JOHN OBIA
Dallas,Tx
Summary
DevOps enthusiast with over 10 years of practical experience, specializing in the use of advanced DevOps tools and methodologies to streamline CI/CD pipeline development, automation, and release processes. Skilled in orchestrating secure infrastructure provisioning, deploying robust applications, integrating automated testing, and addressing vulnerabilities in a fast-paced, agile environment. Accomplished engineer proffering extensive cloud monitoring, deployment and troubleshooting skills. Organized and focused person with extraordinary leadership acumen.
Overview
11
11
years of professional experience
1
1
Certification
Work History
Cloud Security Engineer
DTCC
08.2018 - Current
- Work with project teams to translate security requirements into architectural, design and implementation guidelines to achieve compliance with best security practice and organization policies
- A strong focus on Infrastructure as Code using Terraform or OpenTofu, paired with automation through tools like Atlantis, Terraform Cloud, or equivalent solutions.
- Proven experience in scaling CI/CD platforms like GitHub Actions and ArgoCD, prioritizing developer experience and efficiency.
- Set up monitoring of cloud infrastructure logs and configure metrics and alerts on CloudWatch logs while ensuring integration with Splunk to meet dashboarding and reporting requirements
- Proficiency with Kubernetes, Kubernetes Operators and modern API Gateways, such as NGINX.
- Collaborate with project leads and other software engineers across multiple teams.
- Configure and automate the application of default tags across cloud resources in compliance with enterprise security standards
- Assist in the deployment of ELK stack (Elasticsearch, Logstash, Kibana) on Kubernetes as part of the project to modernize existing logging solutions and improve search, analytics and log processing capabilities
- Work with cross-functional teams spanning Engineers, Product managers and business analysts to improve the interaction model and practices for Security Architecture engagements
- Define and implement security baseline configurations for AWS/Azure and other cloud native applications
- Lead effort to scope and implement security requirements for integrating with or implementing SAAS solutions
- Set up proof of concept/Technology implementations for new security tools or integrations with existing enterprise software with components spanning identity and access management, Encryption, Network security, secrets management and data handling requirements
- I played a key role in designing, implementing, and scaling our cloud infrastructure, as well as developing platform tools focused on enhancing engineering workflows.
- Interface with internal customers, project teams, Management and vendors advising and providing alternate solutions that meet Security, Risk, compliance (NIST, CIS, PCI DSS...) and cost requirements of the financial industry, region and/or Enterprise
- Implement REST API security for web applications hosted on the cloud using OAuth 2.0 and API Gateway
- Draft and/or review logical architectural and Design models for applications migrating to the Cloud
- Ensure security is embedded in deployment process by ensuring timely engagement with Infrastructure and dev teams
- Assess cloud service for adherence to NIST, CIS and company control standards for requirements that include Encryption, Data Protection, Network/Endpoint security, IAM controls, logging and monitoring
- Create security rules for each cloud service, rank by risk rating and employ DevSecOps principles to determine delivery phase to inject these rules- to ensure that compliance is baked in both at the time of deployment, and runtime to our cloud environments
- Review and contribute to security baselines for new and existing Cloud Services as part of new technology on-boarding and mapping Standards to configuration
- Define, document and maintain processes relating to security Governance and best practice
- Build and execute event-driven security automation using tools such as AWS Inspector, SSM, Lambda, AWS CloudWatch events and SNS
- Designing and defining security configuration requirements for externally facing VPC used to host Ethereum Nodes as part of internal blockchain solution
- Spearheaded employee training programs on cybersecurity best practices, fostering a culture of vigilance among staff members handling sensitive data on the cloud.
