KENNEY HE
Summary
A results-driven and innovative Principal Site Reliability and Cybersecurity Engineer with extensive experience architecting, securing, and scaling massive cloud infrastructures for world-leading technology companies, including TikTok and Epic Games. GIAC certified professional with a proven track record of enhancing security posture, achieving significant cost reductions through infrastructure optimization, and driving innovation, resulting in multiple USPTO patents. Expert in multi-cloud environments (AWS, GCP, Azure) , Kubernetes , Zero Trust architecture, and modern DevSecOps practices
Overview
29
29
years of professional experience
Work History
Principle Engineer / Site Reliability Engineer
TikTok/ByteDance
08.2023 - Current
- Secure one of the largest security infrastructure in cloud in the world. Continuously monitor and scale. Scale with billions of Chinese and US TikTok users in the fastest growing social media company.
- Awarded 3 ByteDance USPTO Patents (AI-ML for malware upgrades, Stealthy TLS scanner, Quantum Network Error detection algorithm) to reduce operational costs by $1M costs with each patent. Researching and filing pending innovations to drive operational cash flow money back to business.
- Secure, deploy, support, monitor and create zero trust infrastructure security infrastructure for SIEM. Security Operations Center, Vulnerability Management services and Cloud workload protection with cheaper open source solutions like Salt Stack, Argos, Grafana, ByteDance Security Gateway and Elastic Search
- Provide on-call rotation for Host Intrusion Detection System (HIDS), Security gateways, KMS, ZTI and RBAC (Kani) services
- Primary SRE for HIDS, SIEM, VM and Security Cloud workload protection platform for 24/7, 365 support
- Rewrite code to be fully security compliant with python, golang, and shell with AI-ML code
- Upgrade infrastructure (K8s) with Ansible, ELK, Prometheus and Grafana monitoring services
- Invited Guest Speaker in Security Conferences such as BSide CDMX Mexico City for SIEM
- Participated in formal internal security design reviews of proposed products and components.
Sr. Cloud Infrastructure Engineer / Cybersecurity Engineer / Devops
Epic Games
12.2020 - 01.2023
- Secure one of the largest Kubernetes cluster infrastructure in the cloud in the world. Design and create automated defense mechanism as a GIAC certified professional in Azure, GCP and AWS cloud. Detect against any attack with AI IDS vendors such as Lacework and Threatstack. Continuously monitor and scale.
- Manage and design AWS infrastructure to reduce 7 digit cloud budget down to 6 digits with private link and with IDS ML solutions. Securely revised vulnerable security vendors containers to reduce vulnerabilities.
- Secure, monitor and create zero trust production cloud environments in AWS, Google Cloud Platform, and Microsoft Azure with Okta SAML 2.0. Perform SRE best practices and AWS compliance to protect Infosec forensic team's infrastructure and documents.
- Implement CICD with codefresh to keep micro-services secured and up-to-date in production
- Secure, monitor, protect and create Infrastructure with IaaC and with Splunk Cloud monitoring. Protect 200+ cloud accounts, 100K+ cloud resources with 50K+ agents in multi-cloud environments.
- Protect games with YARA lambda scanners on multi-cloud to protect Infosec forensic on-prem infrastructures. Defend with XSOAR as a purple team member.
- Provide Devops and Infrastructure code for Epic Games Unreal team with Windows hosts for gaming for the world with
- Secure, administer and add Okta SAML support for Windows
Principal DevOps / Senior Infrastructure Engineer / Cybersecurity Professional
FortressIQ Acquired by Automation Anywhere
10.2019 - 10.2020
- Built the first AI platform that can understand a company’s workflows through simple observation, radically improving their organizational understanding. Secure, scale and build production clusters that won the number 1 fortune 500 retail company contract. Defend against cyber attackers with WAF, whitelisting, SIEM and other industry standards with no security breaches with K8S.
- Expert-level proficiency in production cloud environments like AWS, Google Cloud Platform, and Microsoft Azure. Add helm charts with latest technologies: 1.16+ K8S, CRD, Keel and helm V3.
- Perform and pass HIPAA, SoC2, PCI DSS and GDPR security audits with KPP.
- Author and design ELK stack for K8S with full ES, Terraform, Vault, Packer automation.
- Lead first devops team to auto-update, auto-patch, auto-deploy into hybrid cloud with automated DevSecOps tech. Fix/workaround issues seen in deployment via rollback or infrastructure changes.
- Ability to work in a fast paced environment using Agile methodology where fuzzy requirements / mock data are the norm. Create PoC infrastructure and helm chart for HA serverless web services.
- Interview, manage a DevOps team and build Azure data center from scratch.
