Twitter

Site Reliability Engineer

San Francisco, California

February 2021 - Present

Cisco (AppDynamics)

DevSecOps Engineer

San Francisco, California

January 2020 - February 2021

• Worked with the techops and security teams on scanning, patching, and securing cloud infrastructure on AWS. We currently use Terraform, Ansible, Chef, and Jenkins through an Infrastructure as Code (IaC) approach to manage over 1,500 servers that span four global regions

• Took full ownership of developing an in-house vulnerability management system with Node JS (Express), React JS, and SQL to keep track of infrastructure vulnerabilities and 30 day SLA patch requirements. This was a full stack project (backend, frontend, containerization, infrastructure provisioning, and deployment) that I delivered in under two months

• Used Terraform, Ansible, and Jenkins to spin up a scalable, reliable, and multi-region Splunk deployment on AWS. This project involved creating a cluster of indexers, heavy forwarders, VPC peers, and a cluster master. The entire system is configured using Chef

• Worked extensively on reducing Splunk ingestion costs by automating AWS ELB access log ingestion from S3 into Splunk on demand. This was done using Python, Jenkins, and the universal Splunk Forwarder.

• I’m an active member of the Cisco CATO (Cloud Authority To Operate) team which enforces SOC2 compliance requirements across the server farm.

Cisco (Security)

Security Engineer

San Jose, California

December 2018 - January 2020

I worked with the security business group (SBG) as a software security engineer. I have been fortunate enough to contribute to three major security products including the Adaptive Security Appliance (ASA) firewall, the Fire Threat Defense (FTD) firewall, and the next generation Cloud Native Thread Defense (CNTD) firewall. In addition, I got to work with the Snort team for a while on a QoS feature as part of the IPS/IDS system.

Cloud Native Thread Defense (CNTD) - Lina X

My most recent work included developing features for the next generation cloud native threat defense (CNTD) firewall known as “Lina-X”. This high performance firewall was aimed at both hardware compute appliances and cloud environments. The control plane was written in GoLang, and the data plane made use of the vector packet processing (VPP) project written in C. I worked with a small team of 12 senior security engineers and architects and took full ownership of the following features:

• Built automated test infrastructure for the firewall that supports test cases written in any programming language from scratch. I wrote this framework using Golang, Ansible, the Python PyRobot framework, and used Jenkins to automate the test execution

• Added a log controller feature using Golang to control the logging levels of all the firewall components

• Implemented high performance GRPC APIs using the protobuff messaging protocol for Golang. Also worked on securing these APIs by setting up secure TLS channels using our internal PKI for certificate management

Fire Thread Defense (FTD) and Snort

• Worked with the fire threat defense (FTD) firewall team on implementing SSL/TLS session resumption in C++ for the Snort3 IDS

Adaptive Security Appliance (ASA)

• Implemented firewall clustering and high availability for the ASA firewall in C

• Implemented GPRS tunneling protocol (GTP) V1 and V2 for the ASA firewall

• Added telemetry support for GTP location-logging, anti-replay, and anti-spoofing features

Side Project

• Wrote a web app used to automate how the GTP protocol is upgraded and maintained on the Cisco ASA. The app was built using NodeJS for the back end and ReactJS for the front end. The tool eliminates the chances of introducing security bugs into the source code and speeds up the entire protocol upgrade process by generating the source code for the developer.

Data Center

• Did some hands on physical networking in the Cisco datacenter to bring up our VmWare ESX cluster. Gained experience setting up virtual machines on the cluster and networking virtual machines together to create a testbed

Agile

• Acted as the team scrum master and was responsible for sprint planning, project planning, checkins, and retrospectives

Training Certifications

• CI/CD and DevOps

• NodeJS and Microservices Design

• Kubernetes Foundations

• Cisco Secure Development Life Cycle (CSDLC)

• Cisco Security White Belt

• Cisco Security White Belt Advanced

• Cisco Security Green Belt

Akamai Technologies

Software Engineer (Internship)

Cambridge, Massachusetts

May 2018 - September 2018

• Worked with the network systems team on integrating the IP address management (IPAM) system with the router configuration manager (RCM) system

• Developed RESTful APIs in Python using the Flask framework that push and pull router JSON configuration files to and from Git repositories. Also wrote scripts that parse router configuration files and model configuration changes in a mysql database. After that, I created tests for the API resource in Python and used the mocking library to simulate back-end database interactions

• Lastly, I developed Perl scripts that parse internet route registry (IRR) dumps and import internet routes into the IPAM database after verifying the validity of the routes

North Carolina State University

Security Researcher

Raleigh, North Carolina

September 2017 - December 2018

What started as a grad school course project turned into three semesters worth of security research. Worked with Dr. Muhammad Shahzad on a paper called “Distributed Authentication Methods for ARP Cache Poisoning Mitigation”. The paper can be found here

Converged Network Solutions

Network Engineer (Internship)

Beirut, Lebanon

May 2017 - August 2017

Worked with the networking team on configuring Cisco routers and switches. Also created lab topologies and tested switch security features. Wrote a RESTful API in Java using the Spring framework that automated the generation of configuration files for Cisco devices