessment: OpenVAS, Nessus, nmap, Kali Linux, My own custom scripts/code Web Backend Framework: Python Flask, Python Pyramid Web FE/GUI/Visualization: PHP, HTML5, JavaScript, TypeScript, JQuery, DataTables, Bootstrap, MDBootstrap, C3.js, HighCharts JS, webpack, Chrome DevTools, NodeJS, npm, Postgrest Wiki & Documentation: Atlassian Confluence, MediaWiki (using Visual Editor via - Parsoid Node.js)

Additional Stuff: https://wiki.zoobey.com/pages/viewpage.action?pageId=3309579 Link to random list of my favorite tools (this site is new and a work in process as I blasted my last sight a while ago and am rebuilding it slowly with fresh content. Right now it is a random dumping ground for stuff I’m working on)

Career History

Sept 2019 - Present Willis Towers Watson - Utah https://www.willistowerswatson.com/ 10975 Sterling View Dr, South Jordan, UT 84095 Site Reliability Engineer

Manage infrastructure and systems with a team of SREs Performed admin function on F5 BIG IP ADCs. Implemented multi DC Zabbix monitoring system that was integrated into github and nexmo for alerts. Used existing and creating new templates in order to do both performance and security tracking & notification. Technologies include but not limited to F5 BIG-IP vSphere/UCS Saltstack Ubuntu/RHEL/Windows Active Directory Powershell, Bash, Python scripts Concourse CI Sensu Go + PagerDuty, SolarWinds Network Performance Monitor Postgres, MSSQL, IIS JIRA/Confluence Github Monitoring: Zabbix with Nexmo/Git integration. Sumologic, Sensu. Lots of custom script checks and logic Powershell NGINX, LXD, BIND, dnsmasq, Gitlab CI/CD (lab env) Bash Python, Golang as preferred languages for automation

Wrote creation, management and deployment code (via saltstack state) for haproxy frontending blob store. This was because of astronomical costs of using F5 Big IP. Saved in the hundreds of thousands. Created saltstack state for creation/management of sftp application that integrated into Active Directory and managed permissions for different hosts. Wrote a lot of code to automate and get stuff done.

Nov 2017 - August 2019 Still manage a full rack for them as needed Pyrofex Corporation - Utah - https://pyrofex.io/ Site Reliability Engineer

Played role of systems/network engineer and a little software full stack development to support hosted applications. Built and managed rack infrastructure from ground up. We had a couple racks with some fun hardware to build fairly large build/test systems. Agile software environment with about 5 devs using Gitlab Issues. Heavy use of Gitlab & Gitlab CI/CD. Worked a lot with git over the last year and a half. Became proficient with CI/CD and complex array of runner setups. Used KVM+QEMU VM with virsh, Virtualbox, Docker/LXD Containers. I used VIrtualbox as well as virsh. I even did some terraform using https://github.com/dmacvicar/terraform-provider-libvirt. Included cloud-init as well. Didn’t get around to using Kubernetes much beyond a day of playing with MicroK8s as they wanted a project to deploy it as a VM image(wasn’t my call). Got back and did some classic Cisco IOS switch configuration. Did CI/CD automation with nftables (netfilter iptables replacement). Used Prometheus & Grafana for metrics as well as traditional Zabbix. Built automated web repo where packages would deploy to and customers could download packages. Built a simple customer portal using Python Flask ecosystem & PostgreSQL. Connected with LXD for hosted containers with automated proxy port mapping and ssh key updates for access. Portal authentication Included Two-Factor Authentication (2FA) using one time password. I prefer to use PostgreSQL with Postgrest or Postgraphile but devs were more used to traditional setup. We used portal and NGINX to control http methods/requests to JSON-RPC interfaces on bitcoin and ethereum nodes.

Nov 2017 - September 2018 ConsultNet - Utah - https://consultnet.com/ Site Reliability Engineer

https://github.com/rchain/rchain. Github & Travis-CI/Gitlab for Scala project. Agile development using JIRA. Did DevOps by myself, eventually getting two more, for a team of about 20-30 internal devs on an international open source blockchain project. It was incredibly fun to work with people from all over the world. U.S., Germany, Poland, Czechoslovakia. We even had a guy from Belarus. Was lucky to get back to Europe at our Berlin conference. Lot’s of learning here as I really had not worked with git much beyond simple master commits that I was used to doing before at my previous job. CI/CD in the connected fashion was new to. especially in a complex environment like this where most work is done through remote communications. Throwing Scala/FP just made it more complex. The project used Github & Travis-CI with some CI done in parallel using CI via gitlab.com. Created and managed runners using Docker CE, and Virtualbox. Worked with Prometheus & Zabbix for metric collection & monitoring. Lots of little scripts. Did releases, signing and all that other fun stuff. The DevOps scripts were primarily in BASH and Python. Used Docker, LXD, KVM. I worked quite a bit with pylxd & docker-py libraries as well as just interfacing with apis from the shell. Used saltstack for mass management. Worked with containers in AWS, Digital Ocean but the core was in a datacenter rack running Proxmox VE Cluster that then ran Virtualbox, Docker CE, LXD, KVM.