Sr. Devops and Infrastructure Engineer
Snapdocs
01.2019 - 09.2019
- Design, build, lead, secure, monitor and operate high availability SAAS infrastructure. Protect with WAF, SIEM, and OWASP1 fundamentals.
- Add production EKS 1.13 for blue/green deployment.
- Create production systems like HA buildkite for Continuous Integration, HA Spinnaker for continuous deployment, HA Harbor docker registry for cross site replication and CVE scanning, Spinnaker deployment, HA Nexus in K8S.
- Monitor security and production golden signals / metrics in production with Datadog, Threatstack, Pagerduty and Signal Science on kubernetes, beanstalk, and EC2.
- Add improvement with additional high availability features like EFS provisioning, S3 on kubernetes nodes. Create helm charts for 12 factor microservices using EFS, ruby/ruby on rails web services, postgres DB server
Sr. Devops and Cloud Infrastructure Engineer
Zingbox Acquired by Palo Alto Networks
10.2017 - 01.2019
- Design, build, lead, secure and operate Azure, AWS SAAS cloud environment in IoT cloud services. Build the infrastructure to win their first $1 million PO from Texas Health. Author VPN servers, kubernetes cluster for office and AWS with Cisco Duo TFA with cloud monitoring for SoC2/ FedRamp. Defended the security
- Setup, maintain and improve production cloud infrastructure in Azure and AWS for Texas Health. Monitor Threatstack for security threats and CVE for SoC2, HIPAA and FedRamp compliance
- Setup, maintain and continuously improve the CI, CD pipeline on hybrid cloud
- Setup Kubernetes, EKS, ELK and setup docker containers while maintaining secrets and high scalability with ELB, Jenkins, private docker registry and nginx.
- Design and implement end to end solutions with MongoDB, ELK, ES, Redshift, Mysql
- Optimize performance for Docker containers and scale deployment with helm up to 1000 nodes
- Optimize CoreOS for scalable OpenVPN server in the hybrid cloud with terraform, Ansible and ELK.
- Transition and maintain Jenkins/Bamboo CI/CD framework to AWS.
Member of Technical Staff, Senior Devops Engineer
E8 Security Acquired by VMWare
05.2015 - 10.2017
- Manage, test, build, lead and drive new technology with Cloud computing, Mobile, Data Center storage, Machine learning in a startup pace. Produce and deliver first product with a small team of 10+ engineers during stealth phase with AWS infrastructure.
- Proven experience in architecting continuous integration CI/CD framework and coding test automation framework for mobile application, browsers and cloud computing from the ground up.
- Lead engineers and PHD interns to implement new automation framework to scale out with HADOOP YARN server, OLAP and OLTP with Cloudera.
- Integrate frameworks covering Java, Selenium, Appium, Scala, and Python, with graphite, jMeter, Github, REST API and JIRA. Write and implement test plans in testlink from scratch.
MTS / Senior Devops / Automation Engineer
GridIron Systems Acquired by Violin Memory
11.2010 - 05.2015
- Develop scalable software to evaluate and improve performance on patented SAN acceleration appliance in a startup environment. Work on GridIron’s SAN SSD appliance software to challenge the IO performance of traditional storage vendor, database vendors and virtualization vendors in private and public AWS cloud.
- Author management framework in python and Java to setup DotHill / EMC / VMWare / 3PAR / NETAPP and Hitachi array to validate customer datacenter environment and launch data integrity tests for SQA engineers and SE.
- Develop framework to automate performance runs with iometer on multiple IO hosts with each build. Develop Java applet framework to display results for new product comparison.
- Develop platform library framework to retrieve SAS performance counters and SMART counters into XML from onprem and private cloud appliances.
Principal Platform Engineer
Data Domain Acquired by DELL
11.2007 - 10.2010
- Developed user space platform applications to detect failures with error counters and desktop tool for license enforcement. Helped QA with test automation and SE with white papers.
- Developed online/offline diagnostic software for checking SAS, FC and hard drives failures on Data Domain system.
- Added licensing enforcement feature for EMC cluster nodes and external storage.. Automated multiple node debugging with Finisar jammer and analyzer with Perl and Frunner for SAN interoperability testing /corruption issues. Automated system testing on Linux and Windows hosts with iometer and Medusa with external trigger.
- Wrote white paper such as interoperability guide for application such has EMC Control Center to work with next generation NPIV products and to administrate large SAN on Vmware ESX server for SE. Wrote white paper on RDM and NPIV on Vmware environment.
- Continue to drive customer escalation resolutions for configuration, data integrity, MPIO and performance issues. Investigated interoperability issue with 3rd party storage vendors.
- Worked on Data Domain OUI in WWPN to reduce zoning impact when replacing defective FC HBA parts in the field.