Cloud Engineer
Verizon Wireless
07.2017 - 08.2018
- Extensive experience with deploying mission critical IAAS
- PAAS and SAAS solutions in the Cloud (Storage, Application Services, Deployment and Management/Monitoring) including managing the configuration of multiple servers, and serverless applications deployed on the cloud
- Design end-to-end automation pipeline, implement end-to-end encryption of third-party resources, and integrate/schedule required security scans
- Automated instance configuration tasks using Ansible playbooks
- Lead DevOps team creating new and modifying existing CI/CD pipelines towards deployment of first web application in the public Cloud
- Create and maintain repositories including CloudFormation scripts, ansible files and objects (Artifactory) ensuring a standard “DevSecOps” framework is followed by dev teams as part of the app migration process
- Build an end-to-end on-prem to Cloud (AWS) centralized security logging solution to be used by multiple applications migrating to the cloud
- Configured Docker registries for web applications to store and deploy container images and also integrate
- Design, deploy and monitor infrastructure and application components in public clouds (AWS, Azure, GCP)
- Work with a team to build a solution to ingest, analyze and visualize syslog log messages and metadata in near-Realtime using Kinesis agent, Kinesis Analytics/Firehose, Elasticsearch and Kibana on AWS
- Set up VPCs/Accounts per business applications while ensuring adequate Network segmentation, adequate logical separation, and secure internet access for servers in the private subnets using NAT gateways, proxies or VPC endpoints
- Develop and maintain scalable, fault tolerant container orchestration platform using Kubernetes to orchestrate docker containers running java Spring Boot applications on Amazon Web Services
- Design and implement a serverless framework to support a learning management system hosted on AWS using DynamoDB, AWS Lambda, API Gateway, SQS, s3 bucket and CloudFront
- Install and Setup Web, Application and Database Servers in a secure tiered manner (Apache and DB server MySQL)
- Automate the build, deployment, and testing of code though CI/CD pipelines using Jenkins, Ansible, Nexus and Git
- Used Jenkins to deploy cloud formation infrastructure
- Set up ansible controller for remote servers
- Creation of stack and deployment using Cloud formation and terraform
- Involved in work to design, implement and integrate centralized secrets management solution involving Hashicorp Vault to dynamically provision manage programmatic access to humans and machines
- Develop plans to reduce on-prem infrastructure footprint, while implementing cloud strategies and helping move workloads into the target cloud environment
- Develop solutions and standards for AWS database back-up, restoration, replication, high availability, disaster recovery, encryption, security, and auditing
- Contribute to and support the adoption of the DevOps methodology and Agile project management with applied skills in scripting using Bash, Python and using DevOps tools like Git, Maven/Nexus and Jenkins
- Practical knowledge of networking and internet protocols, including TCP/IP, DNS, HTTP, distributed networks, etc
- Enhanced cloud infrastructure efficiency by implementing advanced automation techniques and tools.
- Contributed to product improvement initiatives by providing valuable insights based on hands-on experience with various cloud engineering tools and frameworks.
Data Engineer (Cloud)
MMI Inc.
08.2016 - 12.2016
- Set-up POCs to compare Cloud Offerings (Azure vs AWS) and advise accordingly
- Design data back-up and Disaster Recovery plan for data to be migrated to AWS, including strategy for storing sensitive data
- Implement Encryption at rest and in-transit configuration for EMR Cluster node communication to comply with industry and security requirement best practice
- Setting up alerting and monitoring of data infrastructure using CloudWatch, Lambda and Splunk
- Source data security solutions prioritizing PCI compliance, secure connection for online checkout, Address Verification System, access logging, regularity of patches, and effective DDOS protection
- Integrated ELK Stack to existing application framework to meet real time log collection, aggregation, analysis, querying and reporting
- Configured Snowflake SAAS integration including infrastructure to connect and transfer data to External Snowflake account/Network
- Collaborated on ETL (Extract, Transform, Load) tasks, maintaining data integrity and verifying pipeline stability.
- .Fine-tuned query performance and optimized database structures for faster, more accurate data retrieval and reporting.
- Migrated legacy systems to modern big-data technologies, improving performance and scalability while minimizing business disruption.
- Designed scalable and maintainable data models to support business intelligence initiatives and reporting needs.