2015 - 2017 Veracity Networks - Utah - https://www.veracitynetworks.com/ Software Engineer/Full Stack Developer

Built external trouble ticketing portal with external user controls(for security and stability issues) that hooked into the existing ticketing database using PHP, Python, HTML5, JQuery DataTables https://editor.datatables.net/, MDBootstrap https://mdbootstrap.com/, and postgresql. As part of this, rewrote notifications for all ticketing using notify functions within PostgreSQL and Python to actually listen and dispatch notifications as needed. Built DNS driven web-filtering solution for large college housing projects using PowerDNS Recursors, LUA and Redis for fast blocking of millions of domains. Basically like Cisco OpenDNS Security Designed from the ground up and created management portal using PostgreSQL, PostgREST, OpenResty(NGINX+LUA+Redis), Python, Bootstrap3, JQuery, HTML5, Ractivejs(similar to Vue.js. Utilized Redis with OpenResty for a fast session store and network front door control for application access, thus enhancing security. Used Highcharts https://www.highcharts.com/ (preferred) as well as C3.js (D3.js based) to do data visualization. Built smaller micro apps using Python, Python Flask or Python Pyramid that would restfully do different things such as provision email, check and auto reply for email, or export reports in Excel after manipulation using Python Pandas, Helped maintain code in our existing custom CRM that heavily uses Python Pyramid and SQLAlchemy with Postgres backend. Worked with containerization technologies, like Docker and LXD, for development environments. Limited work with AWS, Azure, GCE, Digital Ocean. I’ve usually always built my own infrastructure in the past as cloud costs ran really high and we wanted customized control. However, cloud offerings do have many benefits and I am happy to work with them if the project calls for it. The tech & structure is still the same whether on premises or hosted on a providers IaaS platform. My issue with cloud is it is still too expensive for larger applications.

2005 - 2015 Veracity Networks - Utah - https://www.veracitynetworks.com/ Network/Systems Architect/Engineer - Architecture and Automation Installed and maintained 150+ active production physical and virtual hosts with many more in development environments. Primary distribution was CentOS with some Redhat, Ubuntu, Debian and FreeBSD. Worked with numerous databases/datastores, especially PostgreSQL, MySQL and Redis, memcached. I also worked a little with timesten, informix and oracle when needed. Managed email systems with 10,000+ users Worked a lot with Broadsoft Broadworks ecosystem providing VOIP services. Involved in lots of data migration projects as the company evolved over the years and mergers and acquisitions were made Worked with netfilter/iptables, pfSense and Palo Alto to secure host applications. Worked heavily with virtualization products like KVM, VMware and Proxmox VE. Worked with containerization like docker and LXD for development environments. Worked with IDS and HIDS and wrote action scripts to mitigate issues Installed, managed and customized NOC Project https://kb.nocproject.org/ for IPAM and DNS management. Designed, deployed and managed a distributed network monitoring solution using Zabbix https://www.zabbix.com/. Monitored over 15,000 nodes(almost a million active items) including Linux systems and network routers and switches. Built custom monitoring scripts to monitor network attached devices like routers, switches or analog-to-digital-to-ip video converters. Did low-level discovery for routers for easy device additions. Performed extensive packet capture and analysis in order to troubleshoot applications Created and managed applications to provision L2/L3 switches, ATAs, STBs, using LAMP, Python or BASH depending on needs. Lots of Linux shell time, troubleshooting, maintenance, logs SELinux access control on many systems Helped in designing and implementing very large and complex networks primarily at the access and distribution layer Designed customer inline web-filtering architecture using iptables, Squid, and Dansguardian for large FTTH communities. Created a spam mitigation system using snort, iptables, and python. Worked on automation with Cisco IOS, Brocade FOS, Adtran AOS, Alcatel SROS Primary participant in Provo municipal fiber-to-the-home systems and network acquisition and redesign implementing layer 3 and dynamic routing protocol Primary network architect on Traverse Mountain fiber-to-the-home redesign implementing dynamic routing protocols OSPF and RIP for a cost effective solution. Stabilized the network and made it easy to scale. Principal architect in redesign of fiber-to-the-home network in Traverse Mountain to stabilize network issues using dynamic routing protocols OSPF and even a little RIP. This created a cost effective and easily scalable network. Regularly performed project management responsibilities Worked simultaneous projects through to completion Worked with diverse team with varying skill sets Worked on many accelerated projects for critical business initiatives Deep understanding of how interconnected devices work