Member of Technical Staff
Network Appliance, Sunnyvale CA
07.2005 - 11.2007
- Developed and designed a target mode Linux kernel driver in Virtual Tape Library embedded firmware to perform RAID1/ RAID4 read/write/flush tasks for deduplication and compression. Worked with development team in Bangalore Technology Center to help them with architectural implementation.
- Details upon request
Architectural and Performance Engineer
SUN Microsystems, Sunnyvale CA Acquired by Oracle
12.2003 - 07.2005
- Details upon request
UNIX, Linux and NT Kernel Driver Developer
Adaptec, Milpitas CA Acquired by PMC - Sierra
06.1996 - 11.2003
- Details upon request
Education
GYPC Cybersecurity certifications - Cybersecurity
GIAC, SANS
01.2022
GCPN Cybersecurity certifications - Cybersecurity
GIAC, SANS
01.2021
Computer Science College Degree -
UC Davis
Davis, CA01.2001
Electrical Engineering College Degree -
UC Davis
Davis, CA01.2001
Skills
- Lacework Security Practitioner certification
- Vulnerability assessment and remediation
- Programming languages: C, Java, Python
- Bash and PowerShell scripting expertise
- Other: Git, Ansible, Chef, MySQL, PSQL/MongoDB, NFS, HDFS, Hybrid Cloud: AWS, Google Cloud Platform/Azure, ByteCloud, Terraform, Lacework, Kubernetes, K3S (IoT), MicroK8S, Packer, Vault, Snowflake, ChatGPT, AIML, MCP
- OWASP, SAML 20, HIPPA, PCI DSS, SoC2
Accomplishments
1. A MECHANISM TO ACCELERATE SECURITY ANALYSIS THROUGH OS-OPTIMIZED QUERIES WITHIN OPERATING SYSTEMS
2. METHOD AND APPARATUS FOR DAILY VIGILANCE THROUGH HORIZONTAL SCALING, AI, NETWORK PARTITIONING FOR MALWARE
3. METHOD FOR VALIDATING SSL/TLS CA CERTIFICATES IN ENTERPRISE ENVIRONMENTS
Languages
Chinese (Mandarin)
Native or Bilingual
English
Native or Bilingual
Japanese
Limited Working
Timeline
Principle Engineer / Site Reliability Engineer
TikTok/ByteDance
08.2023 - Current
Sr. Cloud Infrastructure Engineer / Cybersecurity Engineer / Devops
Epic Games
12.2020 - 01.2023
Principal DevOps / Senior Infrastructure Engineer / Cybersecurity Professional
FortressIQ Acquired by Automation Anywhere
10.2019 - 10.2020
Sr. Devops and Infrastructure Engineer
Snapdocs
01.2019 - 09.2019
Sr. Devops and Cloud Infrastructure Engineer
Zingbox Acquired by Palo Alto Networks
10.2017 - 01.2019
Member of Technical Staff, Senior Devops Engineer
E8 Security Acquired by VMWare
05.2015 - 10.2017
MTS / Senior Devops / Automation Engineer
GridIron Systems Acquired by Violin Memory
11.2010 - 05.2015
Principal Platform Engineer
Data Domain Acquired by DELL
11.2007 - 10.2010
Member of Technical Staff
Network Appliance, Sunnyvale CA
07.2005 - 11.2007
Architectural and Performance Engineer
SUN Microsystems, Sunnyvale CA Acquired by Oracle
12.2003 - 07.2005
UNIX, Linux and NT Kernel Driver Developer
Adaptec, Milpitas CA Acquired by PMC - Sierra
06.1996 - 11.2003
GYPC Cybersecurity certifications - Cybersecurity
GIAC, SANS
GCPN Cybersecurity certifications - Cybersecurity
GIAC, SANS
Computer Science College Degree -
UC Davis
Electrical Engineering College Degree -
UC Davis
Similar Profiles
Natalia MulawaNatalia Mulawa
Quality Delivery Lead (EMEA), Emerging Products and Projects at TikTok/ByteDanceQuality Delivery Lead (EMEA), Emerging Products and Projects at TikTok/ByteDance
Jingru HuangJingru Huang
Program Manager, Early Careers at TikTok/ByteDanceProgram Manager, Early Careers at TikTok/ByteDance
Simon Zhou QinYangSimon Zhou QinYang
Risk Control Strategy Leader - Global E-commerce at TikTok/BytedanceRisk Control Strategy Leader - Global E-commerce at TikTok/Bytedance
Prasanna PurohitPrasanna Purohit
Principle Automation Architect & Site Reliability at CricutPrinciple Automation Architect & Site Reliability at Cricut
Heidi TimmerHeidi Timmer
DevOps Engineer / Site Reliability Engineer at Accenture Federal ServicesDevOps Engineer / Site Reliability Engineer at Accenture Federal Services