Program Instructor/ Cloud SME
Center for Computer Science education and Outreach, UT Dallas
01.2016 - 08.2016
- Lead training sessions for Agile teams involved in business-critical applications from on-premises to Cloud
- Design and develop instructor led content, lab and D-day exercises, presentations and other materials geared towards cloud native solutions with a focus on AWS
- Migrated program content and delivery model to a 100% serverless driven architecture and design using AWS S3, API Gateway, Lambda, and DynamoDB database
- Defined requirements, set up Ansible node/master, and deployed playbooks and automation scripts to fully automate configuration management of infrastructure retained
- Efficiently managed administrative responsibilities such as updating course materials, maintaining accurate records, and tracking student progress throughout their time in the program.
- Regularly attended professional development workshops to stay current with industry trends and best practices in education, enhancing overall instruction quality.
- Utilized various assessment tools to measure program effectiveness, identifying areas requiring improvement and implementing necessary changes promptly.
Devops Engineer
John Chris Ltd
12.2013 - 06.2015
- Build CI/CD pipeline and Jenkins jobs to deploy infrastructure and application artifacts to hybrid (Cloud and On-prem) environments
- Integrate Source code and versioning tools, artifact repository management, Infrastructure as code, secrets management and configuration management tools into pipeline using a combination of plugins, scripts and APIs
- Implemented one-click deployment of immutable Load balanced and Auto-scaled infrastructure using Ansible, Jenkins, IAC, and CloudFormation
- Built and deployed Docker containers to break up monolithic web apps and support microservices, improving agility, scalability and faster updates for more efficient development and customer experience
- Continuous improvement of operation processes and procedures, focusing on engineering approach and automation tools development
- Improved code deployment efficiency by automating processes with CI/CD pipelines.
- Automated manual tasks through scripting languages such as Python or Shell, boosting team productivity levels.
- Maintained version control systems like Git or SVN for seamless collaboration among developers and engineers during project lifecycles.
Education
Master of Science - Information Systems and Management
University of Texas At Dallas
Dallas, TX05.2017
Skills
- Amazon Web Services
- Microsoft Azure
- GCP
- EC2
- Autoscaling
- ECS
- Lambda
- S3
- RDS
- Kinesis
- DynamoDB
- CloudWatch
- CloudFormation
- CloudFront
- AWS Identity and Access Management (IAM)
- Key Management Service (KMS)
- AWS Virtual Private Cloud (VPC)
- VPN
- Transit Gateway
- AWS Config
- CIS Benchmark
- Bash Scripting
- YAML
- Python
- Terraform
- Ansible
- Git
- Jenkins
- Gitlab
- GitHub
- Prometheus
- Grafana
- Datadog
- Splunk
- CloudHealth
- Jira
- Confluence
- SharePoint
- Windows
- LINUX
- Docker
- Kubernetes
- Cloud Risk Assessment
- Security Incident Response
- Data Encryption Techniques
- Container Security
- Cloud Architecture Design
- Security Information and Event Management
- Application security
- API Security
- Public Key Infrastructure
- Microservices Security
- Cloud Security Architecture
- Secure DevOps Practices
- Data Migration
- DevOps principles
- Decision-Making
- Team building
Certification
- SANS CERTIFICATE - DEFENSIBLE SECURITY ARCHITECTURE AND ENGINEERING
- GCP Associate Cloud Engineer
- AWS Certified Security Specialty
- AWS Certified Solutions Architect Associate
- AWS Certified SysOps Administrator
- Datameer Administration Certification
- Microsoft Verified Certificate for Implementing Predictive analytics in Azure HDInsight
Hiking
I enjoy hiking as a way to stay active and connect with nature. It gives me a break from daily routines, offering the chance to explore different trails and terrains. I appreciate the mental clarity it brings and the physical challenge of climbing hills or navigating rough paths. It's also a great way to relax, appreciate beautiful scenery, and enjoy some quiet time outdoors.
Timeline
Cloud Security Engineer
DTCC
08.2018 - Current
Cloud Engineer
Verizon Wireless
07.2017 - 08.2018
Data Engineer (Cloud)
MMI Inc.
08.2016 - 12.2016
Program Instructor/ Cloud SME
Center for Computer Science education and Outreach, UT Dallas
01.2016 - 08.2016
Devops Engineer
John Chris Ltd
12.2013 - 06.2015
Master of Science - Information Systems and Management
University of Texas At Dallas