2003 - 2005 Defense Information Systems Agency - Hill Air Force Base, UT Information Systems Security Manager Information Systems Security Manager (MS Windows Top Secret and Unix(HP-UX) SCIF) Hardened systems using DoD applications and my own custom scripts. Systems security manager over Microsoft Windows Systems and Admins. Responsible for monitoring and enforcing security adherence on all Microsoft Windows platforms as well as aiding administrators with help when they needed it. Accepted additional responsibility for maintaining and monitoring security on HP-UX systems in Sensitive Compartmented Information Facilities (SCIF). This required more training and stricter procedures than Top Secret facilities Utilized custom DoD tools to enforce security policies. Installed Internet Security Systems Intrusion Detection System including deployment of server database and sensors. Instructed CSO how to create policy and operate it. Managed server and policy. Assisted administrators as needed in performing security compliance and technical questions on their systems. Managed monitored security compliance using products like Symantec Enterprise Security Manager and other policy enforcers. Installed and managed Windows Server Update Services (WSUS). Created patching policy for administrators. Participated with multiple departments and individuals to help them with their security needs. Wrote a lot of custom Windows and *nix scripts to perform various security and data collection purposes.

2000 - 2003 Defense Information Systems Agency - Hill Air Force Base, Utah Network Security Engineer Participated in classified processing at five nines high-availability hosting datacenter with really diverse systems and applications. Participated in numerous conference calls and tiger teams from hosted customers around the world to aid them in finding solutions to application and network issues. My background in systems and programming helped me to actually tell them how to fix their own gear/application after viewing application communication in packet capture. Served six month long rotations in some major divisions of our organization that included IBM Mainframe, Unix (Solaris, HP-UX, AIX), Microsoft Windows, Security, Unisys Group as well as one month in DC Maryland Area for headquarters doing firewall performance evaluation for new network firewalls. This provided me with expansive breadth and exposed me to many different types of information architectures. Primary Protocol Analyzer for all hosted applications in our datacenter Did a lot of troubleshooting with application performance issues at the packet level using the following:Network Associates Distributed Sniffer, Sniffer Pro, Dolch Mobile Sniffer, Ethereal, TCPDUMP Worked with developers and vendors, network engineers, other firewall admins on fixes and application network performance Installed and managed redundant Cisco PIX 535 firewall stateful sets for high availability application Installed and managed multiple application layer firewall sets by Secure Computing Sidewinder including design and network architecture as well as naming conventions used by other administrators Installed and managed Intel SSL Accelerator Appliance HA sets. Performed configuration and troubleshooting on core network routers and layer 3 switches - Juniper M20 , Cisco 7200, 6500 Layer 3 (Set-Based switch), 5500, 2900, Foundry Fast Iron 4802 Designed and deployed internal FIPS compliant Cisco AIRONET 802.11b using IOS-based wireless solution using ACS integrated into Windows Active Directory Headed friendly external network scan of Hill Air Force Base network and created network security assessment report with recommendations to better secure it Researched web filtering software and designed and implemented passive web-filtering solution using SurfControl Web Filter(chose because of passive insert into network as it used tcp session hijack to block session ) and continued management and maintenance on web-filtering software Representative from network engineering team for firewall security portion of annual network security audit Responsible for security compliance on all network engineering group systems operating systems and applications Key participant in core network architecture changes and implementation Participated in entire rewire of building to upgrade from 10MB to 100MB cat 5e Performed various intrusion detection and also performed countermeasures to mitigate impact to network or systems. Received a lot of formal training(like Cisco, SANS, IDS, Firewall, etc) for different technologies I worked on.

1999 - 2000 Saddleman, Inc. - Logan, UT Network Administrator/Unix Administrator Administered a Novell 4x network in on-call rotation. Administered Unix System V, revision 4 (SVR4) server including process and user management. Wrote multiple scripts to automate manual batch processes using ksh Performed Desktop support.

1999 Dual Internship - United States Congress Y2K Committee and House Majority Whip Office Redesigned Y2K Committee website. Helped with Majority Whip website and built some small web apps for internal use.

1998 - 1999 USU Student Lab Services - Logan, Utah Computer Lab Consultant Performed application and desktop support to student users. Organized and gave training to fellow employees on various software applications. Researched and designed prototype of diskless email client station using customized/stripped down Linux kernel to create boot from floppy Linux (used Etherboot). This provided inexpensive email kiosk style access for email/web only use to offload demand on lab pc resources. This was eventually replicated throughout campus.

Education 2001 - 2002 (Partial Masters) Utah State University Logan, UT Accepted into Master of Management Information Systems (MMIS) and completed part of the program with 3.5 GPA but put masters on hold indefinitely to put more time into work and other projects. Yeah, I know I should have just finished it. My work was paying for it too. Decided to be married instead.

1994-95, 98 - 2000 Utah State University Logan, UT Bachelor of Science, Business Information Systems. Graduated Cum Laude (3.5)

Volunteer 1996-98 Missionary for The Church of Jesus Christ of Latter-Day Saints

Previous Security Clearances Previously had Top Secret with SCI Access – Conducted in year 2000. Expired 2007

Retrieved from "https://tech.uvoo.io/index.php?title=Resume_2021&oldid=1262"