Sep 2022 – Jun 2025 · 2 yrs 9 mos · Portland, Oregon, United States · Remote

• For the past 3 years I have worked on HashiCorp's internal IAM system, Passport. Passport continuously manages employee, contractor, and external access to a wide swath of SaaS, cloud, and on-premises systems.
• Passport supports making access determinations dynamically based on the evaluation of user-defined policies. These policies can reference user properties sourced from the many systems that Passport interfaces with - including job function, on-call status, current location, and many more.
• Sensitive access that Passport manages is time-bound and unauthorized access revocations can be made on the order of milliseconds (but are dependent on webhook receipt and synchronization intervals).
• I have personally written and designed much of the core of the system, designed many of the APIs, written and maintained many of the external system interfaces and providers that Passport supports, and specced and operated the infrastructure the system runs on.

Jan 2021 – Sep 2022 · 1 yr 8 mos · Portland, Oregon, United States · Remote

• Designed, developed, and deployed HashiCorp's internal signing service, an AWS Lambda-based Go application that securely abstracts signing operations so that services, releases pipelines, and users do not need access to key material and so that every signing operation has an audit trail.
• Built a secure, cross-platform updater for the client-side internal Go application that employees use to assume access to cloud environments, contributing to the server-side AWS Lambda-based Python application along the way.
• Currently working on the HashiCorp Security team's internal identity and access management service, another AWS Lambda-based Go application. This service allows end users to request access to cloud systems as well as applications behind corporate SSO. These access requests are directed to the relevant service owner for approval or auto-approved and provisioned if the user has the required conditions met (ABAC authorization).

Sep 2020 – Nov 2020 · 2 mos · Portland, Oregon, United States · Remote

• Worked as a full-time staff member in the the Biden for President campaign tech team, evaluating and hardening AWS environments used by the campaign's tech team. Built a drop-in log collection solution that collected host, application, and cloud service logs for easy access and analysis.
• Built a secure cross-account replication scheme for AWS Redshift that allowed for complete independent backups and standby deployments of the campaign's primary Redshift datastore.

Jun 2019 – Aug 2020 · 1 yr 2 mos

• Contributed to Taskcluster - the system that powers continuous integration for Firefox builds, tests, and releases.
• Built a Python-based Packer wrapper tool that made it easy to manage scripts and configuration for baking AMIs to be used as Taskcluster workers. Helped the team migrate from Azure Storage Tables to Postgres, writing some node.js server code form Taskcluster along the way.

Aug 2018 – Jun 2019 · 10 mos

• Designed and deployed reliable, scalable, infrastructure as code solutions for highly available deployments of Elasticsearch, RabbitMQ, and Mozilla’s homegrown distributed systems.
• Specced and built cloud infrastructure for Autograph, Mozilla’s air-gapped signing server, including deployment of the HSM that secures the storage and usage of some of Mozilla’s most valuable crypto keys.
• Migrated cloud services wholesale from VMs in AWS to Kubernetes in GCP with zero downtime.

Jul 2016 – Aug 2018 · 2 yrs 1 mo

• Primary operations engineer for Socorro, Firefox's crash ingestion pipeline, Shield, Mozilla's preference-flipping and user study system, Symbols, Mozilla's build symbols server, and Testpilot, Firefox's opt-in experiment platform.
• Rebuilt infrastructure for Socorro in AWS and migrated from the existing infrastructure deployment with zero downtime. Migrated Mozilla's localization hub, l10n.mozilla.org, out of a datacenter deployment and into AWS with zero downtime.
• Worked with engineers from project inception to production deployment on several projects as a subject matter expert in devops and cloud deployments.

May 2015 – Jul 2016 · 1 yr 2 mos

• Developed Reaper, an open source tool written in Go that helps clean up unused AWS resources. Functionality includes event reporting with multiple outputs (from StatsD to SMTP), filtering of resources, and an HTTP API.
• Ported Switchboard to node.js and deployed it in production to be used for Firefox for Android A/B testing. The API uses information such as the client's device type, language, and location to select which tests it should be enrolled in.
• Created an API endpoint written in Go to help WebRTC developers debug problems with calls. Using Firefox's about:webrtc page, users can record sample audio and upload it to my S3 backed API, where authenticated developers can access the samples and check for call issues.

Jun 2014 – Aug 2014 · 2 mos · Livermore, CA

• Maintained and wrote code for several APIs to Minimega, a Sandia lab directed research and development project.
• Developed challenges for use in an internal Sandia Capture the Flag computer security competition. The challenges were targeted broadly, for teams ranging from high schoolers to graduate students and included reverse engineering, PHP and web exploitation, and Python codebreaking.

Sep 2013 – Dec 2013 · 3 mos · Portland, OR

• Tutored part-time at the Symbolic and Quantitative Reasoning Center: helped students with Calculus I and II and coursework for various Computer Science courses in C and Java.

Sep 2013 – Dec 2013 · 3 mos · Portland, OR

• Worked for Professor Jeff Ely as a teaching assistant for his Computer Science I class, taught in C. Sat in on classes, held office hours, and graded lab completion.

Jul 2013 – Aug 2013 · 1 mo

• Developed high school level computer security curriculum for the South Carolina public school system. Created and tested an engaging scenario for students to learn Linux and networking basics. Wrote accompanying documentation, course materials, and Python and Bash configuration scripts for Raspbian on the Raspberry Pi. Worked with a team implementing infrastructure and software for dynamic analysis of Android malware at scale.

May 2013 – Jun 2013 · 1 mo

• Completed five weeks of research with Lewis & Clark Professor Jens Mache in his
• Cybersecurity group. Wrote cleanup and initialization scripts for EDURange, a platform for automating deployment of computer security exercises on AWS. Successfully deployed EDURange at SISMAT 2013. Published a research paper discussing educational computer security exercises, primarily focused on firewall education in the undergraduate classroom.

Jun 2011 – Aug 2012 · 1 yr 2 mos

• Used DeployStudio and custom scripts to deploy iPads, Macbook Airs, Macbook Pros, and iMacs for the 400+ member Marin Academy community. Specifically configured individual machines per specification for teachers, including calibrating the digital photography lab.